-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish packages to GitHub Registry #1410
Conversation
I am not sure how we would like to document such a feature, suggestions are welcome. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Blocking as we'd need some consensus from the nodejs/TSC and CommComm before adding another official channel, and also to get a new PAT that allows publishing packages.
If someone wants to do the work, they can dismiss the review once they've sorted it out
with: | ||
registry: ghcr.io | ||
username: ${{ github.actor }} | ||
password: ${{ secrets.CR_PAT }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would need to be requested in nodejs/admin
Or maybe just treat the registry on GitHub as development build, instead of another official channel? Like the unofficial build of Alpine Linux binary we used? cc @nodejs/tsc |
I'm positive on adding it. |
@yordis does github rebuild the images when the underlying image changes. For some reason I think the official images in the docker repo automatically get updates when there are updates in things like the debian base images we us? |
I'm +1 to publish to Docker Registry. As a reminder, new PAT or changes to existing PATs must be requested on https://github.com/nodejs/admin following our policy. |
@mhdawson From my understanding it should, the only concern is that for that to happen you suppose to change the Dockerfile since this workflow will trigger based on some files changes (check the |
PAT token request: nodejs/admin#581 |
This was discussed in the TSC meeting today. The TSC does not have any concerns provided the docker team is agreed that it is something we should do. |
As far as I can tell GHCR is just a dumb storage bucket and API endpoint. The image building we currently do here is just smoke testing that is then done on the various architectures by the Docker groups Jenkins setup. That platform is also what regenerates the images when the base image is changed. Overall I'm -0 on this, as it's positioned as a development courtesy copy, I'm not sure that would be something that rate limits even hit https://www.docker.com/blog/rate-limiting-by-the-numbers/ /cc @tianon @yosifkit to see if any of the other official images have setup this or any other mirror-like setup |
We have no current plans to push any official images to GHCR (or any other registry). |
Still 👎 on this. If people want to have a non-security patched copy in the GitHub container registry, they should do it on their own |
Agreed 👍 |
@nschonni would you mind elaborating? Trying to see where you shared something related to security, I don't support any insecure images either, but I am not sure what piece you are referring to. |
All changes and rebuilds for base image security is done by the Docker Hub CI setup. All images built here is do some sanity checking at Node release time, and then PR upstream to fully build out on the multiple architectures and are kept up to date when base image changes by them |
Missing Steps
read:packages
scope to download container images and read their metadata.write:packages
scope to download and upload container images and read and write their metadata.delete:packages
scope to delete container images.CR_PAT
with the value of the PAT created before.More details at: Migrating to GitHub Container Registry for Docker images
Description
Publish the images to Github Docker Registry.
closes #1392
Motivation and Context
Docker is rate-limiting pulling the images from Docker Hub.
Testing Details
Types of changes
Checklist