Publish Docker Image To GitHub Container Registry (ghcr.io) #5118
Conversation
|
Chiming to share some thoughts. As I don't think there is an official posit account on dockerhub and everything is still at https://hub.docker.com/u/rstudio. Also I don't know the plan but it also has been taken already by a posit docker user One option we could consider is also to store the containers with the It would live at https://github.com/orgs/quarto-dev/packages and I think available at docker pull ghcr.io/quarto-dev/quarto(doc about container registry feature) Could be a good option IMO to keep everything in here. |
|
I'm more than happy to make the change to point to GitHub package registry. Let me try and test the changes locally and I'll update this PR. Great suggestion by the way ! The GitHub Package Registry has come a long way 😀 |
|
@jjallaire yes sure ! We'll make that happen. @hamelsmu I believe we can use the I need to go over the docs at https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions to check that we are correctly setup. Once you've tested things locally, I can probably take over to integrate in our workflows and repo. |
|
@cderv Yes I figured it out! I updated this PR. The trick is to modify the token's permissions with this setting I've tested this Action on my username so hopefully it works the first time! |
hamelsmu
changed the title
There was a problem hiding this comment.
General comment in addition to in file comments. This is some thoughts about integration on your work in the overall project.
I have one concerns: I just want to prevent the publish step to fail because of docker build failure for some reason, or publishing to registry error.
Now that I can see how this works thanks to your work. I see several solutions
- we could add for now
continue-on-erroron the docker step. - do another job for this using
needsto depend on the linux one. The workflow would fail but only because of this jobs. The release would still be created. - Last options I see is to have this as another workflow to be triggered after the create-release one has been done. This other workflow would get the file required from the release, and then published to the registry.
This is some thoughts also for later as I'll do a pass on all actions for 1.4 so I can improve at this point.
I can take over and do some modification before merging if you want.
|
@cderv I went with this suggestion (which I think is very reasonable)
|
|
Some questions.
|
I've found that data science-y type of things have the best compatibility with Ubuntu. Feel free to change it if you like!
We could certainly do this. I was trying to scope it to be simple initially but we could expand it to build on all platforms that you build packages for. |
|
@eitsupi this is a first proposal based on a contribution. We'll make adaptation over time. We need to see how to position also regarding community project like #5129 @hamelsmu did you see that already ? They are already in an advance stage at https://github.com/jdutant/quarto-dockerfiles and published at https://hub.docker.com/r/jdutant/quarto-minimal They are also on Ubuntu and for both architectures |
|
@cderv Let me know if I should change anything about this PR (wasn't sure so wanted to check) |
|
@hamelsmu I am currently testing this in my fork to check everything works as expected. A few adjustment to make. I'll comment in a review and do the change probably. Thanks ! |
setting permissions with YAML on workflow will unset any set by default.
This is necessary as we use in if clause. Documented in workflow_dispatch parameters at https://docs.github.com/en/enterprise-cloud@latest/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_dispatchinputs
There was a problem hiding this comment.
I think this is all good now. Everything is working fine and container are published in github Package as expected. Release are still created as we expect.
I'll share with the team internally in our meeting, and then I'll merge when possible (just taking precaution as we are finalizing the 1.3 release, and things are frozen more than usual because of that).
Thanks a lot @hamelsmu !
|
Excellent! Sorry again for the bumpy PR. I've always struggled with testing GHA on a fork and thought I could get away with a small subset of the flow. Next time I'll keep this in mind and recreate the entire flow end to end. 🙇🏽 |
|
Really no worry. For such change that impact a workflow as our create release workflow, we would want to test it correctly on our own anyway. It is really hard to test infrastructure changes from PR anyway. I am getting used to that now, but it requires working from a fork by activating actions and all, and also doing some change to make sure that the action running won't have some effect of the main repo. I had bad surprised in the past about that because as a user member of the main repo I also have access and can do stuff. If you do that from your fork, there would be less issue because you can push, create release or else on the main repo. Anyway, really no worry. It was really interesting for me and gave me idea for evolution (with new image less minimal for example). Merging now ! Thanks ! |
|
@hamelsmu first one is available here: https://github.com/quarto-dev/quarto-cli/pkgs/container/quarto it should be visible publicly now. We'll monitor the next runs to see if this is working as expected |
Adding automation that I discussed with @jjallaire
To make this work, we will have to:
positaccount on DockerHub, and create an empty repo namedquartosecrets.DOCKER_TOKENin this repo's secretsI don't know if this is what you want, but I figured a PR would help out to move it closer to the finish line!