Suggestions to simplify image prebuilding

[Chuxel]

In my case, I am using this action to pre-build an image I then use in codespaces and remote - containers. I do this on a periodic basis for security, and do not need to execute anything in the container.

I was expecting to be able to do this:

      - name: Build image
        uses: devcontainers/[email protected]
        with:
          imageName: ghcr.io/chuxel/devpacks/devcontainer

However, what I ended up needing to do was this:

      - name: Build image
        uses: devcontainers/[email protected]
        with:
          imageName: ghcr.io/chuxel/devpacks/devcontainer
          skipContainerUserIdUpdate: true
          push: always
          runCmd: echo "Image built successfully."

Would it be possible to alter the defaults so you didn't need quite so much knowledge of properties to do it? The behavior around push I found particularly confusing given Action's trigger system. I make heavy use of workflow_dispatch to simplify testing which didn't work even before I layered in the schedule.

Ideally if runCmd wasn't specified, it would just skip the container spin up for example.

Otherwise including a clear example for this scenario in the README and docs probably makes sense. //cc @stuartleeks

[stuartleeks]

Thanks @Chuxel

Ideally if runCmd wasn't specified, it would just skip the container spin up for example. I agree - this would be a nice addition!

I'm not sure that the skipContainerUserIdUpdate: true is needed here as the image that is built/tagged doesn't have the user id update applied to it. That said, I can see it as a minor perf tweak (that wouldn't be relevant if an empty runCmd skipped running the container)

So, with the change to skip running if runCmd is missing, I think you'd be down to the following:

- name: Build image
        uses: devcontainers/[email protected]
        with:
          imageName: ghcr.io/chuxel/devpacks/devcontainer
          push: always

The push filter is an area that might benefit from more thought. I'm not sure whether it would make sense to always push on workflow_dispatch or not. My goal with the filters was to set it up so that main branch builds would default to pushing but there are some edge-cases that would probably benefit from calling out in the docs if there aren't ways to smooth them out

[Chuxel]

I'm not sure that the skipContainerUserIdUpdate: true is needed here as the image that is built/tagged doesn't have the user id update applied to it. That said, I can see it as a minor perf tweak (that wouldn't be relevant if an empty runCmd skipped running the container)

Yeah it was a perf tweak because there was no empty runCmd option. Assuming an empty runCmd would skip the UID/GID step (which I assume it would), that would cover it.

The push filter is an area that might benefit from more thought. I'm not sure whether it would make sense to always push on workflow_dispatch or not. My goal with the filters was to set it up so that main branch builds would default to pushing but there are some edge-cases that would probably benefit from calling out in the docs if there aren't ways to smooth them out

Yeah, I see the value of the property options, but I guess I was surprised that the default was conditional. I have been separating my image pre-builds from any other CI since they have different files/folders that trigger them. They're not even in the same workflow. So I'd generally be setting these to "always" and "never" depending on the workflow.

At first I'd assumed it would be never by default actually. Might just be me admittedly.

Concrete example:

• https://github.com/Chuxel/devpacks/blob/main/.github/workflows/devcontainer-image.yaml
• https://github.com/Chuxel/devpacks/blob/main/.github/workflows/buildpacks.yaml