New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Build and push docker image to hub automatically #3946

Merged
merged 6 commits into from Sep 27, 2018

Conversation

Projects
None yet
3 participants
@michaelkaye
Contributor

michaelkaye commented Sep 25, 2018

Automate pushing docker images.

Questions - do we want to build any other tags? Is that regex good enough for tags we want to build or do we have a more precise naming scheme. I was hesitant to just look for all tags starting "v" in case we tag something "very_broken_build".

@michaelkaye

This comment has been minimized.

Contributor

michaelkaye commented Sep 25, 2018

The earlier code mistakenly allowed all branches and only those tags - we're now building on only those tags and no branches.

tags:
only: /^v[0-9].[0-9]+.[0-9]+(.[0-9]+)?/
branches:
ignore: /.*/

This comment has been minimized.

@turt2live

turt2live Sep 25, 2018

Member

Can we please get a :latest for master?

michaelkaye added some commits Sep 25, 2018

Make a ":latest" tag, and a SHA1 commit ID one too.
Latest is horrible and makes debugging what has happened anywhere a
nightmare. We push a latest because of demand for it, but we'll also
push a SHA1 commit id so those wanting to know what they're running
(and be able to roll back if required) can use those instead.

Note that latest here is defined as "most recent master commit" not
"most recent released version", as the actual semantics of making latest
correct while still being able to build bugfixed releases of previous
versions is just ARGH. So we define it as "master" not "latest release".
@michaelkaye

This comment has been minimized.

Contributor

michaelkaye commented Sep 27, 2018

(rebased against develop to pull in hawkowls' changes)

@michaelkaye michaelkaye requested a review from matrix-org/synapse-core Sep 27, 2018

@michaelkaye michaelkaye changed the base branch from develop to master Sep 27, 2018

@michaelkaye michaelkaye changed the base branch from master to develop Sep 27, 2018

@michaelkaye

This comment has been minimized.

Contributor

michaelkaye commented Sep 27, 2018

This will need two environment variables adding to CircleCI : https://circleci.com/gh/matrix-org/synapse/edit#env-vars

DOCKER_HUB_USERNAME - doesn't need to be matrixdotorg, can be another user who is a contributor to just the synapse project (to minimize access)
DOCKER_HUB_PASSWORD - the user's password to log into docker hub.

We should be aware that someone who can change the .circleci/config.yml and cause a PR or branch to be build which contains, for example: "run: echo $DOCKER_HUB_PASSWORD" will be able to obtain our credentials. This is our responsibility as reviewers to never permit those PRs to be merged to or created within this repository.

We do not pass these secrets to PRs from forks of this repository - so only those with commit or merge access to this repository are able to obtain these secrets - specifically we must never set https://circleci.com/gh/matrix-org/synapse/edit#advanced-settings the "pass secrets to builds of forks of this repository"

@richvdh

lgtm, though I'm confused about whether you want to merge it to master or not

@michaelkaye

This comment has been minimized.

Contributor

michaelkaye commented Sep 27, 2018

Let's just leave it on develop and watch it as we make the release candidate.

@michaelkaye

This comment has been minimized.

Contributor

michaelkaye commented Sep 27, 2018

we might need to make a tweak to the rc branch if it doesn't build cleanly, but shrug

@richvdh richvdh merged commit b5c9763 into develop Sep 27, 2018

6 checks passed

ci/circleci: sytestpy2merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy2postgresmerged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3merged Your tests passed on CircleCI!
Details
ci/circleci: sytestpy3postgresmerged Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
continuous-integration/travis-ci/push The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment