patcon
commented
3 years ago Seems that ephemeral GITHUB_TOKEN in workflows doesn't yet work for GitHub Container Registry, at least not in beta. Need to generate a personal access token, which I suspect is going to make this harder to make happen https://docs.github.com/en/free-pro-team@latest/packages/guides/using-github-packages-with-github-actions#authenticating-to-github-container-registry
Right now, we're pushing nightly builds to docker hub. In theory, this makes deploying quicker for new people, since can pull instead of building. In practice, I don't think it's used much.
Having said that, we're also building containers in order to run cypress tests. If we start building them for cross-browser testing of old browsers on BrowserStack, then we'll be building the containers at least twice per commit. This expends twice as many build minutes as we need, and each docker build takes about 8 minutes.
We could instead build the containers in one workflow, and push them to GitHub Container Registry. These would be set to private, so just for internal tests. We could then pull them in the workflows that needs to spin up an instance, without rebuilding them each time (e.g. cypress tests, browserstack tests, etc).
GitHub Container Registry vs GitHub Docker Registry: https://docs.github.com/en/free-pro-team@latest/packages/guides/migrating-to-github-container-registry-for-docker-images (main thing is that GHCR has more fine-grained permissions)
Enabling: https://docs.github.com/en/free-pro-team@latest/packages/guides/enabling-improved-container-support