fix(docker): dynamic README generation

🔄 Automate README Generation via Mustache Templating

- Use Mustache to dynamically generate `README.md` from `README.template.md`.
- Populate README with environment variables (e.g., `KENER_BUILD_FULL_VERSION`).
- Prevent direct edits to `README.md` by enforcing updates via the template.
- Enhance GitHub Actions workflow to auto-generate and commit the README.
- Add GitHub Action workflow (`protect-readme.yml`) to prevent others from direct updates to `README.md` via PR.

.github/workflows/protect-readme.yml

@@ -0,0 +1,21 @@
+name: Prevent Direct README Changes
+
+on:
+  pull_request:
+    paths:
+      - "README.md"
+
+jobs:
+  check-readme:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4.4.2
+
+      - name: Detect direct README changes
+        run: |
+          if git diff --name-only origin/main | grep -q "README.md"; then
+            echo "❌ Direct modifications to README.md are not allowed!"
+            echo "Please update README.md.template instead."
+            exit 1
+          fi

.github/workflows/publish-images.yml

@@ -122,46 +122,44 @@ jobs:
         run: |
           echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}
 
-  # FIXME: Currently with this setup, job will only update versioning listed under README Docker section the FIRST time, but then once those inline placeholders are updated, future job runs will fail. Need to revisit with a more robust approach. Commenting out (for now)
-  # update_readme:
-  #   needs: build_and_push_to_registries  # Runs only after build_and_push_to_registries completes successfully
-  #   name: Update README with release versions
-  #   runs-on: ubuntu-latest
+  generate_readme:
+    needs: build_and_push_to_registries  # Runs only after build_and_push_to_registries completes successfully
+    name: Generate README from template
+    runs-on: ubuntu-latest
 
-  #   steps:
-  #     - name: Checkout Repository
-  #       uses: actions/checkout@v4.4.2
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4.4.2
 
-  #     - name: Extract Release Versions
-  #       id: meta
-  #       uses: docker/metadata-action@v5.6.1
-  #       with:
-  #         images: rajnandan1/kener
-  #         tags: |
-  #           type=semver,pattern={{version}}
-  #           type=semver,pattern={{major}}.{{minor}}
-  #           type=semver,pattern={{major}}
+      - name: Extract Release Versions
+        id: meta
+        uses: docker/metadata-action@v5.6.1
+        with:
+          images: rajnandan1/kener
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
 
-  #     - name: Set Environment Variables
-  #       run: |
-  #         echo "KENER_SEMVER_VERSION=${{ steps.meta.outputs.version }}" >> $GITHUB_ENV
-  #         echo "KENER_MAJOR_MINOR_VERSION=${{ steps.meta.outputs.major }}.${{ steps.meta.outputs.minor }}" >> $GITHUB_ENV
-  #         echo "KENER_MAJOR_VERSION=${{ steps.meta.outputs.major }}" >> $GITHUB_ENV
+      - name: Setup Node.js
+        uses: actions/setup-node@v4.2.0
+        with:
+          node-version: "20"
 
-  #     - name: Safetly Update README.md
-  #       run: |
-  #         KENER_SEMVER_VERSION_ESCAPED=$(printf '%s\n' "${{ env.KENER_SEMVER_VERSION }}" | sed 's/[&/\]/\\&/g')
-  #         KENER_MAJOR_MINOR_VERSION_ESCAPED=$(printf '%s\n' "${{ env.KENER_MAJOR_MINOR_VERSION }}" | sed 's/[&/\]/\\&/g')
-  #         KENER_MAJOR_VERSION_ESCAPED=$(printf '%s\n' "${{ env.KENER_MAJOR_VERSION }}" | sed 's/[&/\]/\\&/g')
+      - name: Install Dependencies
+        run: npm install mustache dotenv
 
-  #         sed -i "s/KENER_SEMVER_VERSION_PLACEHOLDER/${KENER_SEMVER_VERSION_ESCAPED}/g" README.md
-  #         sed -i "s/KENER_MAJOR_MINOR_VERSION_PLACEHOLDER/${KENER_MAJOR_MINOR_VERSION_ESCAPED}/g" README.md
-  #         sed -i "s/KENER_MAJOR_VERSION_PLACEHOLDER/${KENER_MAJOR_VERSION_ESCAPED}/g" README.md
+      - name: Generate README.md
+        env:
+          KENER_BUILD_FULL_VERSION: ${{ steps.meta.outputs.tags[0] }}  # e.g., 1.2.3
+          KENER_BUILD_MAJOR_MINOR_VERSION: ${{ steps.meta.outputs.tags[1] }}  # e.g., 1.2
+          KENER_BUILD_MAJOR_VERSION: ${{ steps.meta.outputs.tags[2] }}  # e.g., 1
+        run: node scripts/generate-readme.js
 
-  #     - name: Commit and Push Changes
-  #       run: |
-  #         git config --global user.name 'github-actions'
-  #         git config --global user.email 'github-actions@github.com'
-  #         git add README.md
-  #         git commit -m "Update README with latest versions: ${{ env.KENER_SEMVER_VERSION }}" || exit 0
-  #         git push
+      - name: Commit and Push Changes
+        run: |
+          git config --global user.name 'github-actions'
+          git config --global user.email 'github-actions@github.com'
+          git add README.md
+          git commit -m "Auto-generate README.md with release versions" || echo "No changes to commit"
+          git push