Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove publishing to Docker tag latest #3182

Closed
zhyatt opened this issue Apr 13, 2021 · 5 comments · Fixed by #3183
Closed

Remove publishing to Docker tag latest #3182

zhyatt opened this issue Apr 13, 2021 · 5 comments · Fixed by #3183
Assignees
@argakiig
Labels
docker updates and changes to the docker build image documentation This item indicates the need for or supplies updated or expanded documentation routine This item indicates the need for or supplies a routine change
Milestone
V22.0

Comments

@zhyatt
Copy link
Collaborator

zhyatt commented Apr 13, 2021
edited
Loading

To follow general best practices for Docker tagging, the latest tag for production images should no longer update when a new version is published: https://hub.docker.com/r/nanocurrency/nano/tags. This latest tag will be deleted from the Docker hub in the near future. However, the latest tag will be left available for the beta network tags to facilitate more passive contributions: https://hub.docker.com/r/nanocurrency/nano-beta/tags.
@zhyatt zhyatt added documentation This item indicates the need for or supplies updated or expanded documentation routine This item indicates the need for or supplies a routine change docker updates and changes to the docker build image labels Apr 13, 2021
@zhyatt zhyatt added this to the V22.0 milestone Apr 13, 2021
@zhyatt zhyatt mentioned this issue Apr 13, 2021
Closed
argakiig added a commit that referenced this issue Apr 13, 2021
@argakiig
stop deploying live on latest
81114e8 
closes #3182 
This change would stop deploying docker tag latest on live, instead requiring a version tag, which is already deployed to dockerhub
@argakiig argakiig mentioned this issue Apr 13, 2021
Merged
@My1
Copy link

My1 commented Apr 25, 2021
edited
Loading

To follow general best practices for Docker tagging, the latest tag for production images should no longer update when a new version is published

not sure if I understand properly, what's the point of having a "latest" version if it doesnt get the latest version all the time?

@zhyatt
Copy link
Collaborator Author

zhyatt commented Apr 26, 2021

To follow general best practices for Docker tagging, the latest tag for production images should no longer update when a new version is published

not sure if I understand properly, what's the point of having a "latest" version if it doesnt get the latest version all the time?

There is no point in having the tag available if it isn't updated, so perhaps it should be made more clear that the tag will be deleted from the Docker hub at some point to avoid confusion around its usefulness (for production at least, will remain on the beta side). Updated comment to reflect this.

@My1
Copy link

My1 commented Apr 26, 2021

There is no point in having the tag available if it isn't updated

and why not update it like normal?

@zhyatt
Copy link
Collaborator Author

zhyatt commented Apr 26, 2021

There is no point in having the tag available if it isn't updated

and why not update it like normal?

Having a latest tag for production releases makes it too easy to have unattended upgrades happen on the network. These unattended upgrades have some drawbacks, so avoiding these types of dynamic tags the following scenarios are improved:

  • Help avoid a network attack vector where someone attempts to gain access to the Docker publishing to maliciously manipulate the node code and automatically impact nodes on these types of upgrades
  • Avoids a portion of the network going down simultaneously if an upgrade requires down time (database upgrade, etc.)
  • Helps promote more active involvement by node operators - if they commit to running a node on the network they should also be committing to following updates, testing their integrations and upgrading accordingly

@My1
Copy link

My1 commented Apr 26, 2021

okay I see makes sense.

clemahieu pushed a commit that referenced this issue Apr 27, 2021
@argakiig
stop deploying live on latest (#3183)
c1ecd96 
closes #3182 
This change would stop deploying docker tag latest on live, instead requiring a version tag, which is already deployed to dockerhub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@argakiig argakiig

Labels
docker updates and changes to the docker build image documentation This item indicates the need for or supplies updated or expanded documentation routine This item indicates the need for or supplies a routine change
Projects
None yet
Milestone
V22.0
Development

Successfully merging a pull request may close this issue.

stop deploying live on latest nanocurrency/nano-node
3 participants
@zhyatt @argakiig @My1