-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: Use GitHub Actions to build Docker Images to allow publishing Windows Images #3291
Conversation
Let me get this right, would this save us building this locally? Just tag and push tag? |
Yes, correct. |
What do you think? Would also help to make the builds more reproducable. |
We still need to build binaries. Any thoughts on how that might be possible? Maybe another PR? |
This would be possible with the following steps:
Afterwards you could add your release description manually or you also automate that. Could look into that in another PR, but this PR would already help a lot with getting "official" Windows Images for argoexec :) |
any updates on this PR? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm cautious on this one for security reasons.
We currently use the hub.docker.io to build images. This would replace that, but I don't really want to enter my username and password. How can we avoid this please?
For pushing new images we would always need to store credentials. Those are stored securely by GitHub (symmetric encryption, see here). This is done this way by a lot of other projects on GitHub so there shouldn't be a problem. And you don't use your normal Docker Hub password, you would instead create a new Access Token on Docker Hub and use this for authentication. This token can be revoked at anytime if needed. |
I have now set-up the secrets for this. |
Lets see if this works. |
https://github.com/argoproj/argo/actions/runs/163542666 But where are the images? |
hmm, push seems to be successful. What did you specify as Docker username? |
my username: |
can you try them out to see if they work? |
I tested the images, they work fine. Sorry, I overlooked that organizations on Docker Hub work a bit different, and we need to use a different repository than the Docker Hub username you log-in with. I created another PR to fix this: #3442. |
As mentioned in #2747 Docker Hub Automated Build Hooks don't allow to build Windows images. As v2.9.0 comes with Windows support for argoexec and as you migrated CI to GitHub Actions also, it would make sense to use GitHub Actions also for building the Docker images.
I added a workflow file which builds and pushes the images for Linux (workflow-controller, argoexec, argocli) and Windows (argoexec only) whenever a new tag
v*
is pushed. I used the existing Docker Hub Hooks (https://github.com/argoproj/argo/blob/master/hooks/build) as a base for the scripts. The jobs building and pushing the images are appending-linux
or-windows
to the tag, a third job is creating a Manifest and pushes it to allow for multiarch. Example:v2.9.0
is pushedbuild-linux
is building and pushingargoproj/workflow-controller:v2.9.0-linux
,argoproj/argoexec:v2.9.0-linux
argoproj/argocli:v2.9.0-linux
build-windows
is building and pushingargoproj/argoexec:v2.9.0-windows
push-images
is creating and pushing the following image manifest:argoproj/workflow-controller:v2.9.0
referencingargoproj/workflow-controller:v2.9.0-linux
argoproj/argoexec:v2.9.0
referencingargoproj/argoexec:v2.9.0-linux
andargoproj/argoexec:v2.9.0-windows
(multiarch)argoproj/argocli:v2.9.0
referencingargoproj/argocli:v2.9.0-linux
You can find an example run for a tag
vtest17
here: https://github.com/lippertmarkus/argo/runs/804344322Resulting image, e.g. for argoexec: https://hub.docker.com/repository/docker/lippertmarkus/argoexec/tags
You only need to add the following two secrets like described in the GitHub Actions Help before merging:
DOCKERIO_USERNAME
=argoproj
DOCKERIO_PASSWORD
=<a-docker-hub-pat-token>
Checklist:
"fix(controller): Updates such and such. Fixes #1234"
.