Github actions for Docker image

mpetroff / pannellum

Pannellum is a lightweight, free, and open source panorama viewer for the web.

https://pannellum.org/

MIT License

4.15k stars 710 forks source link

Github actions for Docker image #1216

Closed Elbandi closed 1 month ago

Elbandi commented 1 month ago

This pr do lots of thins:

Adds a github action to build generate-panorama and push to gh container registry
Updated the image base to latest (24.04) Ubuntu LTS.
Add renovate bot to track and upgrade image and ubuntu package versions (this will trigger the action to rebuild image)

For renovatebot you need a PAT token (read only access).

mpetroff commented 1 month ago

This "fixes" things that aren't broken.

I have no desire to deal with the Github container registry (or any other container registry).
It's far too soon to update to Ubuntu 24.04. I'd at least wait for 24.04.1. The image base should be updated within the next year, though, before 20.04 goes out of support.
I see no benefit to setting explicit version numbers in the Dockerfile. And then adding a third-party service to create pull requests to update these explicit versions would just waste my time with reviewing unnecessary pull requests.

I appreciate the effort, but I don't see any value in these changes.

Elbandi commented 1 month ago

ok, as you want.
ubuntu focal end in 10 months. and i dont know why, hugin-tools is missing from 22.04 LTS. So it is a necessary think to upgrade to 24 so early...
security upgrade. If someone dont want to use 1-2 years old image, this is a possible solution to rebuild docker container if needs.

mpetroff commented 1 month ago

Hugin was missing from Debian unstable for a brief period of time in early 2022 due to a dependency issue. It just happened to overlap with the time when Ubuntu 22.04 was branched off from it. The base image can be updated in a few months, once the bugs are worked out of 24.04 but still well before 20.04 goes out of support.

If you don't pin version numbers, the latest versions will be used. Pinning version numbers forces older packages to be used until the pinned version numbers are updated, which is the potential security issue, not the other way around.

Elbandi commented 1 month ago

The pined versions are upgraded by renovatebot. after versionupgrade PR is accepted (by hand or automatic), image build action is triggered. So you dont have to watch packages every day/weeks and start imagebuild yourself, workflow do it instead of you.

mpetroff commented 1 month ago

So you dont have to watch packages every day/weeks and start imagebuild yourself

Currently, I don't need to watch anything. With this change, I would need to deal with useless pull requests. Thus, it would make more work for me. Thus, it isn't happening.