Victor - thank you for your PR and Zoltan for your comments. On Fri, May 3, 2024 at 10:31 AM VICTOR MANUEL ROMERO RODRIGUEZ < victor.rom...@fintecheando.mx> wrote:
> James, > > I think that this option is also viable: > > "For Github Actions we can use a role account and attach the secrets to > your repository" > > At this point there are two options > > 1. Apache Infra has to add the secrets to the Apache Fineract repository > and then we can create/modify github actions for using the existing Jib > library. > This approach maintains the same consistent build but is a bit non-standard? The problem with option #2 is that there will be effectively two "builds" from the same source, and they won't match because the Jib library is in use by active dev teams on the project today. > 2. Merge the https://github.com/apache/fineract/pull/3879 to the develop > branch in order to allow Dockerhub to build/publish a new docker image. > This approach returns the project to a more standard approach? It does not require special action by Infra but creates a separate and potentially inconsistent build. > > Any other option or discussion about the solution for having an updated > Apache Fineract image published on Dockerhub is welcome. > agreed - last call for comments on which of these. I'm leaning toward the second because it requires no action by Infra and is the shortest path to getting a new image at DockerHUB. Todd- can you comment? > > Best regards > > Victor > > Regards > > Víctor Romero > > El vie, 3 may 2024 a las 8:56, James Dailey (<jdai...@apache.org>) > escribió: > >> As this relates to this thread but was over on infra users... >> >> >> ---------- Forwarded message --------- >> From: Gavin McDonald <gmcdon...@apache.org> >> Date: Sun, Feb 18, 2024 at 12:24 AM >> Subject: Re: Docker help >> To: James Dailey <jdai...@apache.org> >> Cc: Users <us...@infra.apache.org> >> >> >> Hi James. >> >> >> >> On Sun, Feb 18, 2024 at 3:00 AM James Dailey <jdai...@apache.org> wrote: >> >>> Infra - >>> >>> Can you confirm that we can use other processes to push to >>> apache DockerHUB? >>> >> >> Current supported methods are via Github Actions or Jenkins or locally >> via your own credentials. >> >> For Github Actions we can use a role account and attach the secrets to >> your repository, or you >> can provide your own secrets for us to add to your repository >> >> For Jenkins we have a role account that we provide access to push to your >> repository. >> >> Committers could also use a settings.xml with this plugin and use their >> own credentials, we just need >> to ensure they have push access to Dockerhub. >> >> There may also be other methods not explored. >> >> See also: >> https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#authentication-methods >> >> HTH >> >>> >>> When I opened a ticket about this, I was told we need a dockerfile at >>> the root. >>> >>> Can we use "jib-maven-plugin to publish the image to Dockerhub". ? Can >>> we get credentials ? >>> >>> James >>> >>> >>> ---------- Forwarded message --------- >>> From: Arnold Galovics <arn...@apache.org> >>> Date: Sun, Feb 11, 2024 at 10:45 PM >>> Subject: Re: Docker help >>> To: <dev@fineract.apache.org> >>> >>> >>> James, >>> >>> This is the out-of-the box solution from DockerHub which definitely >>> won't work without a Dockerfile. Though that doesn't mean it's the only way >>> to build a docker image; as I stated in my previous email. >>> >>> Best, >>> Arnold >>> >>> On Mon, Feb 12, 2024 at 7:43 AM James Dailey <jamespdai...@gmail.com> >>> wrote: >>> >>>> On DockerHUB the build fails because there is no dockerfile. >>>> https://hub.docker.com/r/apache/fineract >>>> >>>> 2024-02-08T13:12:27Z Building in Docker Cloud's infrastructure... >>>> 2024-02-08T13:12:28Z Cloning into '.'... >>>> 2024-02-08T13:12:28Z Warning: Permanently added the RSA host key for IP >>>> address '140.82.114.4' to the list of known hosts. >>>> 2024-02-08T13:12:48Z Reset branch 'develop' >>>> 2024-02-08T13:12:48Z Your branch is up to date with 'origin/develop'. >>>> 2024-02-08T13:12:48Z Dockerfile not found at ./Dockerfile >>>> >>>> >>>> Let's discuss on slack and revert back here. >>>> >>>> My intention is to either DELETE the DockerHUB repo or to get this >>>> working. >>>> >>>> >>>> >>>> >>>> >>>> On Sun, Feb 11, 2024 at 10:14 PM Arnold Galovics <arn...@apache.org> >>>> wrote: >>>> >>>>> Hi Zoltan, James, >>>>> >>>>> Just to reflect on your points: >>>>> 1) Let's not do such a radical change unless we absolutely need to >>>>> 2) I'm not sure what's the issue here, please explain. We already have >>>>> docker builds in our pipeline via GitHub Actions (using their runners), >>>>> the >>>>> only missing piece is to do a docker push. >>>>> >>>>> We need the credentials to be able to do a docker push, alter the >>>>> pipeline and that's all. >>>>> >>>>> If the only thing preventing us from doing this is to keep asking the >>>>> infra team for the creds, let's pursue them instead of making such an >>>>> unnecessary change. >>>>> >>>>> Arnold >>>>> >>>>> On Mon, Feb 12, 2024 at 3:30 AM James Dailey <jamespdai...@gmail.com> >>>>> wrote: >>>>> >>>>>> Thanks Zoltan >>>>>> >>>>>> Micheal - can you please comment on this discussion? As this relates >>>>>> to the Google deployment that you put in place? Question! >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> On Sun, Feb 11, 2024 at 6:27 PM Zoltan Mezei <zoltan.me...@zz-it.hu> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I think the real issue here is that we use GoogleContainerTools's >>>>>>> Jib as the build mechanism. It works entirely without a Dockerfile. And >>>>>>> unfortunately Dockerhub's Automated Builds doesn't support building >>>>>>> without >>>>>>> a Dockerfile. :-( >>>>>>> >>>>>>> We have two ways to move forward: >>>>>>> >>>>>>> 1. Replace the Jib build with a more traditional, Dockerfile-based >>>>>>> approach. This would be a quite large change of how Fineract is built >>>>>>> and >>>>>>> the consequences need to be explored - but it's definitely doable. >>>>>>> 2. Stick with the Jib build, but don't rely on Dockerhub's Automated >>>>>>> Builds, but some other build tools like jib-maven-plugin to publish the >>>>>>> image to Dockerhub. This could also work, but it requires a build server >>>>>>> that I'm not sure we have. >>>>>>> >>>>>>> I can try to create a traditional Dockerfile, but it will be >>>>>>> different from what Jib can produce, so this might lead to regressions. >>>>>>> >>>>>>> Want me to try this approach next week? >>>>>>> >>>>>>> Kind regards, >>>>>>> Zoltan >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Feb 11, 2024 at 8:16 AM James Dailey <jamespdai...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> Victor - my read of the docs is that the default “build rule “ >>>>>>>> points to master or main but we can also use dev. In fact that’s what >>>>>>>> is >>>>>>>> already there in dockerHUB for our project. >>>>>>>> >>>>>>>> I think a proper dockerfile in dev branch should be fine. >>>>>>>> >>>>>>>> Thanks >>>>>>>> James >>>>>>>> >>>>>>>> On Fri, Feb 9, 2024 at 7:47 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>>> >>>>>>>>> Reading the dockerhub docs, I think we can do the following: >>>>>>>>> >>>>>>>>> 1. Create a master branch from develop branch >>>>>>>>> 2. Add the Dockerfile (and some scripting on it for handling the >>>>>>>>> versions) on master branch >>>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>>> master