Open WadeBarnes opened 1 week ago
cc @i5okie, @esune
vote for ghcr.io, and ref through artifactory
I would also be happy to discuss creating a service account with write access to the bcgov-docker-local
repo in Artifactory where you can push backup-container images.
vote for ghcr.io, and ref through artifactory
+1 for ghcr.io + artifactory.
+1 For having the container image artifacts pushed to ghcr.io would be ideal, similar to what already exists on the hub.docker.io side. If we do swap over to ghcr.io, we do not necessarily need to continue having it be mirrored to dockerhub any longer, unless having it there makes it easier to mirror to artifactory. As long as the tagging for these image artifacts follows standard semver conventions it'll provide a huge value for downstream change management.
+1 For having the container image artifacts pushed to ghcr.io would be ideal, similar to what already exists on the hub.docker.io side. If we do swap over to ghcr.io, we do not necessarily need to continue having it be mirrored to dockerhub any longer, unless having it there makes it easier to mirror to artifactory. As long as the tagging for these image artifacts follows standard semver conventions it'll provide a huge value for downstream change management.
+1 for semver tag release,
When a release is created images are built and published to Docker Hub for that release. The images are not maintained following their release, meaning they are not rebuilt periodically to pick up updates (such as vulnerability fixes) made to the base container.
Create a scheduled maintenance job that maintains the last x (3 or 4) release images by rebuilding and republishing. The job should trigger at least once a month. This will help reduce the number of teams building and maintaining their own images.
Bonus points for:
Other decisions that should be considered: