New docker build mechanism #2268
Conversation
|
adding @captn3m0 |
|
This is probably important btw @em92 since none of the changes since july 27th are distributed to the docker users. |
|
@em92 do you have access to the dockerhub image? I can see that rssbridge is a community organization, so whoever admins that can just add people. You can add me as well if you like to. As you've noticed, I've taking a liking to the project so I can take care of the docker topics :) |
|
Would it be possible to also add the resulting container-image to github's own registry? In addition to reducing the ability to perform auto-builds on docker-hub, they have also configured rate limits, so having the image at an alternative container repo really helps for heavy docker-users. I haven't used the github-action you are using in this commit, but using It's also fairly easy to add a scheduled run of this, so one can get security updates for the base-layers over time. |
|
Yes, I actually removed the ghcr portion of the original because rss-bridge doesnt have one. But it would be very easy. @em92 do you want an additional github container registry image? Setup would be minimal |
|
Hi, @Bockiii!
No, I don't.
Personally I am ok to add you to that organization. Admin of that organization is @captn3m0, AFAIK.
That would be good. Hello, @captn3m0! Could you add https://hub.docker.com/u/em92 and https://hub.docker.com/u/bocki to that rssbridge organization in docker hub? |
|
Okay, I will add the ghcr image to the code. I also think I can shrink it down to 1 file since I forgot that github actions allows if statements :D |
|
Got it into one file. I was able to do the testing for dockerhub, I can't test it with github because this is an organization and not a single user. I have confirmed with the master of github actions (the actual guy who wrote the github signin action) that it should work this way. No additional things required for the github action on your part (the secret is auto generated during the workflow runtime, you dont need to create it). |
|
Just seeing this. Will add soon. |
|
@em92 Docker Hub has gotten even more restrictive:
I've removed @logmanoriginal @teromene for now, and added @em92 and @Bockiii instead. Feel free to remove me from the org, and add them back if needed. |
|
Thanks! Wow.. they are really trying to get rid of non-paying customers it feels like. ghcr is more and more becoming the norm. So it's a good step to also generate a github image :) So @em92 , follow the steps in here to generate a PAT and use that in the DOCKER_PASSWORD secret as described before. Then it should just work after merging. |
|
@em92 the docker container is not getting updated until you merge this. :) |
|
Hey, @Bockiii!
|
|
@em92 I've never used the environment secrets, I've only used the repository secrets. I will check how to use the secrets from a specific environment. Right now it's setup to use a repository secret
|
|
@em92 those are encrypted as well btw, so you can just use those instead of the environment secrets. So no one of the other rssbridge team members can just "see" then. You can only "update" them and overwrite them. If you just add those to the repo secrets, the job should work. |
|
I checked, you dont need to set it up in the environment. just add it as repository secret. Thanks |
|
Thank you, @Bockiii ! Looks like autopush is working fine. |
|
Perfect, seems to work. Also the github repo has an image now: https://github.com/RSS-Bridge/rss-bridge/pkgs/container/rss-bridge |
* New docker build mechanism
Hi,
a user found an issue that I should have actually noted a while ago: The dockerhub autobuild functionality changed! It's only usable now if you are a paying customer.
Source: https://www.docker.com/blog/changes-to-docker-hub-autobuilds/
So there was no auto-build-on-commit since end of July for the docker image tag "latest".
I reworked how the build process works, using github actions and the github docker image build process.
This is heavily forked from one of the LSIO guys, TheSPAD. I basically copied his approach from this repo:
https://github.com/TheSpad/docker-monit
The two distinct actions react to either a commit to the master branch or a release.
Master branch commit: Update the "latest" image.
Release tag: Update the "stable" image tag and create a new tag with the specific release tag.
It produces the same result that the docker hub image uses currently ("latest", "stable", "2021-09-20")
TODO!
In order for this to work, you need to add two secrets to the repo. "DOCKER_USERNAME" and "DOCKER_PASSWORD"
"DOCKER_USERNAME" should be the username of an account with access to the dockerhub image
"DOCKER_PASSWORD" should be an access token from that user. See this link on how to create one.
After adding those secrets, it should run after merging. I don't know if it's possible to test the process on the main repo, but you can see what happened in my fork's actions (the latest 2 are for release and latest).
Sidenote: The dockerhub build took close to 40 minutes IIRC. The github build takes 3.5 minutes...