uclahs-cds / tool-Docker-action

An Action to automatically build and push images to the GitHub Container registry. Includes automatic building of images for development.
GNU General Public License v2.0
0 stars 0 forks source link

Build all branches, delete image versions when branches/tags are deleted #14

Closed nwiltsie closed 4 months ago

nwiltsie commented 4 months ago

Description

This is a major overhaul of this Action, intended to be released as v2.0.0 (see plan from #12). The gist of these changes is that the Action manages the full lifecycle of images in GHCR: it will now build and deploy images for all branches of the repository, as well as all SemVer tags. When a branch or tag is deleted from GitHub, the corresponding image version is deleted from the container registry. (That is #13, but I'm not going to close that issue until the refactor-base branch is merged back into main).

The git SemVer tag v1.2.3 will result in the docker version 1.2.3 (note the lack of v).

The git branch foobar will result in the docker version branch-foobar. The one exception to this behavior is that the main branch will map to dev - that's in line with the current behavior of this Action.

[!NOTE]
The default branch name is hard-coded as main. docker/metadata-action has an {{is_default_branch}} expression, but unfortunately there is currently no way to negate it.

Testing

I tested this Action with a fresh repository - the assorted runs can be seen here. The example workflow in the README sets the run-name to a useful value:

Screenshot 2024-06-24 at 12 00 26 PM

Individual workflow runs will emit annotations linking to the newly-created or deleted image versions:

Screenshot 2024-06-24 at 12 00 43 PM Screenshot 2024-06-24 at 12 00 58 PM

Errata

Checklist

yashpatel6 commented 4 months ago

I'll get to this in the next couple of days!

aholmes commented 4 months ago

thought (non-blocking):

The git branch foobar will result in the docker version branch-foobar. The one exception to this behavior is that the main branch will map to dev - that's in line with the current behavior of this Action.

Cool - though not directly relevant to this PR, dev also fits the Python version specifier format which can make this flow nicely with related PyPI packages.

note (non-blocking):

Note

The default branch name is hard-coded as main. docker/metadata-action has an {{is_default_branch}} expression, but unfortunately there is currently no way to negate it.

I didn't check to see if you're doing something to get around this, but here's a suggestion. In BL_Python there are several outputs from jobs that are used in later jobs. For example, here's how I create the cache key in the initial checkout that is then referenced by all subsequent jobs. You can similarly negate the value of is_default_branch in a script and output that value for later use.

aholmes commented 4 months ago

question (non-blocking):

The one exception to this behavior is that the main branch will map to dev

Though we have typically avoided using it, thoughts on updating the latest tag (in addition?) ?

nwiltsie commented 4 months ago

You can similarly negate the value of is_default_branch in a script and output that value for later use.

Unfortunately it's not a variable is_default_branch, it's a Handlebars template {{is_default_branch}} that is only evaluated within the docker tags action, so I don't think it can be cached anywhere. The logic isn't too complicated but it felt like too much to replicate for this PR.

Though we have typically avoided using it, thoughts on updating the latest tag (in addition?) ?

I don't think we shouldn't have both dev and latest pointing to the same version. Given that, and assuming we keep dev, I guess latest would point to the highest official release? I don't like latest in general for exactly this ambiguity, but I'm open to the discussion.

aholmes commented 4 months ago

Though we have typically avoided using it, thoughts on updating the latest tag (in addition?) ?

I don't think we shouldn't have both dev and latest pointing to the same version. Given that, and assuming we keep dev, I guess latest would point to the highest official release? I don't like latest in general for exactly this ambiguity, but I'm open to the discussion.

I share your concern, and see the utility in latest. However, given that we have typically avoided its use, and coming SOPs are stricter about dependencies, we should probably continue to not use latest.