[BUG] Wrong Docker tags are set as part of mvn:release

[adamretter]

Whilst releasing 5.3.1, I see the following Docker tags on Docker Hub:

• 5.3.1 - this is correct
• latest - this points at 5.3.1
• release - this seems to be point at an old version of eXist-db from 6 months ago

However -

• I would think that latest should be pointing at the most recent build from Docker Hub of HEAD of develop.
• I would think that release should point at 5.3.1

[duncdrum]

the release tag should have been set from master on CI. There was an error

[duncdrum]

duplicate of #3953

[adamretter]

I don't think this is the same as #3953 at all as this is a separate issue to CI.

1. mvn release:perform should never have updated the latest tag - as isn't that reserved for the latest snapshot version, e.g. nightlies?
2. mvn release:perform should have updated the release tag to 5.3.1

[duncdrum]

mvn release:perform has updated the release tag

the question if it should or shouldn't have updated the latest tag is a red herring (it should). There are no nightlies for docker images, and both latest and release are consistent since what we started with exist v4. Despite your periodical inquires about it.

[adamretter]

Okay good to see that release is now correct. I did check Docker Hub after I did the release last night and it was showing as not updated at that time - maybe an eventual consistency thing on their side?!?

I thought the Docker latest tag was pushed from CI each time something is merged to the develop branch... is that not correct then?

[duncdrum]

yes it is, but because its a special tag in docker naming scheme it gets applied to whatever is latest. This will autocorrect itself within minutes as the different images undergo their sec scan on dockerhubs infrastucture and are published. There will always be a build running on here based on develop that ll supersede whatever your local system has produced while maven is doing its thing. Thats why i consider it a non-issue.

[adamretter]

@duncdrum Okay, but I don't think the way it works now makes sense.

If whenever an mvn release:perform is done, the Docker latest tag is pointed at a fixed release, then the Docker latest tag is going back in time.

For example:

1. latest points at 5.4.0-SNAPSHOT
2. We release 5.3.1, and the latest tag now points at 5.3.1
3. CI does a build and repoints latest at 5.4.0-SNAPSHOT

During (2), the latest tag is not actually pointing at the latest version of eXist-db (the latest there would still be 5.4.0-SNAPSHOT). This is at best misleading, and at worse damaging, as during a window of X time users pulling the latest tag will get older versions than they were using before.

I think there is an easy solution:

1. Only the release tag and specific release version tags (e.g. 5.3.1) must only be created by mvn release:perform
2. The latest tag must only ever be updated by CI build of develop.

With such a fix, then latest would always be the latest version, and release would always be the newest release - which is the intended behaviour I believe.

Does that sound reasonable?

[funkyfuture]

as a related note: it'd be great if the latest release of a major branch was also tagged with that major version, eg. 5.3.1 would be available as 5.3.1 and 5. well, 5.3 could also make sense.

[funkyfuture]

oh, and another note: there's no commonly used semantic for the latest tag in the Docker ecosystem and thus people have different expectations. one way to deal with it, is to not use it at all.