Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support any container registry #4

Open
mkumatag opened this issue Oct 27, 2021 · 11 comments
Open

Support any container registry #4

mkumatag opened this issue Oct 27, 2021 · 11 comments
Labels
enhancement New feature or request

Comments

@mkumatag
Copy link

Rightnow code is more tied with docker hub but there are other registries like quay, gcr, wondering if we can enhance the code to support all the remaining registries.
@lucacome
Copy link
Owner

Thanks for the suggestion @mkumatag ! I'll take a look later to see what needs to be done to support this.

@lucacome lucacome added the enhancement New feature or request label Oct 28, 2021
@twiddler
Copy link

twiddler commented Feb 7, 2022

I'm interested in using this action with private images on ghcr. Subscribed! 🥳

@mkumatag
Copy link
Author

mkumatag commented Feb 8, 2022

@twiddler I have just tried implementing the missing feature here - https://github.com/mkumatag/container-image-updater-action, can see if that works for you?

@twiddler
Copy link

twiddler commented Feb 8, 2022
edited

@mkumatag Well that was fast. 😮 I checked your project but I didn't see how to provide the registry where to look up the file. My images are in a private ghcr repository, not at Docker Hub.

Thinking about it, I saw you use https://github.com/estesp/manifest-tool. (Or at least that's what I got from the code, although I honestly haven't written any Go yet.) They say

Note: For pushing to an authenticated registry like DockerHub, you will need a config generated via docker login

which reminded me there is https://github.com/docker/login-action that probably quite a few people already use. I honestly do not know how, but I think it'd be elegant to leverage that action. I'd assume that in most scenarios the base image to compare to is public anyway, or at least the base image and the one that builds on it are in the same private container registry. That would allow to write something along the lines of

- uses: docker/login-action@v1
  with:
      registry: ghcr.io
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}

- uses: someone/docker-image-update-checker@v1
  with:
      base-image: library/alpine:latest
      my-image: ghcr.io/me/my-private-image

What do you think? 🤔

@mkumatag
Copy link
Author

mkumatag commented Feb 8, 2022

@mkumatag Well that was fast. 😮 I checked your project but I didn't see how to provide the registry where to look up the file. My images are in a private ghcr repository, not at Docker Hub.

Thinking about it, I saw you use https://github.com/estesp/manifest-tool. (Or at least that's what I got from the code, although I honestly haven't written any Go yet.) They say

Note: For pushing to an authenticated registry like DockerHub, you will need a config generated via docker login

which reminded me there is https://github.com/docker/login-action that probably quite a few people already use. I honestly do not know how, but I think it'd be elegant to leverage that action. I'd assume that in most scenarios the base image to compare to is public anyway, or at least the base image and the one that builds on it are in the same private container registry. That would allow to write something along the lines of

- uses: docker/login-action@v1
  with:
      registry: ghcr.io
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}

- uses: someone/docker-image-update-checker@v1
  with:
      base-image: library/alpine:latest
      my-image: ghcr.io/me/my-private-image

What do you think? 🤔

can we discuss the in the same repo for others benefit?

@twiddler
Copy link

twiddler commented Feb 8, 2022

I saw your custom action is a docker image. Holy moly, I didn't know that was possible! 😮 That lets us use skopeo which has a really simple API for inspecting images, see https://github.com/containers/skopeo. I think it makes a lot of sense to re-use that project. Actually I couldn't help but to get started with it. If you like to, check my progress at https://github.com/twiddler/is-my-docker-parent-image-out-of-date. 🥳 No login so far though, but I think that should be easy with skopeo.

@mkumatag
Copy link
Author

mkumatag commented Feb 8, 2022

I saw your custom action is a docker image. Holy moly, I didn't know that was possible! 😮 That lets us use skopeo which has a really simple API for inspecting images, see https://github.com/containers/skopeo. I think it makes a lot of sense to re-use that project. Actually I couldn't help but to get started with it. If you like to, check my progress at https://github.com/twiddler/is-my-docker-parent-image-out-of-date. 🥳 No login so far though, but I think that should be easy with skopeo.

of course you can use, but didn't wanted to invest lot of time on this and just wanted something real quick so I used what I used before :)

and wrt to auth, yon use something like below and works:

- uses: docker/login-action@v1
  with:
      registry: ghcr.io
      username: ${{ github.actor }}
      password: ${{ secrets.GITHUB_TOKEN }}

- uses: mkumatag/container-image-updater-action@v1.0.5
  with:
    base-image: 'library/alpine:latest'
    image: 'ghcr.io/me/my-private-image'
    image-reg-username: ${{ github.actor }}
    image-reg-password: ${{ secrets.GITHUB_TOKEN }}

@giggio
Copy link

giggio commented Feb 16, 2022
edited

I have forked this repo to try and solve this issue (and some others like multi arch and support Windows). I am testing it right now. I am testing it with mcr.microsoft.com and Windows Containers. It is at https://github.com/giggio/docker-image-update-checker

@lucacome Your code was a good start, I could send you a PR so we keep only yours at the marketplace, but I'm not sure if you agree with the design decisions I made, it is fine if you want to keep them separate. Thanks for the project, it was able to solve the issue I was having and it is good Github Action.

Here is a test run on a real container I maintain: https://github.com/Lambda3/notifypasswordexpiration/actions/runs/1851393079

@twiddler
Copy link

twiddler commented Feb 16, 2022
edited

@giggio You might want to check out twiddler/is-my-docker-parent-image-out-of-date-private which supports all container registries that container/skopeo supports. I do not know what kind of problems you encounter with other OSs though, so I do not know whether my action solves that problem.

I'm still waiting for the maintainers of docker/login-action to reuse their action for authorization with private container registries. See docker/login-action#147 (comment) to know the status.

@giggio
Copy link

giggio commented Feb 16, 2022

Using skopeo was good idea as it simplifies the whole thing!
But now it is a docker action, not a composite action, so it does not run on Windows anymore. Not super complex to solve, but I was trying to make it cross platform.

@twiddler
Copy link

Ah, I didn't know that. Best of luck. 🤞

@bherr2 bherr2 mentioned this issue May 25, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@giggio @lucacome @mkumatag @twiddler