Consider pushing the container image to GitHub's own container registry ghcr.io

[chgl]

Currently, the HAPI FHIR JPA server image is only hosted on Docker Hub, which does have some occasional availability issues and rate-limits pulls by default.

The GitHub container registry is freely available for open source projects: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry. We could push the container image to this registry as well. The neat thing is that the image will also appear on this repository's home page under "Packages" making it easier for users to discover the container image.

The workflow to push the image to this new registry should be fairly trivial to update: add the new ghcr.io/hapifhir/hapi-fhir-jpaserver-starter image to the IMAGES list https://github.com/hapifhir/hapi-fhir-jpaserver-starter/blob/master/.github/workflows/build-images.yaml#L14 and add an additional login job for the new registry. I'd be happy to create a PR for both.

However, the challenging/annoying part is allowing the action to write to the package registry, see https://docs.github.com/en/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#upgrading-a-workflow-that-accesses-ghcrio. To grant this repository access to write to the registry, a package inside the registry has to be pushed first in order to change its settings. To do that, someone with access to the hapifhir packages has to do the following:

1. pull any of the container images currently hosted on Docker Hub: docker pull docker.io/hapiproject/hapi:v6.0.1
2. re-tag this image to point to the new ghcr.io package location: docker tag docker.io/hapiproject/hapi:v6.0.1 ghcr.io/hapifhir/hapi-fhir-jpaserver-starter:v6.0.1
3. push the image to ghcr.io: docker push ghcr.io/hapifhir/hapi-fhir-jpaserver-starter:v6.0.1
4. open the packages tag in the hapifhir organization: https://github.com/orgs/hapifhir/packages
5. click on the hapifhir/hapi-fhir-jpaserver-starter package
6. click on "Package settings" on the right
7. in the "Danger Zone" set the package visibility to public
8. in the "Manage Actions access" section, select the hapi-fhir-jpaserver-starter repository and grant it write-access

After all this, it will be possible for an updated workflow to push the container image to ghcr.io.

Despite the effort, is this something you would be interested in implementing?

[jkiddo]

I have no burning wish for this but I get the arguments. I don't have admin access so this needs someone else's approval.

[chgl]

I absolutely agree that this isn't at all necessary but just a nice-to-have. So definitely not a priority.

[jkiddo]

@tadgh / @jamesagnew I sugggest you ping us here if/when you would like this. As mentioned, this is nice to have - not need to have so we'll just wait until you think this is something that should be done.