New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Build for ARM (ARM64 + ARMv7) #109
Conversation
That docker login and echoing password is a bit sketchy, is there no better way? Did you copy this workflow from somewhere (for reference)? EDIT: It probably would be nice to test this workflow without actually pushing to hub, to see that it still builds. |
Not that I'm aware, but
I was inspired by: https://github.com/radicand/docker-mailserver/blob/63a9ea44e3435ddfc68e1aaa7f98b41478f03d10/.github/workflows/dockerimage.yml (ref: docker-mailserver/docker-mailserver#1092)
Sure, will do. |
With this commit we switch from "Automated Builds"[1] to using a GitHub Actions for building the Docker images. This makes it possible to use buildx[2] and build the images for other platforms besides amd64. The workflow is only triggered when a tag is pushed and the latest tag (`latest` or `alpine`) is only pushed when the tag match the following regex: "^[0-9]*\.[0-9]*\.[0-9]*$". [1] https://docs.docker.com/docker-hub/builds/ [2] https://github.com/docker/buildx Fix #99
All the base image seems to use linux/arm64/v8
Done. I don't think there is more for me to do. |
Looks fine I think. @williamboman will need to check the rest. |
Sweet! Before diving in to the diff, do I understand it correctly that the purpose of this PR is to enable multi arch distributions? |
Correct |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sweet! It seems like there's some kind of default behaviour where it'll push the commit SHA as the tag if it's unable to fetch the tag, correct? Could we make it so that it only attempts to push if it's able to gather a semver-tag on HEAD, so something like:
- apply the existing
if:
clause on the entire action - only build & push the image if it passes the version regex
- on top of this, if it's not a pre-release or a RC we want to push the
:latest
and:alpine
tags as well. FWIW, the current regex in Dockerhub for this is:/^\d(?:\.\d){2}$
Or what do you say?
That was the initial design (kind of, only build/push on tag push), but the whole workflow was changed per @xPaw request. I just need to know what we want :) |
Well my idea was to build for all commits but only push for tags. That way we can see that buildx is working in pull requests for example. |
William was worried about the security of actions. As far as I understand it, github secrets are not shared to forks, so a malicious user should not be able to push to docker hub by creating a pull request, correct? |
so a malicious user should not be able to push to docker hub by creating a pull request, correct?
Correct
|
* upstream/master: github/workflows: better action name
Now that there's support for ARM builds, will an ARM image be (possibly manually) pushed to Docker Hub? Looks like images are only pushed on new releases of The Lounge proper, which leaves ARM users stuck until then. |
Not like they had one before. |
... fair. |
I could rebuild latest version, give this a go for real |
Na espectativa para uma versão oficial ARM |
Desde 4.2.0, já temos compilações ARM oficiais no DockerHub: https://hub.docker.com/r/thelounge/thelounge/tags?page=1&ordering=last_updated |
With this commit we switch from "Automated Builds"[1] to using a GitHub
Actions for building the Docker images. This makes it possible to use
buildx[2] and build the images for other platforms besides amd64.
The workflow is only triggered when a tag is pushed and the latest tag
(
latest
oralpine
) is only pushed when the tag match the followingregex: "^[0-9].[0-9].[0-9]*$".
[1] https://docs.docker.com/docker-hub/builds/
[2] https://github.com/docker/buildx
Fix #99
@xPaw automated builds needs to be disabled, and you need to create the secret
DOCKER_USERNAME
andDOCKER_PASSWORD
(you should use a access token).