Switch to GH Containers
5HT2 opened this issue · 11 comments
Github has support for storing your Docker images on Github, instead of Docker Hub. The GH Action that we're using currently does not need you to change much to add support for this.
The reasoning behind this is that Docker now only allows 1 personal access token for pushing your containers, and org plans are paid. Given this push to pay for Docker Hub (which enforces poor security practices), it would be better to switch to GH for hosting the images.
- Switch Action and Makefile
- Update
update.shscript
Another alternative is switching away from Docker entirely, to Kubernetes. As long as the user experience is mostly the same, I do not see an issue with this, and it would be preferable given my complaints with docker (excess image size, lots of required steps to solve the former, pushing consumers towards a subscription model).
Honestly, given the amount of issues I've had debugging docker and trying to fix things, and given the fact it isn't a straightforward "run one command and it all works" (the reason I added docker support initially), I feel like going back to a systemd-based system, or another containerization system which is less finicky.
It is not a good idea to use GCR, especially because of this issue - https://github.community/t/docker-pull-from-public-github-package-registry-fail-with-no-basic-auth-credentials-error/16358. GitHub will not allow you to even pull public images, but surprisingly you can download an image from their website.
Yes, at present you do need to authenticate to read even publicly available packages.
They allow you to do so, you just need to make a personal access token with permission to download packages.
Docker Hub works the same way. You need to log into docker hub in order to download packages, as far as I know.
Either way, I just need something that can
- Store containers in OCI format.
- Allow you to pull them somehow.
I've already done a lot of research on various options, and most would be easier to use than how I'm using Docker now, and would basically be a drop-in replacement.
Technically I could still upload regular containers to Docker Hub, even if they're not "normal" Docker containers (which are also OCI spec, iirc), but then I would need to have a GH Action to build and upload them with a separate config, and have the user-facing config in the repo.
The reasoning behind this is that Docker now only allows 1 personal access token for pushing your containers, and org plans are paid. Given this push to pay for Docker Hub (which enforces poor security practices), it would be better to switch to GH for hosting the images.
This is still an issue, as well, if I use a non-Docker format and upload it to Docker Hub.
I'll likely get around to doing it this weekend, once I streamline the process. If you have any suggestions about what else to use, that would be great.
They allow you to do so, you just need to make a personal access token with permission to download packages.
I don't think that it is good for open source projects, its a public image, why should it require an authentication?
And docker hub allows you to pull the publically available images without an authentication.
Well I didn't know that Docker Hub allowed it for public images, it always asked me to login.
Either way, I've already stated the issues I have with Docker and Docker Hub, I'd rather find an alternative for hosting the images.
Well I didn't know that Docker Hub allowed it for public images, it always asked me to login.
I've done a little research now and docker is really asking about authentication just to pull an image, but I haven't found how to disable it. How, for example, can you access a mongo image without authentication?
Well, I guess it is an another issue which is not related to current one.
I'm not sure if I even want to bother providing a pre-built image anywhere tbh, Docker Hub sucks for free users and the alternatives aren't much better. I might just require building from scratch which is.. honestly fine.