James, I think that this option is also viable:
"For Github Actions we can use a role account and attach the secrets to your repository" At this point there are two options 1. Apache Infra has to add the secrets to the Apache Fineract repository and then we can create/modify github actions for using the existing Jib library. 2. Merge the https://github.com/apache/fineract/pull/3879 to the develop branch in order to allow Dockerhub to build/publish a new docker image. Any other option or discussion about the solution for having an updated Apache Fineract image published on Dockerhub is welcome. Best regards Victor Regards Víctor Romero El vie, 3 may 2024 a las 8:56, James Dailey (<jdai...@apache.org>) escribió: > As this relates to this thread but was over on infra users... > > > ---------- Forwarded message --------- > From: Gavin McDonald <gmcdon...@apache.org> > Date: Sun, Feb 18, 2024 at 12:24 AM > Subject: Re: Docker help > To: James Dailey <jdai...@apache.org> > Cc: Users <us...@infra.apache.org> > > > Hi James. > > > > On Sun, Feb 18, 2024 at 3:00 AM James Dailey <jdai...@apache.org> wrote: > >> Infra - >> >> Can you confirm that we can use other processes to push to >> apache DockerHUB? >> > > Current supported methods are via Github Actions or Jenkins or locally via > your own credentials. > > For Github Actions we can use a role account and attach the secrets to > your repository, or you > can provide your own secrets for us to add to your repository > > For Jenkins we have a role account that we provide access to push to your > repository. > > Committers could also use a settings.xml with this plugin and use their > own credentials, we just need > to ensure they have push access to Dockerhub. > > There may also be other methods not explored. > > See also: > https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#authentication-methods > > HTH > >> >> When I opened a ticket about this, I was told we need a dockerfile at the >> root. >> >> Can we use "jib-maven-plugin to publish the image to Dockerhub". ? Can >> we get credentials ? >> >> James >> >> >> ---------- Forwarded message --------- >> From: Arnold Galovics <arn...@apache.org> >> Date: Sun, Feb 11, 2024 at 10:45 PM >> Subject: Re: Docker help >> To: <dev@fineract.apache.org> >> >> >> James, >> >> This is the out-of-the box solution from DockerHub which definitely won't >> work without a Dockerfile. Though that doesn't mean it's the only way to >> build a docker image; as I stated in my previous email. >> >> Best, >> Arnold >> >> On Mon, Feb 12, 2024 at 7:43 AM James Dailey <jamespdai...@gmail.com> >> wrote: >> >>> On DockerHUB the build fails because there is no dockerfile. >>> https://hub.docker.com/r/apache/fineract >>> >>> 2024-02-08T13:12:27Z Building in Docker Cloud's infrastructure... >>> 2024-02-08T13:12:28Z Cloning into '.'... >>> 2024-02-08T13:12:28Z Warning: Permanently added the RSA host key for IP >>> address '140.82.114.4' to the list of known hosts. >>> 2024-02-08T13:12:48Z Reset branch 'develop' >>> 2024-02-08T13:12:48Z Your branch is up to date with 'origin/develop'. >>> 2024-02-08T13:12:48Z Dockerfile not found at ./Dockerfile >>> >>> >>> Let's discuss on slack and revert back here. >>> >>> My intention is to either DELETE the DockerHUB repo or to get this >>> working. >>> >>> >>> >>> >>> >>> On Sun, Feb 11, 2024 at 10:14 PM Arnold Galovics <arn...@apache.org> >>> wrote: >>> >>>> Hi Zoltan, James, >>>> >>>> Just to reflect on your points: >>>> 1) Let's not do such a radical change unless we absolutely need to >>>> 2) I'm not sure what's the issue here, please explain. We already have >>>> docker builds in our pipeline via GitHub Actions (using their runners), the >>>> only missing piece is to do a docker push. >>>> >>>> We need the credentials to be able to do a docker push, alter the >>>> pipeline and that's all. >>>> >>>> If the only thing preventing us from doing this is to keep asking the >>>> infra team for the creds, let's pursue them instead of making such an >>>> unnecessary change. >>>> >>>> Arnold >>>> >>>> On Mon, Feb 12, 2024 at 3:30 AM James Dailey <jamespdai...@gmail.com> >>>> wrote: >>>> >>>>> Thanks Zoltan >>>>> >>>>> Micheal - can you please comment on this discussion? As this relates >>>>> to the Google deployment that you put in place? Question! >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> On Sun, Feb 11, 2024 at 6:27 PM Zoltan Mezei <zoltan.me...