Add manually triggered action for pushing docker image by SHA

[AetherUnbound]

Fixes

Fixes #597 by @AetherUnbound

Description

This PR adds the ability to tag a Docker image artifact by SHA only and push it to our container registry. The workflow is manually triggered and requires an input on which image to push (only one option is allowed because we are almost never making changes to both the API and ingestion server images).

The example use case for this: We've made a change to one of the services, and want to deploy it on staging. Our deployment process requires (or will soon require) a tagged Docker image to deploy. Running this workflow will tag and push an image by SHA only, so latest is unaffected. We can then deploy by pointing to said commit.

Testing Instructions

I'm going to test this in this PR!

Checklist

• My pull request has a descriptive title (not a vague title like Update index.md).
• My pull request targets the default branch of the repository (main) or a parent feature branch.
• My commit messages follow best practices.
• My code follows the established code style of the repository.
• I added or updated tests for the changes I made (if applicable).
• I added or updated documentation (if applicable).
• I tried running the project locally and verified that there are no visible errors.

Developer Certificate of Origin

Developer Certificate of Origin

Developer Certificate of Origin
Version 1.1

Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
1 Letterman Drive
Suite D4700
San Francisco, CA, 94129

Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.


Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

[AetherUnbound]

This is ready for review! I ran an API job for commit: 4d4a466585d9a55441f708fab540ecb92ae5523f (4d4a466) using gh workflow run push_docker_image.yml --ref feature/docker-image-when-needed#597 -f image=api.

Here is the run: https://github.com/WordPress/openverse-api/runs/5891296828?check_suite_focus=true
Here is the GHCR image tagged with the commit: https://github.com/wordpress/openverse-api/pkgs/container/openverse-api/18665267?tag=4d4a466585d9a55441f708fab540ecb92ae5523f (note that latest is on this tag, but only because we also recently deployed v2.4.2 😅).

[sarayourfriend]

LGTM!

[sarayourfriend]

I guess the only thing to note here is Github's artifact retention policy, which defaults to 90 days. So this action could fail if run on a SHA that hasn't been built for the last 90 days.

That seems unlikely, but just in case, something to note!

[AetherUnbound]

That's a great point! I hope we're not trying to run this on a 90-day old SHA down the line 😅

[obulat]

Thank you for detailed explanation in this PR! It would be nice to have it somewhere in the documentation, if it's not already (along with the comment about 90 days that Sara mentioned)

[AetherUnbound]

I'll add some documentation for this, then merge it 🙂

[AetherUnbound]

I added documentation and made some minor adjustments to other pages. I'd like to add screenshots but until this gets merged into main, the actions described won't be available. We can do that in a follow up PR. I'll merge this once everything's done building!