Publish dockerized Community Web App on Docker Hub

[vorburger]

Once #3106 contributes a Dockerfile which can deliver a containerized (AKA dockerized) community app, it would be nice to have it available (via CI/CD, not manually pushed) on https://hub.docker.com.

I can see that there is a https://hub.docker.com/u/mifos, but given that this is https://github.com/openMF/community-app/, IMHO it would be clearer to have https://hub.docker.com/u/openmf - so I just created that. I'm very happy to add anyone else as Admins to that Docker Hub Org - perhaps @ShruthiRajaram @awasum @vishwasbabu @edcable you would like to be added? Just reply here with your Docker Hub UID.

[vorburger]

So, if I understand things correctly, on Docker Hub you have to give a user account (your main personal account or a new bot service GitHub account) full read/write acess to everything that user has, on GitHub - according to e.g. https://github.com/docker/hub-feedback/issues/552, https://github.com/docker/hub-feedback/issues/873, https://github.com/docker/hub-feedback/issues/967 ... and https://docs.docker.com/docker-hub/builds/link-source/#grant-access-to-a-github-organization and https://docs.docker.com/docker-hub/builds/#service-users-for-team-autobuilds ...

Now, there's no way I'm adding @vorburger to Docker Hub (they've had breaches in the past). So either we create a new GitHub account just for this purpose and link that up (and share it's login with a trusted set of people), or ... use an alterative container registry, like https://quay.io if that's less of a PITA?

[vorburger]

use an alterative container registry, like https://quay.io if that's less of a PITA?

no, it's the same - it also wants t ohave read and write to EVERYTHING on a GitHub accout - how dumb.

I'll just create a new GitHub user account, only for this purpose.

[vorburger]

As per https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users, I've just created https://github.com/mifos-bot for this purpose, and invited it to this repo.

[vorburger]

"Your account has been flagged. Because of that, your profile is hidden from the public. If you believe this is a mistake, contact support to have your account status reviewed."

I've just done so (contacted GitHub Support Ticket ID: 343929, let's see).

BTW: I'll likely also re-use this as a service account for https://github.com/apache/fineract/, e.g. to hook it up to Google Cloud Source Repository and Container Registry.

[vorburger]

I've just done so (contacted GitHub Support Ticket ID: 343929, let's see).

GitHub Support has unlocked https://github.com/mifos-bot, and it's now a regular account.

I've added @mifos-bot to this repo (openMF/community-app), accepted the invitation on behalf of that user, and configured https://cloud.docker.com/u/openmf/repository/registry-1.docker.io/openmf/community-app/builds/edit to build containers for this repo.

So https://cloud.docker.com/u/openmf/repository/docker/openmf/community-app now has a (Docker) container image continously built from the develop branch of this repo!

FTR: Initially I thought that mifos-bot actually only need read and not write or even admin permission to this repo, which seemed to be enough for Docker Hub at least if you also manually add Docker Hub's Deploy Key shown at the bottom of .../builds/edit. Then I then also connected source.cloud.google.com to @mifos-bot, but that needed it to have Admin.

So in addition to Docker Hub it's at least currently also available on http://gcr.io/apache-fineract-75/github.com/openmf/community-app (but without a latest tag; you have to look up the revision).

@awasum @conradsp @Anh3h @vishwasbabu I thought you may like this? :smile:

[vorburger]

PS: bd9c3fcc0f3dd9c19aca25e46b6adba8ff98afac adds badges for this to the README.

[conradsp]

Thanks for your work on this Michael! I like it a lot!

On Mon, Aug 26, 2019 at 2:08 PM Michael Vorburger ⛑️ < notifications@github.com> wrote:

PS: bd9c3fc https://github.com/openMF/community-app/commit/bd9c3fcc0f3dd9c19aca25e46b6adba8ff98afac adds badges for this to the README.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/openMF/community-app/issues/3112?email_source=notifications&email_token=AFMBLWBKZFCDB6VO6R6BR3TQGQS25A5CNFSM4IAYV352YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5FLJMQ#issuecomment-524989618, or mute the thread https://github.com/notifications/unsubscribe-auth/AFMBLWCHTNWAY2XPZCSFY3TQGQS25ANCNFSM4IAYV35Q .

[vorburger]

I just looked back at this (in the context of https://www.fineract.dev), and wanted to record that the public Docker Hub URL is https://hub.docker.com/r/openmf/community-app/ (the ones shown above need login). I've just raised #3197 to add a link to Docker Hub to the README.

[vorburger]

FTR: I've re-used the https://github.com/mifos-bot originally created here for #3309.

[ErezArbell]

Hello @vorburger, I also have this issue right now. I want o allow Docker Hub to build a docker image from Dockerfile in GitHub. But the only option they give is to give them read and write access to all my GitHub acount. I want to be sure that I understood how you solved this. I understand that you created another regular GitHub account mifos-bot (I guess using a different email address) and gave it access to the specific repo. Is this correct?

[vorburger]

@ErezArbell correct