Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Establish process/procedure for rebuilding old images #1412

Closed
lmsurpre opened this issue Aug 13, 2020 · 5 comments
Closed

Establish process/procedure for rebuilding old images #1412

lmsurpre opened this issue Aug 13, 2020 · 5 comments
Labels
automation automation security

Comments

@lmsurpre
Copy link
Member

lmsurpre commented Aug 13, 2020
edited by prb112

Currently, we build and push our Docker image to DockerHub as part of our release process.

This works, but ends up leaving vulnerable images because the underlying layers get patched but we never re-build our images on top of them.

What we should be doing is rebuilding the images at some interval so that our image is always up-to-date at the lower levels (OS, Java, Liberty, etc), probably via either autobuilds or GitHub Actions scheduled events

As a forcing function, Docker recently changed their terms of service and will start deleting stale images that haven't been rebuilt in the last 6 months.
@prb112
Copy link
Contributor

prb112 commented Oct 5, 2020

Team to setup a side discussion on how to approach

@prb112 prb112 added the automation automation label Oct 5, 2020
@prb112
Copy link
Contributor

prb112 commented Oct 8, 2020
edited

Proposal

  • Rebuild on a GitHub Actions - schedule
  • All Tags which have a corresponding docker image (>= 4.1.0)
  • 4.2.0-FIXED is a special case

Go from there.

@prb112 prb112 added this to the Sprint 20 milestone Oct 8, 2020
@tbieste tbieste assigned tbieste and unassigned tbieste Oct 21, 2020
@kmbarton423 kmbarton423 modified the milestones: Sprint 20, Sprint 21 Nov 17, 2020
@lmsurpre lmsurpre modified the milestones: Sprint 21, Sprint 22 Dec 8, 2020
@lmsurpre lmsurpre modified the milestones: Sprint 22, Sprint 2021-01 Jan 6, 2021
@prb112 prb112 modified the milestones: Sprint 2021-05, Sprint 2021-06 Apr 19, 2021
@prb112 prb112 removed this from the Sprint 2021-07 milestone Jun 1, 2021
@prb112 prb112 removed their assignment Jun 25, 2021
@lmsurpre lmsurpre mentioned this issue Sep 24, 2021
Merged
@lmsurpre
Copy link
Member Author

lmsurpre commented Oct 7, 2021

Rebuild on a GitHub Actions - schedule

For the server itself, our base image is re-built daily and so that is probably a good schedule for us to follow as well.

For the schematool image (or any others), I'm not sure how often the base image changes.

lmsurpre added a commit that referenced this issue Jan 13, 2022
@lmsurpre
workflow to build and push updated docker images (#3168)
bd6d6fc 
* issue #1412 - workflow to build and push updated docker images

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>

* issue #1412 - skip the failing spl test for historic builds

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>

* allow rebuild workflow to be invoked manually

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>

* skip the sonatype release step

Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre added a commit that referenced this issue Apr 20, 2022
@lmsurpre
issue #1412 - only rebuild the last release
0eac589 
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre added a commit that referenced this issue Apr 20, 2022
@lmsurpre
issue #1412 - only rebuild the last release
a92194e 
Signed-off-by: Lee Surprenant <lmsurpre@us.ibm.com>
lmsurpre added a commit that referenced this issue Apr 20, 2022
@lmsurpre
Merge pull request #3585 from IBM/issue-1412-update
99386c6 
issue #1412 - only rebuild the last release
@lmsurpre
Copy link
Member Author

now that it only rebuilds the latest (4.11.0), we finally have an automated image rebuild!

first success: https://github.com/IBM/FHIR/actions/runs/2200236782

@d0roppe
Copy link
Collaborator

d0roppe commented Apr 22, 2022

This seems to be building correctly now. Closing issue.

@d0roppe d0roppe closed this as completed Apr 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
automation automation security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@prb112 @lmsurpre @tbieste @d0roppe @kmbarton423