search

rojopolis / spellcheck-github-actions

Spell check action
MIT License
132 stars 38 forks source link

feat: add automated container build #108

Open sxd opened 2 years ago

sxd commented 2 years ago

Use the docker/build-push and docker/metadata actions to build a container and add the proper tag depending on the branch, PR or the tagged version using semver as the proper version.

Closes #80

Signed-off-by: Jonathan Gonzalez V jonathan.abdiel@gmail.com

jonasbn commented 2 years ago

Hi @sxd

Thank you, I will have a look at it over the weekend.

jonasbn commented 2 years ago

Hi @sxd

First review of your PR looks promising. I do however have some obstacles I have to overcome first. I need to get the required authorizations to work in a balanced and secure manner, so this will require some work before the PR can be processed and approved.

The challenges are:

All of the above is not caused by your PR, but it was a question of time before these decisions had to be made.

So please bear with me and I will get back to you

sxd commented 2 years ago

hi @jonasbn

Using GHCR makes a lot of sense and doesn't require too much changes to my PR. Related to the ownership of this repo, well there's nothing I can do there XD except I can fork this repo and start my own project but that's not the idea, so I think I'll wait news from you about this point and the possible changes =)

Cheers!

jonasbn commented 2 years ago

Hi @rojopolis

Could you perhaps help us out here. We need to have the permissions associated with the auto-generated GITHUB_TOKEN for the repository adjusted, so we can set up publishing up packages (Docker images) to the GitHub container registry.

Currently we are using DockerHub, but with this PR I believe it makes more sense to change to ghcr.io also because the actions are not used outside GitHub.

  1. From the main page of the repository
  2. Go to "Settings"
  3. In the left sidebar, click "Actions"
  4. Then click "General"
  5. Under "Workflow permissions", check "Read and write permissions"
  6. Click "Save"

The checkbox "Allow GitHub actions to create and approve pull requests should not be ticked.

REF: GitHub Docs

sxd commented 2 years ago

@jonasbn hi!

I don't think we need to enable it, probably is enabled by default, we can just create and push the image, we can actually try that, what do you think?

Regards!

rojopolis commented 2 years ago

HI Jonas,

Sure!

I’m away right now (and am forgetful so please ping me if I haven’t done it by Monday). Cheers, Robert

On Aug 5, 2022, at 7:29 AM, Jonathan Gonzalez V. @.***> wrote:

@jonasbn https://github.com/jonasbn hi!

I don't think we need to enable it, probably is enabled by default, we can just create and push the image, we can actually try that, what do you think?

Regards!

— Reply to this email directly, view it on GitHub https://github.com/rojopolis/spellcheck-github-actions/pull/108#issuecomment-1206521846, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJMYNL6IEGPFIL6NP4TZU5TVXUQOJANCNFSM53TYMRYQ. You are receiving this because you were mentioned.

rojopolis commented 2 years ago

Oh, sorry… I didn’t see the second message…

Is there a cost for the image repo?

On Aug 5, 2022, at 8:01 AM, Robert Jordan @.***> wrote:

HI Jonas,

Sure!

I’m away right now (and am forgetful so please ping me if I haven’t done it by Monday). Cheers, Robert

On Aug 5, 2022, at 7:29 AM, Jonathan Gonzalez V. @. @.>> wrote:

@jonasbn https://github.com/jonasbn hi!

I don't think we need to enable it, probably is enabled by default, we can just create and push the image, we can actually try that, what do you think?

Regards!

— Reply to this email directly, view it on GitHub https://github.com/rojopolis/spellcheck-github-actions/pull/108#issuecomment-1206521846, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJMYNL6IEGPFIL6NP4TZU5TVXUQOJANCNFSM53TYMRYQ. You are receiving this because you were mentioned.

jonasbn commented 2 years ago

Hi @rojopolis

No no it's free, it might be enabled already. So together with @sxd I will do some experimentation and validation. So do not sweat it, I will ping you if we need you assistance.

Thanks

jonasbn commented 2 years ago

@sxd

I did a run on the PR.

If failed with the following:

#21 pushing layers 0.3s done
#21 ERROR: unexpected status: 403 Forbidden
------
 > exporting to image:
------
error: failed to solve: unexpected status: 403 Forbidden
Error: buildx failed with: error: failed to solve: unexpected status: 403 Forbidden

Ref: line 668 of the "Build container" step.

Any ideas?

jonasbn commented 2 years ago

@sxd

I found this older issue googling: docker/build-push-action/issues/463

It is the same diagnostics, so the suggested remedy might be the same.

sxd commented 2 years ago

@jonasbn I had to deal with that issue yesterday, it's about the permissions in the action like here https://github.com/cloudnative-pg/webtest/blob/main/.github/workflows/ci.yml#L15 I'm will go out for lunch in a couple of minutes and I'll get back to take a look! and check and fix it! never mind, just did it was quite fast :P

sxd commented 2 years ago

@jonasbn can you trigger the run again? I'll check it later :D

jonasbn commented 2 years ago

@sxd it is running now

REF: https://github.com/rojopolis/spellcheck-github-actions/runs/7695549439?check_suite_focus=true

jonasbn commented 2 years ago

@sxd same outcome:

Error: buildx failed with: error: failed to solve: unexpected status: 403 Forbidden
sxd commented 2 years ago

@jonasbn the permissions is not there for the packages :S https://github.com/rojopolis/spellcheck-github-actions/runs/7695549439?check_suite_focus=true#step:1:19 can you try again ? I pushed some small changes, but yes it's weird the permissions were not there

sxd commented 2 years ago

Same again is not even using the proper commit :S https://github.com/rojopolis/spellcheck-github-actions/runs/7695700457?check_suite_focus=true#step:2:138

sxd commented 2 years ago

@jonasbn weird, you can see that it's working here https://github.com/sxd/spellcheck-github-actions/actions/runs/2805064755 :S

jonasbn commented 2 years ago

@sxd I will get @rojopolis to help evaluate the settings based on the reference I located, I believe this will get it to work, I am still think this is related to permissions.

sxd commented 2 years ago

@jonasbn totally agree @rojopolis can you give @jonasbn admin permissions on the repo for a while at least so he can properly configure the repo?

rojopolis commented 2 years ago

@jonasbn totally agree @rojopolis can you give @jonasbn admin permissions on the repo for a while at least so he can properly configure the repo?

I don't believe I can because this repo doesn't belong to an Organization. https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-personal-account-settings/permission-levels-for-a-personal-account-repository#about-permissions-levels-for-a-personal-account-repository

rojopolis commented 2 years ago

@sxd @jonasbn Could this be the issue?

sxd commented 2 years ago

@rojopolis @jonasbn yes! probably that's the issue we faced the same a couple of weeks ago and now we throw the test using pull_request_target, so the package it's ok, it should fail since it's running in a forked repo, that will not change even if we change it in the PR. So, the only way to test this will be to change the CI to use pull_request_target first, instead of using pull_request