@zz-it.hu> >>>>> wrote: >>>>> >>>>>> Hi, >>>>>> >>>>>> I think the real issue here is that we use GoogleContainerTools's Jib >>>>>> as the build mechanism. It works entirely without a Dockerfile. And >>>>>> unfortunately Dockerhub's Automated Builds doesn't support building >>>>>> without >>>>>> a Dockerfile. :-( >>>>>> >>>>>> We have two ways to move forward: >>>>>> >>>>>> 1. Replace the Jib build with a more traditional, Dockerfile-based >>>>>> approach. This would be a quite large change of how Fineract is built and >>>>>> the consequences need to be explored - but it's definitely doable. >>>>>> 2. Stick with the Jib build, but don't rely on Dockerhub's Automated >>>>>> Builds, but some other build tools like jib-maven-plugin to publish the >>>>>> image to Dockerhub. This could also work, but it requires a build server >>>>>> that I'm not sure we have. >>>>>> >>>>>> I can try to create a traditional Dockerfile, but it will be >>>>>> different from what Jib can produce, so this might lead to regressions. >>>>>> >>>>>> Want me to try this approach next week? >>>>>> >>>>>> Kind regards, >>>>>> Zoltan >>>>>> >>>>>> >>>>>> >>>>>> On Sun, Feb 11, 2024 at 8:16 AM James Dailey <jamespdai...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> Victor - my read of the docs is that the default “build rule “ >>>>>>> points to master or main but we can also use dev. In fact that’s what is >>>>>>> already there in dockerHUB for our project. >>>>>>> >>>>>>> I think a proper dockerfile in dev branch should be fine. >>>>>>> >>>>>>> Thanks >>>>>>> James >>>>>>> >>>>>>> On Fri, Feb 9, 2024 at 7:47 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>> >>>>>>>> Reading the dockerhub docs, I think we can do the following: >>>>>>>> >>>>>>>> 1. Create a master branch from develop branch >>>>>>>> 2. Add the Dockerfile (and some scripting on it for handling the >>>>>>>> versions) on master branch >>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>> master branch >>>>>>>> 4. Create github action for keeping in sync develop with master, so >>>>>>>> then it will push the changes to the master branch everytime the >>>>>>>> develop >>>>>>>> branch has a commit on it, then the dockerhub will publish it as the >>>>>>>> latest >>>>>>>> version. >>>>>>>> >>>>>>>> Or... we can be more standard >>>>>>>> >>>>>>>> 1. Rename develop to master >>>>>>>> 2. Add a Dockerfile template (and some scripting on it for handling >>>>>>>> the versions) on master branch >>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>> master branch >>>>>>>> 4. Everytime a new commit or tag is created, the dockerhub will >>>>>>>> publish it as the latest/specific version. >>>>>>>> >>>>>>>> What do you think? >>>>>>>> >>>>>>>> Dockerhub automated builds info: >>>>>>>> https://docs.docker.com/docker-hub/builds >>>>>>>> >>>>>>>> Regards >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> El vie, 9 feb 2024 a las 20:34, James Dailey (< >>>>>>>> jamespdai...@gmail.com>) escribió: >>>>>>>> >>>>>>>>> Victor - I was trying to go down that path as well, as that is the >>>>>>>>> error thrown and the suggestion at DockerHUB. However, to add the >>>>>>>>> key to >>>>>>>>> the git hub requires access and the git is controlled by Apache >>>>>>>>> Infra. I >>>>>>>>> asked infra@a.o. about that since, again, that is what >>>>>>>>> DockerHUB had documented. Unfortunately, I think infra has it setup a >>>>>>>>> specific way to allow all of the projects to publish to the Apache >>>>>>>>> DockerHUB so that route would appear to be blocked. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Fri, Feb 9, 2024 at 4:04 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>>>> >>>>>>>>>> For making it work without a Dockerfile the credentials of the >>>>>>>>>> docker hub account are requiered. >>>>>>>>>> >>>>>>>>>> If they are set in the git repository, a github action can be >>>>>>>>>> enabled for this task. >>>>>>>>>> >>>>>>>>>> Regards >>>>>>>>>> >>>>>>>>>> El vie., 9 de febrero de 2024 4:45 p. m., <jamespdai...@gmail.com> >>>>>>>>>> escribió: >>>>>>>>>> >>>>>>>>>>> I've re-opened >>>>>>>>>>> https://issues.apache.org/jira/browse/FINERACT-1164 >>>>>>>>>>> >>>>>>>>>>> This ticket is to enable the build at DockerHUB to work. For >>>>>>>>>>> the past two years ++ the Build has failed. >>>>>>>>>>> >>>>>>>>>>> https://hub.docker.com/r/apache/fineract >>>>>>>>>>> This docker account is held by Apache and the Fineract project >>>>>>>>>>> is responsible for the content. >>>>>>>>>>> >>>>>>>>>>> The dockerHUB has an "auto build" concept so that every >>>>>>>>>>> committed change on Dev leads to a new deployment. >>>>>>>>>>> >>>>>>>>>>> The build is actually failing or not running because we >>>>>>>>>>> have removed the dockerbuild file from the root. That is as far as >>>>>>>>>>> I've >>>>>>>>>>> gotten. I suspect we had good reasons for that at the time. >>>>>>>>>>> >>>>>>>>>>> Anyway, I would also say that if we cannot get the Docker build >>>>>>>>>>> to work THEN we should take this down. Our standard is to only >>>>>>>>>>> support and >>>>>>>>>>> distribute publicly the last two releases. This build is really >>>>>>>>>>> old, has >>>>>>>>>>> unfixed CVEs, and is being downloaded in large numbers. (no idea >>>>>>>>>>> why) >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> James >>>>>>>>>>> >>>>>>>>>> > > -- > > > *Gavin McDonald - * > Systems Administrator, ASF Infrastructure Team > V.P Travel Assistance Committee > > https://tac.apache.org - Applications now open for Community Over Code > 2024 > in Bratislava, Slovakia. Don't delay, apply today! > >
