ffig icon indicating copy to clipboard operation
ffig copied to clipboard

Published 20 hours ago verified publisher icon FFIG

Travis deployment to docker_hub

Open petr-tik opened this issue 8 years ago • 12 comments

add an on_success scenario to travis and save dockerhub credentials.

@jbcoe do you want to create and move ffig to a separate repo on the dockerhub? It's better for your security. In case travis ever gets cracked for credentials, at least your personal github won't be compromised.

petr-tik avatar Feb 03 '17 16:02 petr-tik

Not sure I follow. Can you elaborate?

What would it take to do? If I understand the risks and work I'm happy to do it.

jbcoe avatar Feb 03 '17 16:02 jbcoe

For the ffi-explorer web app, it would be good to agree on a base docker image we can reuse and docker pull that from a repo.

Right now, we push the new docker image to a docker repo connected to your account. if you are ok with giving travis your docker credentials , then I will be pulling from the jbcoe docker repo

petr-tik avatar Feb 03 '17 16:02 petr-tik

Why does travis need my docker credentials?

jbcoe avatar Feb 03 '17 16:02 jbcoe

to docker push on success

https://docs.travis-ci.com/user/docker/#Pushing-a-Docker-Image-to-a-Registry

petr-tik avatar Feb 03 '17 16:02 petr-tik

Can we get docker to only pull from GitHub on successful builds? That would not require credentials.

jbcoe avatar Feb 03 '17 16:02 jbcoe

I am thinking about about tagging the build as latest. If it passes the tests, docker push it to the repo. Whenever the ffig-app is built, it will pull the image with the latest tag.

Pulling doesn't require credentials, pushing does, but it looks like we are already doing it. Just wanted to confirm that it's ok with you

petr-tik avatar Feb 03 '17 16:02 petr-tik

I mentioned this on slack yesterday but: maybe it's time to make ffig GitHub organisation? That way none of the things are tied to Jon's personal GitHub. If ffig tokens / credentials are leaked, any potential damage is limited.

Having said that, would still like to understand which things truly need those and which can be worked around without providing write access.

ajbennieston avatar Feb 03 '17 17:02 ajbennieston

I don't think anything much has write access right now.

jbcoe avatar Feb 03 '17 17:02 jbcoe

I've created an organisational repo at https://github.com/ffig

I'll migrate stuff over tonight. Please don't create new PRs or branches in the meantime.

jbcoe avatar Feb 03 '17 17:02 jbcoe

https://help.github.com/articles/transferring-a-repository-owned-by-your-personal-account/#transferring-a-repository-to-another-user-account-or-to-an-organization

petr-tik avatar Feb 03 '17 17:02 petr-tik

@petr-tik thanks. That will get me my evening back.

jbcoe avatar Feb 03 '17 17:02 jbcoe

migration complete. We are https://github.com/FFIG on github and c-api on slack.

jbcoe avatar Feb 03 '17 17:02 jbcoe