-
Notifications
You must be signed in to change notification settings - Fork 190
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish image to container registries #163
base: master
Are you sure you want to change the base?
Publish image to container registries #163
Conversation
Add Github Action for Container build and push Limit number of container layers and reduce size Update COPY chmod to use octal Stop copying DOCS directory into container Reduce number of production container layers Remove linux/arm64 container platform Convert django container to multi-stage build Reduction of image from ~1GB to <550MB Conslidate production/local docker-compose/Dockerfile Move compose/production/* into parent compose/ folder Remove defunct compose/local folder Remove sharing lock from cache mount on RUN The cache was empty when using a `locked` sharing type. Reverting to the default sharing of `shared` as the build should not be affected with the current workflow. https://github.com/moby/buildkit/blob/f2a6e83adcb0295099870489b76d3ce74d6f7f42/frontend/dockerfile/docs/syntax.md#run---mounttypecache > This mount type allows the build container to cache directories for compilers and package managers. |Option |Description| |---------------------|-----------| |`sharing` | One of `shared`, `private`, or `locked`. Defaults to `shared`. A `shared` cache mount can be used concurrently by multiple writers. `private` creates a new mount if there are multiple writers. `locked` pauses the second writer until the first one releases the mount.| Update workflow to run on 'master' branch Limit GITHUB_TOKEN permissions for job Only push the container on push and schedule events ghaction-docker-meta action moved from crazy-max to docker org https://github.com/docker/metadata-action/releases/tag/v3.0.0 Use bind mount rather than cache for wheels cache is not guaranteed. build the wheels and allow pip to cache during the process. bind mount the wheel-dir when installing in django stage Consolidate start commands Remove extraneous instructions from Dockerfile - no need to install the requirements in the build stage - only build the wheels - gecos is for storing metadata about a user (full name, phone number...) - copy of requirements from build is now handled transparently through a bind mount without requiring the additional layer - du of /tmp/wheels was only for debugging the cache mount which is now a bind mount - /tmp/requirements is a bind mount so it does not need to be removed from the stage Cache first stage of multi-stage build By default the mode is set to `min`, which only exports layers to the cache in the final build stage. We want to cache the first stage in order to not always build wheels. Specify ghostwriter:2.2 image in production.yml Add missing EOF newline to docker components Update to default compose in run-unit-tests github workflow job local.yml was replaced with docker-compose.override.yml which is automatically applied when no other compose files are specified
a8f733b
to
b3a2e47
Compare
2c1f377
to
e574436
Compare
@chrismaddalena let me know if there is anything else that I can expand on or if you need anything changed. |
3fb8cdf
to
1c047d5
Compare
@chrismaddalena I have gone ahead and rebased this branch based on what is currently in master. We would like to be able to deploy an official image of Ghostwriter in the near future, so is there anything else that you would like to see in order to get this merged? |
@arledesma Hey! Life has been busy so I haven't had a chance to give this a close look. Getting images on DockerHub is high on my list, so I'll take a look as soon as I can. |
1c047d5
to
0172a9e
Compare
Any updates for this? I would like to build a helm chart for this app and I need a public docker image to do that. |
Hey @chrismaddalena, any chance for this feature to be available in the future? It would be a lot easier to install Ghostwriter if you publish a docker image, as the community could help to create a helm chart for it. |
Yes, it's something we can look at now. The files have changed since this PR, so it would not work as is. I'm all for publishing images to make things easier. |
In order to enable quick development and deployment, without requiring an hour long build, this PR will enable publishing to a container registry via configurations setup in the github repository secrets.
When running through a proof of concept with the current solution we found that there was ambiguity due to completely different solutions for
local
vsproduction
.This PR attempts to alleviate some of that ambiguity by:
compose/local
andcompose/production
directories into onlycompose
.docker-compose.yml
local.yml
->docker-compose.override.yml
which is automatically applieddocker-compose up -d
automatically starts local servicesdocker-compose up -d --build
builds and starts local services (should only be required for changes to requirements.txt)docker-compose.dev.yml
extendsdocker-compose.yml
for debuggingdocker-compose -f docker-compose.yml -f production.yml up -d
automatically starts local services with debuggingdocker-compose -f docker-compose.yml -f production.yml up -d --build
builds and starts local services (should only be required for changes to requirements.txt)production.yml
extendsdocker-compose.yml
docker-compose -f docker-compose.yml -f production.yml pull
pulls the latest referenced imagesdocker-compose -f docker-compose.yml -f production.yml up -d
starts production services, including nginxdocker-compose -f docker-compose.yml -f production.yml up -d --force-recreate
restarts production servicesbuild
but instead point at a stableimage
that has been published (currently set to2.2
)Dockerfile
into a multi-stage build, utilizing aSTAGE
build argument to determine which stages will be executed..gitattributes
to help ensure that files are committed with the correct LF EOL. While this does not explicitly ensure that windows users will never see odd behavior it will help protect the files within the repository.github action
A github action workflow has been added that will build local branches and push to GitHub Container Registry and/or Docker Hub
examples:
The meta step will generate a number of labels, including semantic version/latest/edge and branch (for your repository)
The semantic version requires a valid semantic version as a tag to be pushed. Multiple labels will be produced from that in order to enable rolling images. e.g.
2
,2.2
, and2.2.1
could all point at the same image. If2.2.2
is subsequently pushed then both2
and2.2
will then point at the same image as2.2.2
while2.2.1
remains in place. When a new tag is pushed then that image will replace thelatest
label. This will hopefully enable users to choose how much risk they are willing to accept during their production deployments by explicitly referencing a specific label.Branch labels can also be used, such as
ghostwriter:master
orghostwriter:edge
whereedge
is the latest commit on the default branch.A build is also scheduled to occur at 03:00 on the 1st and 15th days of the month. These should produce an image with a label in the format of
YYYYMMDD
. These builds can be useful to help ensure that any underlying system packages are updated within the container to assist when there may be lulls in development work within this repository.Additionally this further addresses #143 by explicitly configuring the nginx service volumes of
media
andstaticfiles
to setread_only
andnocopy
:https://docs.docker.com/compose/compose-file/compose-file-v3/#volumes