Publish dockerized Community Web App on Docker Hub

Question

Publish dockerized Community Web App on Docker Hub

vorburger opened this issue 5 years ago · comments

Once #3106 contributes a Dockerfile which can deliver a containerized (AKA dockerized) community app, it would be nice to have it available (via CI/CD, not manually pushed) on https://hub.docker.com.

I can see that there is a https://hub.docker.com/u/mifos, but given that this is https://github.com/openMF/community-app/, IMHO it would be clearer to have https://hub.docker.com/u/openmf - so I just created that. I'm very happy to add anyone else as Admins to that Docker Hub Org - perhaps @ShruthiRajaram @awasum @vishwasbabu @edcable you would like to be added? Just reply here with your Docker Hub UID.

Michael Vorburger · Answer 1 · Thu Jul 11 2019 16:16:00 GMT+0800 (China Standard Time)

So, if I understand things correctly, on Docker Hub you have to give a user account (your main personal account or a new bot service GitHub account) full read/write acess to everything that user has, on GitHub - according to e.g. docker/hub-feedback#552, docker/hub-feedback#873, docker/hub-feedback#967 ... and https://docs.docker.com/docker-hub/builds/link-source/#grant-access-to-a-github-organization and https://docs.docker.com/docker-hub/builds/#service-users-for-team-autobuilds ...

Now, there's no way I'm adding @vorburger to Docker Hub (they've had breaches in the past). So either we create a new GitHub account just for this purpose and link that up (and share it's login with a trusted set of people), or ... use an alterative container registry, like https://quay.io if that's less of a PITA?

Michael Vorburger · Answer 2 · Thu Jul 11 2019 16:27:55 GMT+0800 (China Standard Time)

use an alterative container registry, like https://quay.io if that's less of a PITA?

no, it's the same - it also wants t ohave read and write to EVERYTHING on a GitHub accout - how dumb.

I'll just create a new GitHub user account, only for this purpose.

Michael Vorburger · Answer 3 · Sat Aug 10 2019 05:01:23 GMT+0800 (China Standard Time)

As per https://developer.github.com/v3/guides/managing-deploy-keys/#machine-users, I've just created https://github.com/mifos-bot for this purpose, and invited it to this repo.

Michael Vorburger · Answer 4 · Sat Aug 10 2019 05:12:52 GMT+0800 (China Standard Time)

"Your account has been flagged. Because of that, your profile is hidden from the public. If you believe this is a mistake, contact support to have your account status reviewed."

I've just done so (contacted GitHub Support Ticket ID: 343929, let's see).

BTW: I'll likely also re-use this as a service account for https://github.com/apache/fineract/, e.g. to hook it up to Google Cloud Source Repository and Container Registry.

Michael Vorburger · Answer 5 · Tue Aug 27 2019 03:04:02 GMT+0800 (China Standard Time)

I've just done so (contacted GitHub Support Ticket ID: 343929, let's see).

GitHub Support has unlocked https://github.com/mifos-bot, and it's now a regular account.

I've added @mifos-bot to this repo (openMF/community-app), accepted the invitation on behalf of that user, and configured https://cloud.docker.com/u/openmf/repository/registry-1.docker.io/openmf/community-app/builds/edit to build containers for this repo.

So https://cloud.docker.com/u/openmf/repository/docker/openmf/community-app now has a (Docker) container image continously built from the develop branch of this repo!

FTR: Initially I thought that mifos-bot actually only need read and not write or even admin permission to this repo, which seemed to be enough for Docker Hub at least if you also manually add Docker Hub's Deploy Key shown at the bottom of .../builds/edit. Then I then also connected source.cloud.google.com to @mifos-bot, but that needed it to have Admin.

So in addition to Docker Hub it's at least currently also available on http://gcr.io/apache-fineract-75/github.com/openmf/community-app (but without a latest tag; you have to look up the revision).

@awasum @conradsp @Anh3h @vishwasbabu I thought you may like this? 😄

Michael Vorburger · Answer 6 · Tue Aug 27 2019 03:08:27 GMT+0800 (China Standard Time)

PS: bd9c3fc adds badges for this to the README.

Steve Conrad · Answer 7 · Wed Aug 28 2019 00:18:59 GMT+0800 (China Standard Time)

Thanks for your work on this Michael! I like it a lot!

…

On Mon, Aug 26, 2019 at 2:08 PM Michael Vorburger ⛑️ < ***@***.***> wrote: PS: bd9c3fc <bd9c3fc> adds badges for this to the README. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#3112?email_source=notifications&email_token=AFMBLWBKZFCDB6VO6R6BR3TQGQS25A5CNFSM4IAYV352YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5FLJMQ#issuecomment-524989618>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AFMBLWCHTNWAY2XPZCSFY3TQGQS25ANCNFSM4IAYV35Q> .

Michael Vorburger · Answer 8 · Wed Apr 22 2020 07:14:29 GMT+0800 (China Standard Time)

I just looked back at this (in the context of https://www.fineract.dev), and wanted to record that the public Docker Hub URL is https://hub.docker.com/r/openmf/community-app/ (the ones shown above need login). I've just raised #3197 to add a link to Docker Hub to the README.

Michael Vorburger · Answer 9 · Wed Nov 04 2020 07:38:19 GMT+0800 (China Standard Time)

FTR: I've re-used the https://github.com/mifos-bot originally created here for #3309.

ErezArbell · Answer 10 · Thu Jan 14 2021 16:31:36 GMT+0800 (China Standard Time)

Hello @vorburger,
I also have this issue right now. I want o allow Docker Hub to build a docker image from Dockerfile in GitHub.
But the only option they give is to give them read and write access to all my GitHub acount.
I want to be sure that I understood how you solved this.
I understand that you created another regular GitHub account mifos-bot (I guess using a different email address) and gave it access to the specific repo.
Is this correct?

Michael Vorburger · Answer 11 · Thu Jan 14 2021 19:11:49 GMT+0800 (China Standard Time)

@ErezArbell correct