Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make DOCKER_USERNAME and _PASSWORD optional #73

Merged
merged 3 commits into from
Jul 10, 2021
Merged

Make DOCKER_USERNAME and _PASSWORD optional #73

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6d3ca73
Make DOCKER_USERNAME and _PASSWORD optional
consideRatio Jul 7, 2021
442f8cb
Apply suggestions from code review
consideRatio Jul 8, 2021
53a19fb
Minor substitution edit
yuvipanda Jul 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,5 @@ jobs:
uses: ./
with:
NO_PUSH: true
DOCKER_USERNAME: ${{ github.actor }}
MYBINDERORG_TAG: ${{ github.sha }}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

action.yml declared DOCKER_USERNAME as required, and this test didn't explicitly set DOCKER_USERNAME but instead relied on a script to populate the INPUT_DOCKER_USERNAME variable with the github actor.

I think it is cleaner to do it like this though. I was clueless about the scripts logic as it seemed like something that shouldn't be able to happen until I saw the GitHub workflow CI failure.

46 changes: 33 additions & 13 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,27 +48,22 @@ Images generated by this action are automatically tagged with both `latest` and

See the [examples](#examples) section is very helpful for understanding the inputs and outputs of this Action.

## Mandatory Inputs

**Exception: if the input parameter `NO_PUSH` is set to any value, these values become optional.**

- `DOCKER_USERNAME`:
description: Docker registry username
- `DOCKER_PASSWORD`:
description: Docker registry password or [access token](https://docs.docker.com/docker-hub/access-tokens/). **If using DockerHub, we recommend using an access token instead of your password.**

## Optional Inputs

- **`DOCKER_USERNAME`**:
description: Docker registry username. If not supplied, credentials must be setup ahead of time.
- **`DOCKER_PASSWORD`**:
description: Docker registry password or [access token (recommended)](https://docs.docker.com/docker-hub/access-tokens/). If not supplied, credentials must be setup ahead of time.
- **`DOCKER_REGISTRY`**:
description: name of the docker registry. If not supplied, this defaults to [DockerHub](https://hub.docker.com/)
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
- **`IMAGE_NAME`**:
name of the image. Example - myusername/myContainer. If not supplied, this defaults to `<DOCKER_USERNAME/GITHUB_REPOSITORY_NAME>`.
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I moved DOCKER_USERNAME and PASSWORD from the mandatory section to the optional section. The other inputs were relocated to have the same order as in the action.yml file.

yuvipanda marked this conversation as resolved.
Show resolved Hide resolved
- **`NOTEBOOK_USER`**:
description: username of the primary user in the image. If this is not specified, this is set to `joyvan`. **NOTE**: This value is also overriden with `jovyan` if the parameters `BINDER_CACHE` or `MYBINDERORG_TAG` are provided.
- **`REPO_DIR`**:
Path inside the image where contents of the repositories are copied to, and where all the build operations (such as postBuild) happen. Defaults to `/home/<NOTEBOOK_USER>` if not set.
- **`APPENDIX_FILE`**:
Path to file containing Dockerfile commands to run at the end of the build. Can be used to customize the resulting image after all standard build steps finish.
- **`IMAGE_NAME`**:
name of the image. Example - myusername/myContainer. If not supplied, this defaults to `<DOCKER_USERNAME/GITHUB_REPOSITORY_NAME>`.
- **`DOCKER_REGISTRY`**:
description: name of the docker registry. If not supplied, this defaults to [DockerHub](https://hub.docker.com/)
- **`LATEST_TAG_OFF`**:
Setting this variable to any value will prevent your image from being tagged with `latest`. Note that your image is always tagged with the [GitHub commit SHA](https://help.github.com/en/github/getting-started-with-github/github-glossary#commit).
- **`ADDITIONAL_TAG`**:
Expand Down Expand Up @@ -263,6 +258,8 @@ to any particular cloud vendor.

