scancode-toolkit
scancode-toolkit copied to clipboard
nexB
Publish scancode-toolkit Docker image to ghcr.io
Short Description
Prepackage the software as a Docker image, hosted here on ghcr.io.
Select Category
- [x] Packaging
Describe the Update
Build and upload the Docker image to ghcr.io
How This Feature will help you/your organization
It'll be much simpler to pull in without going through the build process.
Possible Solution/Implementation Details
Perform the automation triggered in Github Actions upon release.
Can you help with this Feature
#3027
@robertlagrant Thanks... this sounds like a good idea ... one question though: is this a free service? Based on https://github.com/features/packages#pricing there seems to be a price tag attached not only to publishing but also to the mere pulling of images which is something we cannot control?
@pombredanne that page design is very misleading! The prices on the right are for private repos. On the left, public repos, it's unlimited.
I'd love to see an official image for the latest release as well. From the pricing page, this shows that public repos can put up images for free...
I have time to help work on this, if you like.
Any update/progress on this? I'd also love to help if someone can guide to the right direction.
The work to do should be to ensure that we are not the proverbial cobbler's son and that we have a basic handle of the license and origin of the packages that go in the base image and collecting the source code. This would mean scanning this is ScanCode.io (with scancode... how circular! )
The second thing would be to have a Ci/CD job that builds, runs smoke tests and publishes the image on each release, and ideally would also collect the source packages for the image (and stuff them in an image or layer to have them published handy)
The third thing would be to do run the job daily to get an updated image with the latest security fixes.