improbable-eng
Push docker images to docker hub on master commit
AC:
- Images are published to improbable's public docker hub on successful build of master with a short SHA
- Pushed image is tagged with latest
Do we want latest to point at the latest unstable commit? Or would we be better to have latest point at the latest tagged release? I guess this can change when we start cutting releases 😄
Also, is this what other improbable projects do? We're moving away from having CI push to public registries in cert-manager (mostly due to security concerns, and how easy it could be to roll out a bad image 🙄)
@munnerz happy to hear alternatives! how are you looking to replace the story of a user who urgently needs to use a pre-release build & can't want for a version bump?
(for cert-manager specifically): we are planning on continuing to publish master to a separate image repo (i.e. cert-manager-unstable), and then having tagged releases promoted via a process that requires human-intervention.
It's probably not worthwhile setting up a separate repo just for this now, but I think at least not tagging the latest HEAD of master as latest and instead tagging it as something more descriptive (i.e. unstable) would help. We purposely don't have a latest tag to stop people depending on it 😅
We are likely to change this to pushing images to quay.io instead of Docker Hub, since Docker Hub doesn't really have a nice way for authenticating robots (other than, create a "robot" account).
Is there progress on this? We need to build/compile the image internally now. It'd nice to have on quay.io or docker hub..
Is there progress on this? We need to build/compile the image internally now. It'd nice to have on quay.io or docker hub..
BTW I found the images on the github registry: ghcr.io/improbable-eng