## Push Image To A Registry Other Than DockerHub

If the docker registry accepts a credentials to be passed as a username and password string, you can do it like this.

```yaml
name: Build Notebook Container
on: [push]
Expand All @@ -282,6 +279,29 @@ jobs:
DOCKER_REGISTRY: "gcr.io"
```

If the docker registry doesn't credentials to be passed as a username and password strong, or if you want to do it in another way, you can configure credentials to the docker registry ahead of time instead. Below is an incomplete example doing that.

```yaml
name: Build Notebook Container
on: [push]
jobs:
build:
runs-on: ubuntu-latest
steps:

- name: checkout files in repo
uses: actions/checkout@main

# TODO: add a step here to setup credentials to push to your
# docker registry before running the repo2docker-action

- name: update jupyter dependencies with repo2docker
uses: jupyterhub/repo2docker-action@master
with:
DOCKER_REGISTRY: your-registry
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
IMAGE_NAME: your-image-name
```

## Change Image Name

When you do not provide an image name your image name defaults to `DOCKER_USERNAME/GITHUB_REPOSITORY_NAME`. For example if the user [`hamelsmu`](http://www.github.com/hamelsmu) tried to run this Action from this repo, it would be named `hamelsmu/repo2docker-action`. However, sometimes you may want a different image name, you can accomplish by providing the `IMAGE_NAME` parameter as illustrated below:
Expand Down
8 changes: 4 additions & 4 deletions action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@ name: 'repo2docker Action'
description: 'Creates a docker image of your repository to view the collection of notebooks'
inputs:
DOCKER_USERNAME:
description: Docker registry username
require: true
description: Docker registry username. If not supplied, credentials must be setup ahead of time.
require: false
DOCKER_PASSWORD:
description: Docker registry password
required: true
description: Docker registry password. If not supplied, credentials must be setup ahead of time.
required: false
DOCKER_REGISTRY:
description: name of the docker registry. If not supplied, this defaults to registry.hub.docker.com.
consideRatio marked this conversation as resolved.
Show resolved Hide resolved
require: false
Expand Down
18 changes: 7 additions & 11 deletions create_docker_image.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,22 +18,20 @@ if [ "$INPUT_APPENDIX_FILE" ]; then
echo "Appendix read from $INPUT_APPENDIX_FILE:\n$APPENDIX"
fi

if [ -z "$INPUT_NO_PUSH" ]; then
check_env "INPUT_DOCKER_USERNAME"
check_env "INPUT_DOCKER_PASSWORD"
# Login to Docker registry
# Login to Docker registry if about to push and credentials are passed
if [[ -z "$INPUT_NO_PUSH" && -n "$INPUT_DOCKER_PASSWORD" && -n "$INPUT_DOCKER_USERNAME" ]]; then
echo ${INPUT_DOCKER_PASSWORD} | docker login $INPUT_DOCKER_REGISTRY -u ${INPUT_DOCKER_USERNAME} --password-stdin
fi

REPO_NAME=`echo $GITHUB_REPOSITORY | cut -d "/" -f 2`

# Set Docker username to the actor name not provided
if [ -z "$INPUT_DOCKER_USERNAME" ]; then
INPUT_DOCKER_USERNAME="$GITHUB_ACTOR"
fi

Comment on lines -30 to -34
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This logic was only applied during a CI test as DOCKER_USERNAME was declared required in action.yml. I removed this section in favor of making the CI test explicitly set DOCKER_USERNAME to ${{ github.actor }} instead as discussed in a comment above.

# Set image name to username/repo_name if not provided
if [ -z "$INPUT_IMAGE_NAME" ]; then
if [[ -z "$INPUT_DOCKER_USERNAME" ]]; then
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is causing #74. If IMAGE_NAME is not set but NO_PUSH is set, this is all ok...

echo "IMAGE_NAME must be explicitly set when DOCKER_USERNAME isn't set. Exiting..."
exit 1
fi

INPUT_IMAGE_NAME="$INPUT_DOCKER_USERNAME/$REPO_NAME"
# Lower-case
INPUT_IMAGE_NAME="${INPUT_IMAGE_NAME,,}"
Expand All @@ -45,7 +43,6 @@ if [ "$INPUT_DOCKER_REGISTRY" ]; then
fi

# Set username

if [ -z "$INPUT_NOTEBOOK_USER" ] || [ "$INPUT_MYBINDERORG_TAG" ] || [ "$INPUT_BINDER_CACHE" ];
then
NB_USER="jovyan"
Expand All @@ -55,7 +52,6 @@ if [ -z "$INPUT_NOTEBOOK_USER" ] || [ "$INPUT_MYBINDERORG_TAG" ] || [ "$INPUT_BI
fi

# Set REPO_DIR

if [ -z "$INPUT_REPO_DIR" ];
then
REPO_DIR="/home/${NB_USER}"
Expand Down