Use artifacts instead of registry for passing CI image to jobs#19
Closed
riley-dixon wants to merge 3 commits into
Closed
Use artifacts instead of registry for passing CI image to jobs#19riley-dixon wants to merge 3 commits into
riley-dixon wants to merge 3 commits into
Conversation
We would like to eventually move to a fork-based development model. However, PR's from fork's are unable to push images to the GHCR registry (they could push something bad). So instead, this changes CI to use artifacts instead to pass around the container image. Surprisingly, this actually slightly reduces the time it takes to load & start the Docker container.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation
To enable PRs coming in from external forks of the repo to use our CI as-is.
Technical Details
External PR's (e.g. from a forked repo) are not allowed to push to the head repo's Docker Registry when the workflow trigger is "pull_request". This is a good protection to have. Artifacts are not published and are kept on a job by job basis - for a single day in our case. They are not intended to be consumed by non-CI. This should allow us to keep most of our existing CI by switching to this model.
An additional job after a PR has been accepted and merged will be needed if we wish to still have some concept of caching for building the docker image. No matter what we will need to push the entire Docker image for each workflow using this mechanism rather than benefiting from speed-up provided by the registry to skip uploading unchanged layers of the image.
Test Plan
Test Result
Submission Checklist