add Dockerfile and CI config

.dockerignore

@@ -0,0 +1,21 @@
+/inventory
+
+# ignore roles pulled by ansible-galaxy
+/roles/galaxy/*
+!/roles/galaxy/.gitkeep
+
+# ignores vscode file
+.vscode
+
+# ignores macos files
+.DS_Store
+
+/requirements.yml
+/setup.yml
+/group_vars/mash_servers
+
+/run/*
+!/run/.gitkeep
+
+/group_vars/*
+!/group_vars/.gitkeep

.github/workflows/workflow.yml

@@ -0,0 +1,38 @@
+name: CI (main and tags)
+on:
+  push:
+    branches: [ "main" ]
+    tags: [ "v*" ]
+permissions:
+  checks: write
+  contents: write
+  packages: write
+  pull-requests: read
+jobs:
+  build-publish:
+    name: Build and Publish
+    runs-on: ubuntu-latest
+    steps:
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Login to ghcr.io
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=raw,value=latest,enable=${{ github.ref_name == 'main' }}
+            type=semver,pattern={{raw}}
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

Dockerfile

@@ -0,0 +1,13 @@
+FROM alpine:latest
+
+ENV ANSIBLE_LOG_PATH=" "
+WORKDIR /playbook
+ENTRYPOINT ["/bin/sh"]
+
+RUN apk add --no-cache ansible ansible-core py3-passlib git openssh-client just
+
+COPY . /playbook
+
+RUN git rev-parse HEAD > /playbook/source-commit && \
+	rm -rf /playbook/.git && \
+	just roles