Add reusable Docker build and tag workflows#54
Closed
cellofellow wants to merge 1 commit intoveracode:masterfrom
Closed
Add reusable Docker build and tag workflows#54cellofellow wants to merge 1 commit intoveracode:masterfrom
cellofellow wants to merge 1 commit intoveracode:masterfrom
Conversation
Introduce a reusable docker build workflow and a tag-triggered workflow that enforces the action.yml image tag matches the pushed git tag before building. Add a docker build job to main workflow for consistent image publication and enable buildx caching for faster iterative builds. Pin the action runtime to a specific GHCR image version (0.2.10) for reproducibility and improved supply chain security versus building ad hoc from the Dockerfile. Minor formatting cleanup in main workflow. Signed-off-by: Josh Gardner <joshua.gardner@wgu.edu>
Author
|
Hey, cool, your switch to JS instead of Dockerfile solves my issue I think. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In my organization we've been using self-hosted GitHub Actions runners that unfortunately are constantly hitting rate limits pulling from Docker Hub. Because this action does a docker build at the initiation of the action, which necessarily pulls from Docker Hub, it's been giving us troubles.
This change switches things up a little bit by making it no longer use the Dockerfile at action run time, so it doesn't have to pull the base image from Docker Hub at that point, and because it's instead pulling the image from GHCR it won't affect our Docker Hub pull rate limits.
Note that in our pipelines we're usually able to use credentials to pull from Docker Hub but there's no mechanism to pass credentials to the init stage of this action and so I'm proposing this solution.