aenix-io
Enable CI to work with registry on fork-based PRs
Fork-based PRs cannot push images to ghcr.io during build, even for testing purposes.
Do we want to enable it?
I have a separate single-node k8s that only runs 5 docker-registry pods in cache mirror mode for the most popular public registries. It's more persistent than other test clusters, so each new fresh cluster gets its images ready immediately. It is also possible to do that with pure docker with an even smaller memory footprint.
I do not recommend running a cache registry inside the target test cluster. Here are some disadvantages:
- a chicken-egg problem, it must be tested if fallback to direct pull is possible
- if fallback is possible, the first pull count will be amplified 3x by 3 nodes
- cache will be cleared whenever the test cluster is recreated (could be mitigated with cloud-persistent pvc, but requires a lot of effort)
The same registry could be used to push temporary build artifacts (container images in our case), and the whole thing could be just dropped and recreated from scratch when disk is full.
