-
-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Infra: Add actions to publish to ECR & Docker Hub #347
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi giom-l! 👋
Welcome, and thank you for opening your first PR in the repo!
Please wait for triaging by our maintainers.
Please take a look at our contributing guide.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi, could you make this a separate job (within the same workflow) please? So we don't have to rebuild (or re-push) everything if one of the things fail.
Ideally:
- build
- ghcr push
- dockerhub push
- aws ecr push
You'd need to transfer artifacts between the jobs, feel free to use .github/workflows/e2e-*.yml workflows as reference.
Hi, So here are 2 versions that work the same, let me know which one your prefer. With docker save / docker load mechanism : With containerd all along (using All produced images can be found in all 3 repositories :
For ECR, my workflow uses OIDC provider .
|
@giom-l thank you for the analysis. I'd prefer using docker save/load mechanism to have the same approach between different workflows (for example, e2e-run.yml, already uses this approach). Can you update the PR branch with this approach so we can proceed with the review? Thank you |
Sorry for the delay ! For the ECR publish, it's still "WIP" as I would need some informations about how you want to authenticate and where (ecr public ?) |
Thank you.
I guess, we could auth the same way we do here (unless you have a better suggestion?)
Yes, as we (accidentally) had one before (source). Can I also ask you to refactor the workflows to use reusable workflows to reduce the copypaste in these workflows? I can take a look myself later as an alternative. |
Sure. I thought about one generic reusable action that will take parameters (like registry, credentials) but since ECR login is not the same as the other, I'm not sure it's doable. Let me know what you think |
4d38eb9
to
f3f57d8
Compare
Hello I gave this some time yesterday and made it work as follows (PR udpated) :
About extracting common parts for the three publish jobs : However, I also experienced another solution that can be found in this branch : Let me know what you think and I'll finalize the PR with the solution that is preferred on your side. |
48df758
to
b02611a
Compare
Hey, sorry for the delay. One more thing, can we get separate workflows like |
Hello, Sure, I'll give some tests to your proposals and fix them if everything's good. About
I totally agree. It uses matrix strategy to produce as much jobs as we want, but it remains in 1 workflow only (way more readable). Let me know if it better fits what you expect and I'll port it to the PR branch :) . |
Oh, thanks for correcting me! I've seen matrix workflows in action but haven't used them personally before so I thought the part we need was missing :) Besides the minor comments I've left (and other possible things to clean up you manage to find) I'd need to get our credentials for ECR and we can merge. Thank you very much for the high-quality PR and continuous cooperation, and I am sorry for the delays on my part :) |
* ♻️ Split actions into composable ones
6106bd6
to
f2a6504
Compare
Hello, I just updated the PR to use matrix workflows and removed old workflows that contained some hardcoded strings. It should work with no issue as soon as :
This is a personal preference to use role over static credentials.
|
fb8c8bf
to
aa6a8e9
Compare
@giom-l thanks for your first (and a high quality one!) contribution to kafbat UI! I'll be taking a look at how this behaves now. |
@giom-l any clues on what's the unknown/unknown image arch we've got? |
It reminds me of something about provenance but can't remember exactly what ATM. I'm pretty sure I tried multiple stuffs to get rid of that unsuccessfully. I just found this discussion that seem related : But there does not seem to be proper answer (get rid of provenance, pinning version that seem to not work anymore...) |
What changes did you make? (Give an overview)
Add login to dockerhub and push image to it in main workflow
Fixes #237
Fixes #242
Is there anything you'd like reviewers to focus on?
Secrets names may need to be changed based on what is currently available (no visibility on it)
How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)
Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)
Check out Contributing and Code of Conduct