sclorg / build-and-push-action Goto Github PK

The script for this is already written:
https://github.com/sclorg/ci-scripts/blob/master/jenkins_ci/update_quay_description.py

We just need to call it in the build-and-push action.

It took me a while and a look into the code to realize what the resulting image actually is, because it's composed from more parts, each part coming from a different source:

        image: ${{ steps.base-image-name.outputs.image_name}}-${{ steps.clean_path.outputs.clean_dockerfile_path }}${{ steps.suffix_name.outputs.suffix }}

I think that improving transparency on the expense of more duplication here might be not that bad idea, which means the specification would simply include the resulting name. One of the possible implementation might be adding something like "output_image" key, which might make some of the other keys not needed (didn't check), e.g.:

         - dockerfile_path: "18"
           dockerfile: "Dockerfile.fedora"
           registry_namespace: "fedora"
           tag: "fedora"
           output_image: "quay.io/fedora/nodejs-18"
           quayio_username: "QUAY_IMAGE_FEDORA_BUILDER_USERNAME"
           quayio_token: "QUAY_IMAGE_FEDORA_BUILDER_TOKEN"

Investigate, if sigstore can be used for signing the images and if the idea makes sense.

The files should be already correctly generated in the git repository.

This should be implemented only after we have some check, that the files are regenerated properly and are up to date.
I will then start working on this.

CC: @pkubatrh @frenzymadness @phracek

Currently we have to define the version of the underlying base image in the configuration of the action. The base image provides an envvar (eg ."FGC=f35") that could be used for this instead so that we do not have to remember to update it everytime.

I don't see this action on GitHub Marketplace like testing-farm-as-github-action https://github.com/marketplace/actions/schedule-tests-on-testing-farm.

Can you please publish it?

Currently, we pass github.sha to buildah, to create image with this tag.
However, we use also "latest" tag and tag with current date.

That means, that if user pulls the image via other then sha tag, it will no longer be possible to get the commit hash from the image.

We should consider adding some information about hash of the latest commit to the released images.

The 'version' input stands also for the relative path to the Dockerfile used for building the image. This could lead to some problems in the future and should be investigated.