branch >>>>>>>>> 4. Create github action for keeping in sync develop with master, >>>>>>>>> so then it will push the changes to the master branch everytime the >>>>>>>>> develop >>>>>>>>> branch has a commit on it, then the dockerhub will publish it as the >>>>>>>>> latest >>>>>>>>> version. >>>>>>>>> >>>>>>>>> Or... we can be more standard >>>>>>>>> >>>>>>>>> 1. Rename develop to master >>>>>>>>> 2. Add a Dockerfile template (and some scripting on it for >>>>>>>>> handling the versions) on master branch >>>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>>> master branch >>>>>>>>> 4. Everytime a new commit or tag is created, the dockerhub will >>>>>>>>> publish it as the latest/specific version. >>>>>>>>> >>>>>>>>> What do you think? >>>>>>>>> >>>>>>>>> Dockerhub automated builds info: >>>>>>>>> https://docs.docker.com/docker-hub/builds >>>>>>>>> >>>>>>>>> Regards >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> El vie, 9 feb 2024 a las 20:34, James Dailey (< >>>>>>>>> jamespdai...@gmail.com>) escribió: >>>>>>>>> >>>>>>>>>> Victor - I was trying to go down that path as well, as that is >>>>>>>>>> the error thrown and the suggestion at DockerHUB. However, to add >>>>>>>>>> the key >>>>>>>>>> to the git hub requires access and the git is controlled by Apache >>>>>>>>>> Infra. >>>>>>>>>> I asked infra@a.o. about that since, again, that is what >>>>>>>>>> DockerHUB had documented. Unfortunately, I think infra has it setup >>>>>>>>>> a >>>>>>>>>> specific way to allow all of the projects to publish to the Apache >>>>>>>>>> DockerHUB so that route would appear to be blocked. >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Fri, Feb 9, 2024 at 4:04 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>>>>> >>>>>>>>>>> For making it work without a Dockerfile the credentials of the >>>>>>>>>>> docker hub account are requiered. >>>>>>>>>>> >>>>>>>>>>> If they are set in the git repository, a github action can be >>>>>>>>>>> enabled for this task. >>>>>>>>>>> >>>>>>>>>>> Regards >>>>>>>>>>> >>>>>>>>>>> El vie., 9 de febrero de 2024 4:45 p. m., < >>>>>>>>>>> jamespdai...@gmail.com> escribió: >>>>>>>>>>> >>>>>>>>>>>> I've re-opened >>>>>>>>>>>> https://issues.apache.org/jira/browse/FINERACT-1164 >>>>>>>>>>>> >>>>>>>>>>>> This ticket is to enable the build at DockerHUB to work. For >>>>>>>>>>>> the past two years ++ the Build has failed. >>>>>>>>>>>> >>>>>>>>>>>> https://hub.docker.com/r/apache/fineract >>>>>>>>>>>> This docker account is held by Apache and the Fineract project >>>>>>>>>>>> is responsible for the content. >>>>>>>>>>>> >>>>>>>>>>>> The dockerHUB has an "auto build" concept so that every >>>>>>>>>>>> committed change on Dev leads to a new deployment. >>>>>>>>>>>> >>>>>>>>>>>> The build is actually failing or not running because we >>>>>>>>>>>> have removed the dockerbuild file from the root. That is as far >>>>>>>>>>>> as I've >>>>>>>>>>>> gotten. I suspect we had good reasons for that at the time. >>>>>>>>>>>> >>>>>>>>>>>> Anyway, I would also say that if we cannot get the Docker build >>>>>>>>>>>> to work THEN we should take this down. Our standard is to only >>>>>>>>>>>> support and >>>>>>>>>>>> distribute publicly the last two releases. This build is really >>>>>>>>>>>> old, has >>>>>>>>>>>> unfixed CVEs, and is being downloaded in large numbers. (no idea >>>>>>>>>>>> why) >>>>>>>>>>>> >>>>>>>>>>>> Thanks >>>>>>>>>>>> James >>>>>>>>>>>> >>>>>>>>>>> >> >> -- >> >> >> *Gavin McDonald - * >> Systems Administrator, ASF Infrastructure Team >> V.P Travel Assistance Committee >> >> https://tac.apache.org - Applications now open for Community Over Code >> 2024 >> in Bratislava, Slovakia. Don't delay, apply today! >> >>