Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Build and push docker image to hub automatically #3946
Automate pushing docker images.
Questions - do we want to build any other tags? Is that regex good enough for tags we want to build or do we have a more precise naming scheme. I was hesitant to just look for all tags starting "v" in case we tag something "very_broken_build".
This will need two environment variables adding to CircleCI : https://circleci.com/gh/matrix-org/synapse/edit#env-vars
DOCKER_HUB_USERNAME - doesn't need to be matrixdotorg, can be another user who is a contributor to just the synapse project (to minimize access)
We should be aware that someone who can change the .circleci/config.yml and cause a PR or branch to be build which contains, for example: "run: echo $DOCKER_HUB_PASSWORD" will be able to obtain our credentials. This is our responsibility as reviewers to never permit those PRs to be merged to or created within this repository.
We do not pass these secrets to PRs from forks of this repository - so only those with commit or merge access to this repository are able to obtain these secrets - specifically we must never set https://circleci.com/gh/matrix-org/synapse/edit#advanced-settings the "pass secrets to builds of forks of this repository"