New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proposal: Pre-Build images in Github #249
base: master
Are you sure you want to change the base?
Conversation
hello! please understand you are the docker expert out of the two of us, so everything i'm saying here is from a docker-naïve maintainer's perspective, not authority:
|
related to volumes and naming, this previous attempt to correct the anonymous volume problem we eventually decided was too risky to implement for what we get out of it, which is probably useful to your context and thinking. i hope. |
build: | ||
context: . | ||
dockerfile: service.dockerfile | ||
image: ghcr.io/mattelacchiato/service:latest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is this the intentional target?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No, it should be ghcr.io/getodk/service:LATEST_TAG
, where LATEST_TAG is the latest version you've tagged in git.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This needs to be fixed before you release a new version. I've only set it here to my repository, since it's the one where I have access to, so I can test the github actions
Thanks for the hint! It lead me to read the But anyway I want to say:
By the way: |
Sadly, I didn't thought about existing installations. Could we maybe solve this via a manual step in the manual and release notes?
But I'll try my best explaining, what I understood so far. I will copy the relevant parts here for explanation: on:
push:
branches: [ master ]
# Publish semver tags as releases.
tags: [ 'v*.*.*' ] On every push to master and every tag, the workflow will run. (Previously it would have been run also for PR to master, but this is not what we want, so I've just deleted this)
The docker images are pushed to github's package storage of your account ("getodk"). In my case, you can find the images here: https://github.com/mattelacchiato?tab=packages&repo_name=central
These are the version tags that are created:
The reason why I've chose alpine was that it was previously based on node12 (not node 14). This would increase the download volume significantly. We could change to node14, but I would assume that 5,6MB (the size of alpine) wouldn't make that much of a difference compared to the 1,17GB of the service image...
I hope, I could answer all of your questions. |
Regarding the volume questions, this is what some people on reddit say: https://www.reddit.com/r/docker/comments/dzhlhs/why_use_named_volumes_instead_of_host_volume/?utm_source=share&utm_medium=web2x&context=3 It would be fine for me to keep the volumes as they are and remove the changes from this PR. At least in our installations, I will keep the secrets not in a named volume, but in a local mount for easier backup/restore. |
unless you can provide a lot of automation and foolproofing around it, i think asking people to run commands during upgrade to prevent data loss is too much to ask. not everybody reads the instructions when they upgrade. as mentioned, we have the same concerns but we stopped down this road because we tried very hard to come up with an answer we felt we could trust but came up short. we are interested in naming these volumes but i need to see a really good answer for deployment/migration. my suggestion would be to drop that element from the pr and open a new one focused on that if you're interested in tackling it. if you are, know that i'm also interested in moving to postgres 14, which seems like a related problem area (locate and perform the upgrade on the volume and associate it back to a 14.x image). as for alpine, that's fine. number of connections can be just as bad (or worse) than download size and i'd still rather stick to the minimum we can offer for the sake of those with poor connections but if you feel strongly about alpine being included i guess i don't care that much. thanks for catching that it was still on 12. |
Yeah, I will shrink this MR down. Hopefully within the next 2 weeks ;-) |
This is a proposal as requested by @yanokwa at https://forum.getodk.org/t/host-odk-central-docker-images-on-github-container-registry/29812/19?u=mattelacchiato It introduces the usage of Github actions to build the docker images in Github and host them at ghcr.io (the github package repository). For open source projects, the infrastructure is for free. Additionally, I've removed the unnamed volumes from the docker-compose.yml. The reason is that unnamed volumes are hard to backup. Currently, the enketo secrets are not part of the backup, which is really bad if you have to recover your installation and all public links are not working anymore for submitters. For the same aspect of easier backup on OS-level, I moved the postgres and redis folder to a local volume, too. I switch the secrets docker base image from node to alpine, which is much more lightweight. We don't need node for a simple bash script execution. This setup will increase the benefits for experienced administrators without removing any convenience for beginners.
2f2565f
to
10d523b
Compare
Sorry for the long waiting time! I've just pushed a new version without the volume changes. I hope, I didn't miss a thing... My project (where we use ODK) suddenly died. So I don't have any test system where I could test this easily. But I am sure that you have one, so feel free to check if it is working for you =) |
Any update on this? |
I started a slimmed-down version of these changes in #546 (based on this PR, thank you @mattelacchiato!), in case it could be merged in smaller steps. |
This is a proposal as requested by @yanokwa at
https://forum.getodk.org/t/host-odk-central-docker-images-on-github-container-registry/29812/19?u=mattelacchiato
It introduces the usage of Github actions to build the docker images in
Github and host them at ghcr.io (the github package repository). For
open source projects, the infrastructure is for free.
Additionally, I've removed the unnamed volumes from the
docker-compose.yml. The reason is that unnamed volumes are hard to
backup. Currently, the enketo secrets are not part of the backup, which
is really bad if you have to recover your installation and all public
links are not working anymore for submitters.
For the same aspect of easier backup on OS-level, I moved the postgres
and redis folder to a local volume, too.
I switch the secrets docker base image from node to alpine, which is
much more lightweight. We don't need node for a simple bash script
execution.
This setup will increase the benefits for experienced administrators
without removing any convenience for beginners.