Automated builds are not triggered by linked repositories

[t3easy]

Problem description

Automated builds are not triggered by linked repositories.
I have added e.g. the official php or composer image as I inherit from them but the Automated Build doesn't run on changes of that repositories.

[trinhpham]

Me too,

I linked ubuntu to my repository, nothing has happened for 15 days.

Maybe we should consider to use Travis-CI for this trigger.

[shoeper]

same issue

[davidsarkany]

Me too

[dsteinkopf]

Anything new on you sides? I am also experiencing this problem.

Did know about the note from pkennedyr in #518?: when a repository link is added to an (automated) repository in Hub, it will automatically trigger a rebuild only if the linked repository is also included in the FROM line of your dockerfile

But the problem of the build not being triggered exists even if the from line is correct (in my eyes). In my case the repo https://hub.docker.com/r/dsteinkopf/tuerauf-backend-docker/~/dockerfile/ contains FROM tomcat:7.0-jre8 and is linked to tomcat. But it is not built when tomcat is updated.

[Pandabehr]

I have the same problem, my dockerfile has FROM php:5.6 but it did not trigger a rebuild when php was updated (two days ago)
My build settings are; for branch master use dockerfile /5.6/ and docker-tag 5.6

[shoeper]

Looks much like this security issue has not been taken care of for almost three years now.

Security issue because e.g. if debian gets a security update and the image is rebuild and people rely on repository linking their image won't be updated and thus will still have the vulnerable libraries. Having a look at docker hub such a scenario is very common.

[erikmd]

To complement the previous comments, it seems that the repository link feature only works when one links one's repo with another user-defined repository (e.g. I was able to setup coqorg/coq so that it is automatically rebuilt when coqorg/base is rebuilt).
However, I also linked coqorg/base with debian (paying attention that the build rules don't contain regexps and that the FROM directive explicitly mentions the image tag, namely debian:9) but this never worked.
So I guess the issue is related to the handling of official repositories which thereby don't contain a slash in their image name…
Hopefully the docker-hub team could take a look at that issue.

[workingmachine]

Same issue here, my dockerfile has FROM nextcloud:14-apache.
No rebuild is triggered when nextcloud was updated (two days ago)

[Pandabehr]

@manishtomar since you are the last person to close an issue, could you take a look at this one?

[waja]

Since the "new" docker hub UI seems to have no option for linked repositories anymore and https://docs.docker.com/docker-hub/builds/ also have this option not listed in contrast to https://docs.docker.com/v18.03/docker-hub/builds/#repository-links, I guess this feature has been removed, even when https://docs.docker.com/docker-hub/builds/classic/#frequently-asked-questions states:

There are no functional differences with the old automated builds and everything (build triggers, existing build rules) should continue to work seamlessly.

Did I miss anything?

[jtraulle]

@waja The option seems, indeed missing from the LEGACY automated build (see https://docs.docker.com/docker-hub/builds/classic/) However, it is present on the new automated build system (see the repository links option on the screenshot)

I have not found any way to use the NEW automated build system without dropping the old repository and recreating a new one with the same namespace.

BUT, what really bothers me is that this just works for non-official images. This limitation is really a pain and cause security issues ;(

[waja]

Thanks @jtraulle

The option seems, indeed missing from the LEGACY automated build (see https://docs.docker.com/docker-hub/builds/classic/) However, it is present on the new automated build system (see the repository links option on the screenshot)

okay .. since I've not created yet a new one, I didn't recognized.

I have not found any way to use the NEW automated build system without dropping the old repository and recreating a new one with the same namespace.

Which results into loosing all the old builds (and tags), that's bad.

BUT, what really bothers me is that this just works for non-official images.

What do you mean by this? That this for example does NOT work for the official alpine and debian images on docker hub?

[t3easy]

You can add the new automated build config to a repo with the classic build by calling the url manually. Then you don’t loose old tags.
Just create a new repo, start the config of automated build, look at the url, use the same path schema at you old repo.

To build repos based on official images, I use Microsoft Flow with RSS feed https://rss.p.theconnman.com/ and the webhook.

[jtraulle]

Thanks for sharing this method @t3easy 🙂
I was currently using Github docker-library RSS feeds in conjunction with IFTTT but your approach seems more robust and I was not aware about Microsoft Flow (nice discovery) !

[t3easy]

Thanks for sharing this method @t3easy 🙂 ...

@jtraulle I also used IFTTT in the past but Microsoft Flow had more options for that job.

[waja]

While we are at it, https://rss.p.theconnman.com/ seems to 404 actually. 9 hours ago, it worked. :)

[shoeper]

At least now it is mentioned in the info, but it still is a huge security issue. I didn't analyse it but according to my experience most images depend on an official image.

Most probably it just is not added as it would add a huge amount of automated builds with associated costs (in terms of CPU and storage for all the additional layers created).

[github-actions]

We are clearing up our old issues and your ticket has been open for one year with no activity. Remove stale label or comment or this will be closed in 15 days.