ci: rework actions configuration and pre-commit hooks

.github/workflows/docker.yaml

@@ -0,0 +1,58 @@
+# This workflow builds a multi-arch Docker image using GitHub Actions and separated Github Runners
+# with native support for ARM64 and AMD64 architectures, without using QEMU emulation.
+name: Docker Build
+run-name: Docker Build${{ github.event_name != 'pull_request' && ' and Publish' || '' }}
+
+permissions: {}
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "v*"
+  pull_request:
+
+env:
+  # The name of the Docker image to be built and pushed to GHCR
+  GHCR_IMAGE: ghcr.io/${{ github.repository }}
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  test:
+    if: github.event_name != 'pull_request'
+    uses: ./.github/workflows/test.yaml
+    permissions:
+      contents: read
+
+  build:
+    needs: test
+    if: always() && (needs.test.result == 'success' || needs.test.result == 'skipped')
+    uses: docker/github-builder/.github/workflows/build.yml@7d2a02426d4b989616ba5aaee4e879afd4134b0d # v1.6.0
+    permissions:
+      contents: read # to fetch the repository content
+      id-token: write # for signing attestation(s) with GitHub OIDC Token
+      packages: write # to push the built image to GitHub Container Registry
+    with:
+      output: image
+      push: ${{ github.event_name != 'pull_request' }}
+      platforms: linux/amd64,linux/arm64
+      build-args: |
+        VERSION={{ meta.version }}
+      cache: true
+      cache-scope: pyomnilogic-local-docker-cache
+      meta-images: ghcr.io/cryptk/python-omnilogic-local
+      meta-tags: |
+        type=ref,event=branch
+        type=ref,event=pr
+        type=semver,pattern={{version}}
+    secrets:
+      registry-auths: |
+        - registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pr-checks.yaml

@@ -0,0 +1,34 @@
+name: PR Checks
+
+permissions: {}
+
+# yamllint disable-line rule:truthy
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  # Make sure commit messages follow the conventional commits convention:
+  # https://www.conventionalcommits.org
+  commitlint:
+    name: Lint Commit Messages
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
+
+  test:
+    uses: ./.github/workflows/test.yaml
+    permissions:
+      contents: read