Publish Waltz Docker image to https://hub.docker.com/u/finos ?

[maoo]

Description

Dear Waltz team!

I see that Waltz is distributed as a Docker image on https://github.com/orgs/finos/packages . It would be great to use the official Docker Registry, where FINOS hosts all other images, which is https://hub.docker.com/u/finos ; this would allow us to track consumption of Docker images into metrics.finos.org .

I'm not sure if the GitHub Docker registry provides any advantage in terms of automation , compared to the automation provided by Docker Registry (see https://docs.docker.com/docker-hub/builds/link-source/ ).

Happy to discuss this further. Thank you!

[davidwatkins73]

Hi @maoo,

The Docker image publication was a community contribution to Waltz and is working very well. Happy to discuss adding Docker-Hub to the list of publication targets (thanks for the documentation link).

We would be keen to keep the GitHub registry working as I believe Docker Hub imposes rate limits on clients, therefore having multiple avenues open is valuable.

(cc @ljubon)

[maoo]

Thanks @davidwatkins73 ! +1 on everything! If you're ok, I can simply enable the automated build from Docker hub and that's it? We may want to update README/docs, to make the community aware of why the image is deployed in 2 places, but other than that, it should be straight-forward.

What do you think?

[davidwatkins73]

@maoo - sounds good. I'll update the docs and blog out the change once we have a build published.
Note, currently the only time we produce a new image is when we create a release tag (not on every commit) - will this be the same ?

[maoo]

@maoo - sounds good. I'll update the docs and blog out the change once we have a build published. Note, currently the only time we produce a new image is when we create a release tag (not on every commit) - will this be the same ?

Yes, correct; see screenshot below....

I could enable it now and we could test it on the next release, WDYT?

[davidwatkins73]

@maoo - sounds like a good plan. We've got a release (1.40) scheduled for 22 March.

Can we kick it off manually before then ? (or perhaps temporarily enable a per-commit build) Would be good to have the process tested before the 1.40 rel.

[maoo]

Configuration done, although still private (See below).

To test, could you please create a 10.0.0 test tag (to be removed as soon as we see it working) to check if that triggers the Docker Hub build?

Also, I'd suggest to enable security vulnerability scanning , wdyt?

[davidwatkins73]

Hi @maoo Sorry for the delay (using up holiday before we lose it!)

I've created a release (labelled 10.0.0) as you suggested (there's also a 1.40a1 - which is equivalent)

Can't see any downsides in having the security scanning enabled :)

[maoo]

Thanks @davidwatkins73 ! The build was triggered on Docker Hub, which is good, but it failed; I collected logs on https://gist.github.com/maoo/7dc4724ad5b6a8f7630a1f8d72fb0424 . Maybe there are some parameters that must be passed to the docker build command?

[davidwatkins73]

Looks like it hasn't done the build first. It's failing on copying waltz-web.war which is the main output from the maven build step.

[maoo]

Looks like it hasn't done the build first. It's failing on copying waltz-web.war which is the main output from the maven build step.

Right. This means we cannot run the Docker Registry automation, we need to build push the docker image from GitHub Actions.

Would be possible for someone of the Waltz team/community to add https://docs.github.com/en/actions/publishing-packages/publishing-docker-images into https://github.com/finos/waltz/blob/master/.github/workflows/maven.yml ?

Feel free to test it using a personal Docker Hub account; when everything is working, I can set the DOCKER_USERNAME and DOCKER_PASSWORD secrets that will represent the finos-admin user.

WDYT @davidwatkins73 ?

[robmoffat]

@davidwatkins73 - is there any progress we can make on this? We have it stuck in our backlog atm.

thanks!

[maoo]

Reviving this ; for pushing into Docker Hub, we could simply update https://github.com/finos/waltz/blob/master/.github/workflows/maven.yml#L75 and point to the Docker Hub registry.

@davidwatkins73 - what do you think?