ci: Add workflows to push, pull, and validate docker images #1676
Conversation
nasdf
added
the
ci/build
Codecov ReportPatch coverage has no change and project coverage change:
@@ Coverage Diff @@
## develop #1676 +/- ##
===========================================
- Coverage 75.32% 75.30% -0.02%
===========================================
Files 208 208
Lines 21698 21698
===========================================
- Hits 16343 16339 -4
- Misses 4211 4215 +4
Partials 1144 1144
Flags with carried forward coverage won't be shown. Click here to find out more. see 4 files with indirect coverage changes Continue to review full report in Codecov by Sentry.
|
|
Hey Keenan let me know when this is unblocked as I still see PR description says blocked until secrets are added (are the secrets not working?) Please link the last execution run of this actions successfull execution in the PR. Would be nice to also see the link to the registery when the build gets pushed to. |
My bad, I forgot to remove that after you added the secrets. I'll attempt a test run of it now. |
|
suggestion: You could try testing two ways:
Note: secrets will be available with tag push |
There was a problem hiding this comment.
Some thoughts on the new approach:
We want 2 things on top of the previous basic implementation which did the basic build and push:
-
We wanted to make sure our container file is always in a valid state (it is possible to be in a valid state but pushes something that is missing deps, as we had with the shared lib recently).
-
We want to test that we can pull the pushed docker image (from either one of the registry should suffice) and attempt to run the binary, to ensure there are no error like we had with the shared lib previously.
I see both 1) and 2) as separate features from each other and from what we had previously.
Problem with the current approach:
- It combines the pushing of the image and validating the container file (1) in one step, meaning we will only be able to validate the container file on every tag-push (IMO it needs to be in valid state always). Here is an idea for a separate workflow that will run every time the container file or workflow file is touched in a pr + on every push to
master/develop.
# File: defradb/.github/workflows/validate-containerfile.yml
# Copyright 2023 Democratized Data Foundation
# INSERT REST OF HEADER
name: Validate Containerfile Workflow
on:
pull_request:
branches:
- master
- develop
paths:
- '.github/workflows/validate-containerfile.yml'
- 'tools/defradb.containerfile'
push:
branches:
- master
- develop
jobs:
validate-containerfile:
name: Validate containerfile job
runs-on: ubuntu-latest
steps: # Insert the steps to validate the containerfileNote: You can also keep the current new validation step you added to additionally check before pushing as well (as it still will only build once for each platform and reuse the build while pushing).
As for (2) you can have an action spin of after this action is completed automatically if you do something like this:
# File: defradb/.github/workflows/pull-docker-image.yml
# Copyright 2023 Democratized Data Foundation
# INSERT REST OF HEADER
name: Pull Docker Image Workflow
on:
workflow_run:
# Warning: this workflow must NOT:
# - interact with any new code.
# - checkout new code.
# - build/compile anything (only pull).
# - make any indirect calls (i.e. make xyz, or npm install, etc.)
# Note this workflow:
# - will use the base's (or default) workflow file's state.
# - doesn't run on the PR or the branch coming in, it runs on the default branch.
# - has read-write repo token
# - has access to secrets
workflows: ["Push Docker Image To Registries Workflow"]
types:
- completed
jobs:
pull-docker-image:
name: Pull docker image job
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-latest
steps: #INSERT STEPS
I attempted to keep this functionality but I ran into an issue with Docker not allowing export of multi platform images. |
Lets just stick to default platform for now. We can look into adding more platforms later then. Lmk if you need any clarification on the other 2 workflows i mentioned. |
| @@ -9,11 +9,16 @@ WORKDIR /repo/ | |||
| COPY go.mod go.sum Makefile ./ | |||
| RUN make deps:modules | |||
There was a problem hiding this comment.
thought: Maybe we can get by not building lens deps here as they might be only dev dependencies. I will make a ticket and it can be taken care of outside the scope of this PR.
New Issue here:
#1707
There was a problem hiding this comment.
LGTM! This is some awesome work, appreciate you adding all the changes just shared one thought and still wondering if you are doing the one nitpick I raised before (but is non-blocking).
nitpick: #1676 (comment)
|
nitpick: Can update title to |
nasdf
changed the title
…twork#1676) ## Relevant issue(s) Resolves sourcenetwork#1674 Resolves sourcenetwork#1266 ## Description This PR adds a GitHub Action workflow that builds and publishes DefraDB container images to DockerHub & GitHub container registries. Push Docker images to registries Job: https://github.com/sourcenetwork/defradb/actions/runs/5651002188 Pull Docker image Job: https://github.com/sourcenetwork/defradb/actions/runs/5651962572 Validate containerfile job: https://github.com/sourcenetwork/defradb/actions/runs/5652056549 GitHub Container Image: https://github.com/sourcenetwork/defradb/pkgs/container/defradb DockerHub Container Image: https://hub.docker.com/repository/docker/sourcenetwork/defradb/general ## Tasks - [x] I made sure the code is well commented, particularly hard-to-understand areas. - [x] I made sure the repository-held documentation is changed accordingly. - [x] I made sure the pull request title adheres to the conventional commit style (the subset used in the project can be found in [tools/configs/chglog/config.yml](tools/configs/chglog/config.yml)). - [x] I made sure to discuss its limitations such as threats to validity, vulnerability to mistake and misuse, robustness to invalidation of assumptions, resource requirements, ... ## How has this been tested? Manual Specify the platform(s) on which this was tested: - MacOS
Relevant issue(s)
Resolves #1674
Resolves #1266
Description
This PR adds a GitHub Action workflow that builds and publishes DefraDB container images to DockerHub & GitHub container registries.
Push Docker images to registries Job:
https://github.com/sourcenetwork/defradb/actions/runs/5651002188
Pull Docker image Job:
https://github.com/sourcenetwork/defradb/actions/runs/5651962572
Validate containerfile job:
https://github.com/sourcenetwork/defradb/actions/runs/5652056549
GitHub Container Image:
https://github.com/sourcenetwork/defradb/pkgs/container/defradb
DockerHub Container Image:
https://hub.docker.com/repository/docker/sourcenetwork/defradb/general
Tasks
How has this been tested?
Manual
Specify the platform(s) on which this was tested: