Keep Jib. Let me share one PR for discussion/review.
The docker compose file can point to Docker Hub image. Of course not build from docker compose just download the latest version. (not building) El mié, 8 may 2024 a las 19:28, James Dailey (<jamespdai...@gmail.com>) escribió: > Ok. So… Aleks - comment ? > Zoltan , Victor - can we come to a decision on this? > > Keep Jib > Add GitHub action > Yes? > > > > > On Mon, May 6, 2024 at 2:00 PM todd densmore <tdensm...@gmail.com> wrote: > >> James, >> >> (adding comments as requested - but from here it looks like there is >> enough momentum from the team to resolve the core issue) >> >> Firstly, it looks like a custom role can be added to the repo to allow >> GitHub Actions (ie Jib) to push new images to DockerHub. Some new GitHub >> Action code will have to be added to do the "push", but that is trivial. >> Both of these tasks can be done quickly and easily, and solves the short >> term problem of getting current Fineract images to DockerHub. This is an >> immediate win and resolves the most immediate issue. >> >> The second issue that Fineract may wish to address is whether or not to >> include a Dockerfile in the public repo. >> >> The docker-compose file (pointing to DockerHub) that is currently >> included in the Fineract repo *will work*, allowing new users to get >> setup quickly. However users will have no way to create new local versions >> of the Fineract container image locally without installing the complete >> java (Jib) toolchain. This may not be an issue at all if most users already >> have a local java environment. For casual users looking to contribute to >> Fineract, this may present a bit of friction. >> >> Including a Dockerfile in the repo can be done *without replacing Jib*. >> However, having a visible Dockerfile that is NOT used with the non-visible >> Jib build process will be confusing. Keeping the Dockerfile up to date will >> also be harder, since the file will not be the single source of truth. This >> may or not be an issue for the team. >> >> Lastly (and probably the most contentious option) would be to replace the >> Jib image build tooling with the more common Dockerfile build mechanism. >> This represents more work from the team, but also increases the >> transparency from the outside user. This may not be an issue for the team >> (especially if the number of outside contributors is small). >> >> -Todd >> >> On Sun, May 5, 2024 at 1:51 PM James Dailey <jamespdai...@gmail.com> >> wrote: >> >>> Victor - thank you for your PR and Zoltan for your comments. >>> >>> On Fri, May 3, 2024 at 10:31 AM VICTOR MANUEL ROMERO RODRIGUEZ < >>> victor.rom...@fintecheando.mx> wrote: >>> >>>> James, >>>> >>>> I think that this option is also viable: >>>> >>>> "For Github Actions we can use a role account and attach the secrets to >>>> your repository" >>>> >>>> At this point there are two options >>>> >>>> 1. Apache Infra has to add the secrets to the Apache Fineract >>>> repository and then we can create/modify github actions for using the >>>> existing Jib library. >>>> >>> This approach maintains the same consistent build but is a bit >>> non-standard? The problem with option #2 is that there will be effectively >>> two "builds" from the same source, and they won't match because the Jib >>> library is in use by active dev teams on the project today. >>> >>> >>>> 2. Merge the https://github.com/apache/fineract/pull/3879 to the >>>> develop branch in order to allow Dockerhub to build/publish a new docker >>>> image. >>>> >>> This approach returns the project to a more standard approach? It >>> does not require special action by Infra but creates a separate and >>> potentially inconsistent build. >>> >>>> >>>> Any other option or discussion about the solution for having an updated >>>> Apache Fineract image published on Dockerhub is welcome. >>>> >>> agreed - last call for comments on which of these. I'm leaning toward >>> the second because it requires no action by Infra and is the shortest path >>> to getting a new image at DockerHUB. >>> >>> Todd- can you comment? >>> >>> >>>> >>>> Best regards >>>> >>>> Victor >>>> >>>> Regards >>>> >>>> Víctor Romero >>>> >>>> El vie, 3 may 2024 a las 8:56, James Dailey (<jdai...@apache.org>) >>>> escribió: >>>> >>>>> As this relates to this thread but was over on infra users... >>>>> >>>>> >>>>> ---------- Forwarded message --------- >>>>> From: Gavin McDonald <gmcdon...@apache.org> >>>>> Date: Sun, Feb 18, 2024 at 12:24 AM >>>>> Subject: Re: Docker help >>>>> To: James Dailey <jdai...@apache.org> >>>>> Cc: Users <us...@infra.apache.org> >>>>> >>>>> >>>>> Hi James. >>>>> >>>>> >>>>> >>>>> On Sun, Feb 18, 2024 at 3:00 AM James Dailey <jdai...@apache.org> >>>>> wrote: >>>>> >>>>>> Infra - >>>>>> >>>>>> Can you confirm that we can use other processes to push to >>>>>> apache DockerHUB? >>>>>> >>>>> >>>>> Current supported methods are via Github Actions or Jenkins or locally >>>>> via your own credentials. >>>>> >>>>> For Github Actions we can use a role account and attach the secrets to >>>>> your repository, or you >>>>> can provide your own secrets for us to add to your repository >>>>> >>>>> For Jenkins we have a role account that we provide access to push to >>>>> your repository. >>>>> >>>>> Committers could also use a settings.xml with this plugin and use >>>>> their own credentials, we just need >>>>> to ensure they have push access to Dockerhub. >>>>> >>>>> There may also be other methods not explored. >>>>> >>>>> See also: >>>>> https://github.com/GoogleContainerTools/jib/tree/master/jib-maven-plugin#authentication-methods >>>>> >>>>> HTH >>>>> >>>>>> >>>>>> When I opened a ticket about this, I was told we need a dockerfile at >>>>>> the root. >>>>>> >>>>>> Can we use "jib-maven-plugin to publish the image to Dockerhub". ? >>>>>> Can we get credentials ? >>>>>> >>>>>> James >>>>>> >>>>>> >>>>>> ---------- Forwarded message --------- >>>>>> From: Arnold Galovics <arn...@apache.org> >>>>>> Date: Sun, Feb 11, 2024 at 10:45 PM >>>>>> Subject: Re: Docker help >>>>>> To: <dev@fineract.apache.org> >>>>>> >>>>>> >>>>>> James, >>>>>> >>>>>> This is the out-of-the box solution from DockerHub which definitely >>>>>> won't work without a Dockerfile. Though that doesn't mean it's the only >>>>>> way >>>>>> to build a docker image; as I stated in my previous email. >>>>>> >>>>>> Best, >>>>>> Arnold >>>>>> >>>>>> On Mon, Feb 12, 2024 at 7:43 AM James Dailey <jamespdai...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> On DockerHUB the build fails because there is no dockerfile. >>>>>>> https://hub.docker.com/r/apache/fineract >>>>>>> >>>>>>> 2024-02-08T13:12:27Z Building in Docker Cloud's infrastructure... >>>>>>> 2024-02-08T13:12:28Z Cloning into '.'... >>>>>>> 2024-02-08T13:12:28Z Warning: Permanently added the RSA host key for >>>>>>> IP address '140.82.114.4' to the list of known hosts. >>>>>>> 2024-02-08T13:12:48Z Reset branch 'develop' >>>>>>> 2024-02-08T13:12:48Z Your branch is up to date with 'origin/develop'. >>>>>>> 2024-02-08T13:12:48Z Dockerfile not found at ./Dockerfile >>>>>>> >>>>>>> >>>>>>> Let's discuss on slack and revert back here. >>>>>>> >>>>>>> My intention is to either DELETE the DockerHUB repo or to get this >>>>>>> working. >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> On Sun, Feb 11, 2024 at 10:14 PM Arnold Galovics <arn...@apache.org> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi Zoltan, James, >>>>>>>> >>>>>>>> Just to reflect on your points: >>>>>>>> 1) Let's not do such a radical change unless we absolutely need to >>>>>>>> 2) I'm not sure what's the issue here, please explain. We already >>>>>>>> have docker builds in our pipeline via GitHub Actions (using their >>>>>>>> runners), the only missing piece is to do a docker push. >>>>>>>> >>>>>>>> We need the credentials to be able to do a docker push, alter the >>>>>>>> pipeline and that's all. >>>>>>>> >>>>>>>> If the only thing preventing us from doing this is to keep asking >>>>>>>> the infra team for the creds, let's pursue them instead of making such >>>>>>>> an >>>>>>>> unnecessary change. >>>>>>>> >>>>>>>> Arnold >>>>>>>> >>>>>>>> On Mon, Feb 12, 2024 at 3:30 AM James Dailey < >>>>>>>> jamespdai...@gmail.com> wrote: >>>>>>>> >>>>>>>>> Thanks Zoltan >>>>>>>>> >>>>>>>>> Micheal - can you please comment on this discussion? As this >>>>>>>>> relates to the Google deployment that you put in place? Question! >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> On Sun, Feb 11, 2024 at 6:27 PM Zoltan Mezei < >>>>>>>>> zoltan.me...@zz-it.hu> wrote: >>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> I think the real issue here is that we use GoogleContainerTools's >>>>>>>>>> Jib as the build mechanism. It works entirely without a Dockerfile. >>>>>>>>>> And >>>>>>>>>> unfortunately Dockerhub's Automated Builds doesn't support building >>>>>>>>>> without >>>>>>>>>> a Dockerfile. :-( >>>>>>>>>> >>>>>>>>>> We have two ways to move forward: >>>>>>>>>> >>>>>>>>>> 1. Replace the Jib build with a more traditional, >>>>>>>>>> Dockerfile-based approach. This would be a quite large change of how >>>>>>>>>> Fineract is built and the consequences need to be explored - but it's >>>>>>>>>> definitely doable. >>>>>>>>>> 2. Stick with the Jib build, but don't rely on >>>>>>>>>> Dockerhub's Automated Builds, but some other build tools like >>>>>>>>>> jib-maven-plugin to publish the image to Dockerhub. This could also >>>>>>>>>> work, >>>>>>>>>> but it requires a build server that I'm not sure we have. >>>>>>>>>> >>>>>>>>>> I can try to create a traditional Dockerfile, but it will be >>>>>>>>>> different from what Jib can produce, so this might lead to >>>>>>>>>> regressions. >>>>>>>>>> >>>>>>>>>> Want me to try this approach next week? >>>>>>>>>> >>>>>>>>>> Kind regards, >>>>>>>>>> Zoltan >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> On Sun, Feb 11, 2024 at 8:16 AM James Dailey < >>>>>>>>>> jamespdai...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Victor - my read of the docs is that the default “build rule “ >>>>>>>>>>> points to master or main but we can also use dev. In fact that’s >>>>>>>>>>> what is >>>>>>>>>>> already there in dockerHUB for our project. >>>>>>>>>>> >>>>>>>>>>> I think a proper dockerfile in dev branch should be fine. >>>>>>>>>>> >>>>>>>>>>> Thanks >>>>>>>>>>> James >>>>>>>>>>> >>>>>>>>>>> On Fri, Feb 9, 2024 at 7:47 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>>>>>> >>>>>>>>>>>> Reading the dockerhub docs, I think we can do the following: >>>>>>>>>>>> >>>>>>>>>>>> 1. Create a master branch from develop branch >>>>>>>>>>>> 2. Add the Dockerfile (and some scripting on it for handling >>>>>>>>>>>> the versions) on master branch >>>>>>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>>>>>> master branch >>>>>>>>>>>> 4. Create github action for keeping in sync develop with >>>>>>>>>>>> master, so then it will push the changes to the master branch >>>>>>>>>>>> everytime the >>>>>>>>>>>> develop branch has a commit on it, then the dockerhub will publish >>>>>>>>>>>> it as >>>>>>>>>>>> the latest version. >>>>>>>>>>>> >>>>>>>>>>>> Or... we can be more standard >>>>>>>>>>>> >>>>>>>>>>>> 1. Rename develop to master >>>>>>>>>>>> 2. Add a Dockerfile template (and some scripting on it for >>>>>>>>>>>> handling the versions) on master branch >>>>>>>>>>>> 3. Dockerhub will use the dockerfile (and its scripts) from the >>>>>>>>>>>> master branch >>>>>>>>>>>> 4. Everytime a new commit or tag is created, the dockerhub will >>>>>>>>>>>> publish it as the latest/specific version. >>>>>>>>>>>> >>>>>>>>>>>> What do you think? >>>>>>>>>>>> >>>>>>>>>>>> Dockerhub automated builds info: >>>>>>>>>>>> https://docs.docker.com/docker-hub/builds >>>>>>>>>>>> >>>>>>>>>>>> Regards >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> El vie, 9 feb 2024 a las 20:34, James Dailey (< >>>>>>>>>>>> jamespdai...@gmail.com>) escribió: >>>>>>>>>>>> >>>>>>>>>>>>> Victor - I was trying to go down that path as well, as that is >>>>>>>>>>>>> the error thrown and the suggestion at DockerHUB. However, to >>>>>>>>>>>>> add the key >>>>>>>>>>>>> to the git hub requires access and the git is controlled by >>>>>>>>>>>>> Apache Infra. >>>>>>>>>>>>> I asked infra@a.o. about that since, again, that is what >>>>>>>>>>>>> DockerHUB had documented. Unfortunately, I think infra has it >>>>>>>>>>>>> setup a >>>>>>>>>>>>> specific way to allow all of the projects to publish to the Apache >>>>>>>>>>>>> DockerHUB so that route would appear to be blocked. >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> On Fri, Feb 9, 2024 at 4:04 PM VICTOR MANUEL ROMERO RODRIGUEZ < >>>>>>>>>>>>> victor.rom...@fintecheando.mx> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> For making it work without a Dockerfile the credentials of >>>>>>>>>>>>>> the docker hub account are requiered. >>>>>>>>>>>>>> >>>>>>>>>>>>>> If they are set in the git repository, a github action can be >>>>>>>>>>>>>> enabled for this task. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Regards >>>>>>>>>>>>>> >>>>>>>>>>>>>> El vie., 9 de febrero de 2024 4:45 p. m., < >>>>>>>>>>>>>> jamespdai...@gmail.com> escribió: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> I've re-opened >>>>>>>>>>>>>>> https://issues.apache.org/jira/browse/FINERACT-1164 >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> This ticket is to enable the build at DockerHUB to work. >>>>>>>>>>>>>>> For the past two years ++ the Build has failed. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> https://hub.docker.com/r/apache/fineract >>>>>>>>>>>>>>> This docker account is held by Apache and the Fineract >>>>>>>>>>>>>>> project is responsible for the content. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The dockerHUB has an "auto build" concept so that every >>>>>>>>>>>>>>> committed change on Dev leads to a new deployment. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> The build is actually failing or not running because we >>>>>>>>>>>>>>> have removed the dockerbuild file from the root. That is as >>>>>>>>>>>>>>> far as I've >>>>>>>>>>>>>>> gotten. I suspect we had good reasons for that at the time. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Anyway, I would also say that if we cannot get the Docker >>>>>>>>>>>>>>> build to work THEN we should take this down. Our standard is >>>>>>>>>>>>>>> to only >>>>>>>>>>>>>>> support and distribute publicly the last two releases. This >>>>>>>>>>>>>>> build is really >>>>>>>>>>>>>>> old, has unfixed CVEs, and is being downloaded in large >>>>>>>>>>>>>>> numbers. (no idea >>>>>>>>>>>>>>> why) >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Thanks >>>>>>>>>>>>>>> James >>>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>> >>>>> -- >>>>> >>>>> >>>>> *Gavin McDonald - * >>>>> Systems Administrator, ASF Infrastructure Team >>>>> V.P Travel Assistance Committee >>>>> >>>>> https://tac.apache.org - Applications now open for Community Over >>>>> Code 2024 >>>>> in Bratislava, Slovakia. Don't delay, apply today! >>>>> >>>>>