From 120cd34989f0b1aae55fa84b6a353b19b3ef7bec Mon Sep 17 00:00:00 2001 From: Dimitri Huisman Date: Thu, 16 Mar 2023 17:38:25 +0000 Subject: [PATCH] Switch the container registry used for deploying images from docker to ghcr.io (github). Images are now first build with '-build' appended to the tag. E.g. ghcr.io/mailu/admin:master-build. This is to prevent the image being available before automatic testing has completed. In the deploy job, the final image is pushed (this still works the same). Update setup & documentation for switch to ghcr.io --- .github/workflows/arm.yml | 14 +------ .github/workflows/build_test_deploy.yml | 50 ++++++++++++++---------- .github/workflows/x64.yml | 16 ++------ docs/contributors/environment.rst | 8 ++-- setup/flavors/compose/docker-compose.yml | 22 +++++------ 5 files changed, 50 insertions(+), 60 deletions(-) diff --git a/.github/workflows/arm.yml b/.github/workflows/arm.yml index 1240c630..fc24fbe9 100644 --- a/.github/workflows/arm.yml +++ b/.github/workflows/arm.yml @@ -7,20 +7,10 @@ on: concurrency: ci-arm-${{ github.ref }} -############################################### -# REQUIRED secrets -# ${{ secrets.Docker_Login }} -# Username of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS -# ${{ secrets.Docker_Password }} -# Password of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS -# Add the above secrets to your github repo to determine where the images will be pushed. -################################################ # REQUIRED global variables -# DOCKER_ORG, docker org used for pushing release images (branch x.y and master) -# DOCKER_ORG_TEST, docker org used for pushing images for testing (branch testing). +# DOCKER_ORG, docker org used for pushing images. env: - DOCKER_ORG: mailu - DOCKER_ORG_TEST: mailuci + DOCKER_ORG: ghcr.io/mailu jobs: # This job calculates all global job variables that are required by all the subsequent jobs. diff --git a/.github/workflows/build_test_deploy.yml b/.github/workflows/build_test_deploy.yml index a7eb4e85..d804adb0 100644 --- a/.github/workflows/build_test_deploy.yml +++ b/.github/workflows/build_test_deploy.yml @@ -1,3 +1,11 @@ +############################################### +# REQUIRED secrets +# ${{ secrets.Docker_Login }} +# Username of docker login for logging in docker for pulling images (higher pull rate limit) +# ${{ secrets.Docker_Password }} +# Password of docker login for logging in docker for pulling images (higher pull rate limit) +################################################ + name: build-test-deploy on: workflow_call: @@ -16,7 +24,7 @@ on: required: true type: string docker_org: - description: 'The docker organisation where the images are pushed to.' + description: 'The docker organisation where the images are pushed to. E.g. ghcr.io/mailu' required: true type: string branch: @@ -24,7 +32,7 @@ on: required: true type: string deploy: - description: Deploy to docker hub. Happens for all branches but staging. Use string true or false. + description: Deploy to container registry. Happens for all branches but staging. Use string true or false. default: true required: false type: string @@ -50,7 +58,7 @@ on: required: true type: string docker_org: - description: 'The docker organisation where the images are pushed to.' + description: 'The docker organisation where the images are pushed to. E.g. ghcr.io/mailu' required: true type: string branch: @@ -58,7 +66,7 @@ on: required: true type: string deploy: - description: Deploy to docker hub. Happens for all branches but staging. Use string true or false. + description: Deploy to container registry. Happens for all branches but staging. Use string true or false. default: true required: false type: string @@ -250,8 +258,8 @@ jobs: - name: Build all docker images env: DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} - MAILU_VERSION: ${{ env.MAILU_VERSION }} - PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} + MAILU_VERSION: ${{ env.MAILU_VERSION }}-build + PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build uses: docker/bake-action@v2 with: files: ${{env.HCL_FILE}} @@ -313,8 +321,8 @@ jobs: - name: Build all docker images env: DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} - MAILU_VERSION: ${{ env.MAILU_VERSION }} - PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} + MAILU_VERSION: ${{ env.MAILU_VERSION }}-build + PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build uses: docker/bake-action@v2 with: files: ${{env.HCL_FILE}} @@ -381,8 +389,8 @@ jobs: run: python tests/compose/test.py ${{ matrix.target }} ${{ matrix.time }} env: DOCKER_ORG: ghcr.io/${{ steps.string.outputs.lowercase }} - MAILU_VERSION: ${{ env.MAILU_VERSION }} - PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }} + MAILU_VERSION: ${{ env.MAILU_VERSION }}-build + PINNED_MAILU_VERSION: ${{ env.PINNED_MAILU_VERSION }}-build deploy: name: Deploy images @@ -409,17 +417,18 @@ jobs: - uses: crazy-max/ghaction-github-runtime@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Login to Docker Hub + - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - username: ${{ secrets.Docker_Login }} - password: ${{ secrets.Docker_Password }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Helper to convert docker org to lowercase id: string uses: ASzc/change-string-case-action@v5 with: string: ${{ github.repository_owner }} - - name: Push image to Docker + - name: Push image to Github (ghcr.io) shell: bash run: | if [ '${{ env.MAILU_VERSION }}' == 'master' ]; then pinned_mailu_version='master'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi; @@ -427,7 +436,7 @@ jobs: --tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \ - ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} + ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }}-build deploy-arm: name: Deploy images for arm @@ -454,17 +463,18 @@ jobs: - uses: crazy-max/ghaction-github-runtime@v2 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Login to Docker Hub + - name: Login to GitHub Container Registry uses: docker/login-action@v2 with: - username: ${{ secrets.Docker_Login }} - password: ${{ secrets.Docker_Password }} + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Helper to convert docker org to lowercase id: string uses: ASzc/change-string-case-action@v5 with: string: ${{ github.repository_owner }} - - name: Push image to Docker + - name: Push image to Github (ghcr.io) shell: bash run: | if [ '${{ env.MAILU_VERSION }}' == 'master-arm' ]; then pinned_mailu_version='master-arm'; else pinned_mailu_version=${{ env.PINNED_MAILU_VERSION}}; fi; @@ -472,7 +482,7 @@ jobs: --tag ${{ inputs.docker_org }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:$pinned_mailu_version \ --tag ${{ inputs.docker_org }}/${{ matrix.target }}:latest \ - ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }} + ghcr.io/${{ steps.string.outputs.lowercase }}/${{ matrix.target }}:${{ env.MAILU_VERSION }}-build #This job creates a tagged release. A tag is created for the pinned version x.y.z. The GH release refers to this tag. tag-release: diff --git a/.github/workflows/x64.yml b/.github/workflows/x64.yml index 97b6beac..8a47b6a7 100644 --- a/.github/workflows/x64.yml +++ b/.github/workflows/x64.yml @@ -9,20 +9,10 @@ on: concurrency: ci-x64-${{ github.ref }} -############################################### -# REQUIRED secrets -# ${{ secrets.Docker_Login }} -# Username of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS -# ${{ secrets.Docker_Password }} -# Password of docker login for pushing the images to repo env.DOCKER_ORG and env.DOCKER_ORG_TESTS -# Add the above secrets to your github repo to determine where the images will be pushed. -################################################ # REQUIRED global variables -# DOCKER_ORG, docker org used for pushing release images (branch x.y and master) -# DOCKER_ORG_TEST, docker org used for pushing images for testing (branch testing). +# DOCKER_ORG, docker org used for pushing images. env: - DOCKER_ORG: mailu - DOCKER_ORG_TEST: mailuci + DOCKER_ORG: ghcr.io/mailu jobs: # This job calculates all global job variables that are required by all the subsequent jobs. @@ -55,7 +45,7 @@ jobs: run: | echo "MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV echo "PINNED_MAILU_VERSION=pr-${COMMIT_MESSAGE//[!0-9]/}" >> $GITHUB_ENV - echo "DOCKER_ORG_DERIVED=${{ env.DOCKER_ORG_TEST }}" >> $GITHUB_ENV + echo "DOCKER_ORG_DERIVED=${{ env.DOCKER_ORG }}" >> $GITHUB_ENV echo "DEPLOY=true" >> $GITHUB_ENV echo "RELEASE=false" >> $GITHUB_ENV - name: Derive MAILU_VERSION and DEPLOY/RELEASE for other branches than testing diff --git a/docs/contributors/environment.rst b/docs/contributors/environment.rst index d1b26787..c37e250f 100644 --- a/docs/contributors/environment.rst +++ b/docs/contributors/environment.rst @@ -116,7 +116,7 @@ After cloning the git repository to your workstation, you can build the images: The ``build.hcl`` file has three variables: -#. ``$DOCKER_ORG``: First part of the image tag. Defaults to *mailu* and needs to be changed +#. ``$DOCKER_ORG``: First part of the image tag. Defaults to *ghcr.io/mailu* and needs to be changed only when pushing to your own Docker hub account. #. ``$MAILU_VERSION``: Last part of the image tag. Defaults to *local* to differentiate from pulled images. @@ -206,14 +206,14 @@ Test images All PR's automatically get build by a Github Action workflow, controlled by `bors-ng`_. Some primitive auto testing is done. -The resulting images get uploaded to Docker hub, under the -tag name ``mailuci/:pr-``. +The resulting images get uploaded to the Github container registry, under the +tag name ``ghcr.io/mailu/:pr-``. For example, to test PR #500 against master, reviewers can use: .. code-block:: bash - export DOCKER_ORG="mailuci" + export DOCKER_ORG="ghcr.io/mailu" export MAILU_VERSION="pr-500" docker compose pull docker compose up -d diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 3ca8236a..b4ba66cb 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -22,7 +22,7 @@ services: # Core services front: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} logging: @@ -49,7 +49,7 @@ services: - {{ dns }} resolver: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-{{ version }}} env_file: {{ env }} restart: always networks: @@ -58,7 +58,7 @@ services: {% endif %} admin: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} {% if not admin_enabled %} @@ -77,7 +77,7 @@ services: {% endif %} imap: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: @@ -92,7 +92,7 @@ services: {% endif %} smtp: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: @@ -108,7 +108,7 @@ services: {% if oletools_enabled %} oletools: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-{{ version }}} hostname: oletools restart: always networks: @@ -122,7 +122,7 @@ services: {% endif %} antispam: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}} hostname: antispam restart: always env_file: {{ env }} @@ -152,7 +152,7 @@ services: # Optional services {% if antivirus_enabled %} antivirus: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}clamav:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: @@ -167,7 +167,7 @@ services: {% if webdav_enabled %} webdav: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}radicale:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: @@ -178,7 +178,7 @@ services: {% if fetchmail_enabled %} fetchmail: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: @@ -197,7 +197,7 @@ services: # Webmail {% if webmail_type != 'none' %} webmail: - image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-{{ version }}} + image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-{{ version }}} restart: always env_file: {{ env }} volumes: