Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add the GitHub action to create a Docker image and push to Docker Registry #2386

Merged
merged 8 commits into from
Dec 17, 2024

Conversation

chaitanyarahalkar
Copy link
Contributor

@chaitanyarahalkar chaitanyarahalkar commented Dec 14, 2024

This PR addresses #2330

Add automated Docker image builds

This PR adds a GitHub Actions workflow that automatically builds and publishes DevDocs Docker images to GitHub Container Registry (GHCR). The workflow addresses the concern of outdated official Docker images by providing fresh builds on a regular schedule.

What this adds:

  • New workflow .github/workflows/docker-build.yml that:

  • Runs monthly on the 1st of each month

  • Can be manually triggered via GitHub Actions UI

  • Builds both regular and Alpine-based images

  • Publishes to GHCR with the following tags:

    • ghcr.io/[org]/devdocs:latest
    • ghcr.io/[org]/devdocs:[YYYYMMDD]
    • ghcr.io/[org]/devdocs:alpine
    • ghcr.io/[org]/devdocs:alpine-[YYYYMMDD]

    The administrators for the repo would need to do the following -

  1. Enable GitHub Container Registry:
  • Go to repository "Settings" → "Actions" → "General"
  • Under "Workflow permissions", ensure "Read and write permissions" is selected
  • Save the changes
  • Enable Package Write Permissions:
  1. Go to repository "Settings" → "Packages"
  • Ensure "Inherit access from source repository" is enabled
  • If not using inheritance, explicitly grant write access to GitHub Actions
  1. Optional but recommended - Branch Protection
  • Go to repository "Settings" → "Branches"
  • Add branch protection rule for your main branch
  • Enable "Require status checks to pass before merging"
  • This ensures the Docker build workflow succeeds before merging

I believe no other changes are needed here.

@chaitanyarahalkar chaitanyarahalkar requested a review from a team as a code owner December 14, 2024 06:01
@simon04
Copy link
Contributor

simon04 commented Dec 15, 2024

Cool, thank you for woking on this feature. Some remarks:

  • Please update the README for usage instructions ("Alternatively, DevDocs may be started as a Docker container"; maybe move the Docker instructions up since they are much simpler?)
  • Steps for standard and alpine are very much alike. Have you considered using matrix? Does it make sense here?
  • The audit tool zizmor outputs one warning (see below)

@ojeytonwilliams, I would love to hear your thoughts on this PR. 😄

> uvx zizmor .github/workflows/docker-build.yml 
warning[artipacked]: credential persistence through GitHub Actions artifacts
  --> /Users/simon/src/devdocs/.github/workflows/docker-build.yml:16:9
   |
16 |         - name: Checkout repository
   |  _________-
17 | |         uses: actions/checkout@v4
   | |_________________________________- does not set persist-credentials: false
   |
   = note: audit confidence → Low

@ojeytonwilliams
Copy link
Contributor

It looks like this is a good approach, but I noticed a couple of strange things.

"Settings" → "Packages" doesn't seem to exist. Perhaps it won't until we publish the first one, I'm not sure.

Branch protection rules don't seem relevant when we're running this via workflow dispatch or cron.

Other than that (and what Simon pointed out), I think this all makes sense.

@chaitanyarahalkar
Copy link
Contributor Author

chaitanyarahalkar commented Dec 17, 2024

@ojeytonwilliams I believe that setting change is not needed to be done. It should work out of the box..

@simon04 added the matrix option for the build image.. I believe the warning should go as well since added the option to not persist credentials. Updated the README as well.

Let me know if these changes look good to y'all!

Thanks for your comments!

@ojeytonwilliams
Copy link
Contributor

Great, thanks for confirming @chaitanyarahalkar

@simon04 I'm happy with this if you are.

Copy link
Contributor

@simon04 simon04 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great! Let's give it a try. 😄

@simon04 simon04 merged commit 82a85f1 into freeCodeCamp:main Dec 17, 2024
2 checks passed
@ojeytonwilliams
Copy link
Contributor

And there it is: https://github.com/freeCodeCamp/devdocs/pkgs/container/devdocs

Cheers!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants