Migrate builds from Travis to Github Actions #839
Conversation
.github/workflows/ci-only.yaml
Outdated
| with: | ||
| fetch-depth: 1 | ||
| - | ||
| name: Get tags |
There was a problem hiding this comment.
IMHO The tag isn't required for builds / ci.
.github/workflows/ci-only.yaml
Outdated
| name: Local docker build (root image) | ||
| uses: docker/build-push-action@v2 | ||
| with: | ||
| context: . |
There was a problem hiding this comment.
Context + path can be dropped.
There was a problem hiding this comment.
Isn't there a new Dockerfile for this like Dockerfile.nonroot?
OK you are controlling it via --target release here -> https://github.com/openfaas/faas-cli/blob/master/build.sh
There was a problem hiding this comment.
@alexellis I'm controlling it with
with:
context: .
file: ./Dockerfile
target: releaseand
with:
context: .
file: ./Dockerfile
target: root
.github/workflows/ci-only.yaml
Outdated
| uses: docker/build-push-action@v2 | ||
| with: | ||
| context: . | ||
| file: ./Dockerfile |
There was a problem hiding this comment.
Does one of the file: ./Dockerfile options need to be the root/non-root Dockerfile?
There was a problem hiding this comment.
We can target just the non-root or the root docker image in CI, I just kept it here to be consistent with what we had in travis.yml
.github/workflows/publish.yaml
Outdated
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| asset_paths: '["./faas-cli*"]' |
There was a problem hiding this comment.
I would put the binaries into ./bin/
|
Closes #838 from @LucasRoesler |
.github/workflows/ci-only.yaml
Outdated
| - "*" | ||
| pull_request: | ||
| branches: | ||
| - "master" |
.github/workflows/ci-only.yaml
Outdated
| runs-on: ubuntu-latest | ||
| steps: | ||
| - | ||
| uses: actions/checkout@master |
There was a problem hiding this comment.
See the setup go action from openfaas/faas-netes#698
utsavanand2
force-pushed
the
github-actions
branch
5 times, most recently
from
72ce897
to
3e2d7e9
Compare
|
@alexellis I've resolved the above issues. Does this look like ready to be merged? |
utsavanand2
force-pushed
the
github-actions
branch
7 times, most recently
from
1074f36
to
87f9b74
Compare
|
Thank you for your contribution. I've just checked and your commit doesn't appear to be signed-off. That's something we need before your Pull Request can be merged. Please see our contributing guide. |
utsavanand2
force-pushed
the
github-actions
branch
3 times, most recently
from
b6b293f
to
29f69fb
Compare
.github/workflows/publish.yaml
Outdated
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.CR_PAT }} |
There was a problem hiding this comment.
why can't we use the default ${{ secrets.GITHUB_TOKEN }} i feel like we discussed it in the wednesday call, but I can't remember why
There was a problem hiding this comment.
For the record: me and Lucas tried it and later found out it doesn't work for forked repos.
https://docs.github.com/en/free-pro-team@latest/actions/reference/authentication-in-a-workflow#permissions-for-the-github_token
There was a problem hiding this comment.
If it's not convention then can we use DOCKER_PASSWORD as per all the other merged and released builds?
There was a problem hiding this comment.
Its a secret for Container Registry.
I have seen CR_PAT in the Github Docs, thought it would be better if we go with it. What do you think?
https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images#authenticating-with-the-container-registry
There was a problem hiding this comment.
How faas-netes worked https://github.com/openfaas/faas-netes/tree/master/.github/workflows
is CR_PAT something that works without me doing something on each repo?
There was a problem hiding this comment.
That link doesn't reference CR_PAT, is it the right link?
There was a problem hiding this comment.
Sorry I can see where CR_PAT is mentioned now. It's not a special variable and has no meaning to Github Actions - can you change to DOCKER_PASSWORD please?
utsavanand2
force-pushed
the
github-actions
branch
from
29f69fb
to
4ef030c
Compare
utsavanand2
force-pushed
the
github-actions
branch
from
4ef030c
to
7d6213a
Compare
.github/workflows/publish.yaml
Outdated
| REPO=${{ steps.get_repo_name.outputs.REPOSITORY_NAME }} | ||
| push: true | ||
| tags: | | ||
| ghcr.io/${{ steps.get_owner_name.outputs.OWNER_NAME }}/${{ steps.get_repo_name.outputs.REPOSITORY_NAME }}:${{ github.sha }} |
There was a problem hiding this comment.
I'm seeing a lot of duplication. Seems like this could be put into a similar variable and used again?
There was a problem hiding this comment.
Do you mean something like an ENV VAR?
There was a problem hiding this comment.
The same way you split the string in a step, construct the GHCR main image prefix once instead of 6+ times.
Dockerfile
Outdated
| ARG NS | ||
| ARG REPO | ||
|
|
||
| LABEL org.opencontainers.image.source https://github.com/$NS/$REPO |
There was a problem hiding this comment.
Does that string need to be split out?
There was a problem hiding this comment.
No it doesn't need to be split out. I'll put a = in between.
There was a problem hiding this comment.
Can we not inject the complete URL instead?
There was a problem hiding this comment.
If you mean injecting the whole org.opencontainers.image.source=https://github.com/$REPO into the Dockerfile with build args, then I think it's not possible. The Dockerfile expects two args in LABEL, I get a red squiggly line saying so.
There was a problem hiding this comment.
Okay I get it, by URL you mean this> #839 (comment)
.github/workflows/build.yaml
Outdated
| build-args: | | ||
| VERSION=latest-dev | ||
| GIT_COMMIT=${{ github.sha }} | ||
| NS=openfaas |
There was a problem hiding this comment.
Can't this be a single variable of GITHUB_REPOSITORY?
There was a problem hiding this comment.
Or whatever is the full path to the repo to inject in the special label?
There was a problem hiding this comment.
Yes we can get the GITHUB_URL into the build args. Sure!
.github/workflows/build.yaml
Outdated
| build-args: | | ||
| VERSION=latest-dev | ||
| GIT_COMMIT=${{ github.sha }} | ||
| NS=openfaas |
There was a problem hiding this comment.
utsavanand2
force-pushed
the
github-actions
branch
3 times, most recently
from
eebbaa9
to
bc88dc9
Compare
Fixes openfaas#838 Thanks to Lucas Roesler for his PR for buildx support openfaas#836 Signed-off-by: Utsav Anand <[email protected]>
utsavanand2
force-pushed
the
github-actions
branch
from
bc88dc9
to
25e83de
Compare
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
| - | ||
| name: Local docker build (non-root image) |
There was a problem hiding this comment.
Do this in a follow-up PR if you want, but we need to do a multi-arch build upon every commit, not just upon a release tag. This found issues in the past.
There was a problem hiding this comment.
I'll try to put up a PR by tonight to address this 👆
There was a problem hiding this comment.
@alexellis I've resolved it in a PR I've just put up
#843
Fixes #838
Issue #1585 for ref
Thanks to Lucas Roesler for his PR for buildx support #836
Signed-off-by: Utsav Anand [email protected]
Description
Motivation and Context
How Has This Been Tested?
Check out the
ci-onlybuildand the
publishbuildTypes of changes
Checklist:
git commit -s