Add documentation on publishing private docker images to the organization package repository

[ninad-kamat]

No description provided.

[jorgepiloto]

Thanks for opening this @ninad-kamat, sorry for the delay. I wonder if this topic must be included in the ansys-dev. Pinging here @chadqueen and @akaszynski to have some feedback on this.

[greschd]

Having gone through this process recently, let me just quickly note down a rough recount of steps:

• Obtain a PAT with write access to pyansys packages. Subsequently referred to as GHCR_PAT
• First, I uploaded a dummy image (because permissions weren't fully set up yet). From my local machine
  • echo $GHCR_PAT | docker login ghcr.io -u <username_of_pat> --password-stdin
  • docker tag <my_dummy_image> ghcr.io/pyansys/<container_name>
  • docker push ghcr.io/pyansys/<container_name>
• Next, I polished the permissions, and made the connection between the repository and package:
  • For the repository <-> package link, I had set the "org.opencontainers.image.source": "https://github.com/pyansys/<repo_name>" label on the image. I think this was the "wrong" way of doing it though (the label means the repo can be used to build the container, which wasn't true here). Maybe this can also be achieved manually in the package settings https://github.com/pyansys/pyacp-private/pkgs/container/<container_name>.
    Once the connection is made, it doesn't appear to matter if the label is removed in later pushes to the package.
  • Switched visibility from "Internal" to "Private" in https://github.com/pyansys/pyacp-private/pkgs/container/<container_name>, and inherit the permissions from the repository
• After the package is set up correctly, add the same steps as above to CI/CD, for updating the container
  • echo $GHCR_PAT | docker login ghcr.io -u <username_of_pat> --password-stdin
  • docker tag <container_image> ghcr.io/pyansys/<container_name>
  • docker push ghcr.io/pyansys/<container_name>

The permissions part is obviously specific to each project, but maybe these steps are nevertheless helpful.

[chadqueen]

@greschd thanks for the details from your recent experience. is there already a doc you used as a basis and the detail above is supplementing that doc or do we need to create a doc from scratch for this?

@jorgepiloto it does seem like publishing private docker images is an internal dev portal type of topic, not sure if we can directly move this issue to that repository since it is in a different org so I made an issue there and put a link to this issue here:

https://github.com/ansys/ansys-dev/issues/51

[greschd]

is there already a doc you used as a basis

Not that I'm aware of, I was going off https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry mostly.

[jorgepiloto]

Thanks for all the information provided on this, @greschd.

Transferring an issue to other is possible, @chadqueen. See the right-side panel:

[jorgepiloto]

Let us solve this by adding a link to the "ansys-dev" where this topic is deeply explained.