-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate builds from Travis to Github Actions #839
Conversation
.github/workflows/ci-only.yaml
Outdated
with: | ||
fetch-depth: 1 | ||
- | ||
name: Get tags |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO The tag isn't required for builds / ci.
.github/workflows/ci-only.yaml
Outdated
name: Local docker build (root image) | ||
uses: docker/build-push-action@v2 | ||
with: | ||
context: . |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Context + path can be dropped.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Isn't there a new Dockerfile for this like Dockerfile.nonroot?
OK you are controlling it via --target release
here -> https://github.com/openfaas/faas-cli/blob/master/build.sh
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexellis I'm controlling it with
with:
context: .
file: ./Dockerfile
target: release
and
with:
context: .
file: ./Dockerfile
target: root
.github/workflows/ci-only.yaml
Outdated
uses: docker/build-push-action@v2 | ||
with: | ||
context: . | ||
file: ./Dockerfile |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does one of the file: ./Dockerfile
options need to be the root/non-root Dockerfile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can target just the non-root or the root docker image in CI, I just kept it here to be consistent with what we had in travis.yml
.github/workflows/publish.yaml
Outdated
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
with: | ||
asset_paths: '["./faas-cli*"]' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would put the binaries into ./bin/
Closes #838 from @LucasRoesler |
.github/workflows/ci-only.yaml
Outdated
- "*" | ||
pull_request: | ||
branches: | ||
- "master" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be on *
also?
.github/workflows/ci-only.yaml
Outdated
runs-on: ubuntu-latest | ||
steps: | ||
- | ||
uses: actions/checkout@master |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See the setup go action from openfaas/faas-netes#698
72ce897
to
3e2d7e9
Compare
@alexellis I've resolved the above issues. Does this look like ready to be merged? |
1074f36
to
87f9b74
Compare
Thank you for your contribution. I've just checked and your commit doesn't appear to be signed-off. That's something we need before your Pull Request can be merged. Please see our contributing guide. |
b6b293f
to
29f69fb
Compare
.github/workflows/publish.yaml
Outdated
with: | ||
registry: ghcr.io | ||
username: ${{ github.repository_owner }} | ||
password: ${{ secrets.CR_PAT }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why can't we use the default ${{ secrets.GITHUB_TOKEN }}
i feel like we discussed it in the wednesday call, but I can't remember why
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For the record: me and Lucas tried it and later found out it doesn't work for forked repos.
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So what is CR_PAT
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If it's not convention then can we use DOCKER_PASSWORD
as per all the other merged and released builds?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Its a secret for Container Registry.
I have seen CR_PAT in the Github Docs, thought it would be better if we go with it. What do you think?
https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How faas-netes worked https://github.com/openfaas/faas-netes/tree/master/.github/workflows
is CR_PAT something that works without me doing something on each repo?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That link doesn't reference CR_PAT
, is it the right link?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I can see where CR_PAT
is mentioned now. It's not a special variable and has no meaning to Github Actions - can you change to DOCKER_PASSWORD
please?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure!
29f69fb
to
4ef030c
Compare
4ef030c
to
7d6213a
Compare
.github/workflows/publish.yaml
Outdated
REPO=${{ steps.get_repo_name.outputs.REPOSITORY_NAME }} | ||
push: true | ||
tags: | | ||
ghcr.io/${{ steps.get_owner_name.outputs.OWNER_NAME }}/${{ steps.get_repo_name.outputs.REPOSITORY_NAME }}:${{ github.sha }} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm seeing a lot of duplication. Seems like this could be put into a similar variable and used again?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you mean something like an ENV VAR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same way you split the string in a step, construct the GHCR main image prefix once instead of 6+ times.
Dockerfile
Outdated
ARG NS | ||
ARG REPO | ||
|
||
LABEL org.opencontainers.image.source https://github.com/$NS/$REPO |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does that string need to be split out?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No it doesn't need to be split out. I'll put a =
in between.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we not inject the complete URL instead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay I get it, by URL you mean this> #839 (comment)
.github/workflows/build.yaml
Outdated
build-args: | | ||
VERSION=latest-dev | ||
GIT_COMMIT=${{ github.sha }} | ||
NS=openfaas |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can't this be a single variable of GITHUB_REPOSITORY
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or whatever is the full path to the repo to inject in the special label?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes we can get the GITHUB_URL into the build args. Sure!
.github/workflows/build.yaml
Outdated
build-args: | | ||
VERSION=latest-dev | ||
GIT_COMMIT=${{ github.sha }} | ||
NS=openfaas |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Changed requested please. What do you say to aiming to have everything ready for a merge on Weds?
eebbaa9
to
bc88dc9
Compare
Fixes openfaas#838 Thanks to Lucas Roesler for his PR for buildx support openfaas#836 Signed-off-by: Utsav Anand <[email protected]>
bc88dc9
to
25e83de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Your IMAGE_PREFIX
is much easier to follow than the duplicated strings. Thank you for working on this.
name: Set up Docker Buildx | ||
uses: docker/setup-buildx-action@v1 | ||
- | ||
name: Local docker build (non-root image) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do this in a follow-up PR if you want, but we need to do a multi-arch build upon every commit, not just upon a release tag. This found issues in the past.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll try to put up a PR by tonight to address this 👆
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@alexellis I've resolved it in a PR I've just put up
#843
Fixes #838
Issue #1585 for ref
Thanks to Lucas Roesler for his PR for buildx support #836
Signed-off-by: Utsav Anand [email protected]
Description
Motivation and Context
How Has This Been Tested?
Check out the
ci-only
buildand the
publish
buildTypes of changes
Checklist:
git commit -s