Update Docker Hub Overview about oscal-editor-deployment HOT 11 CLOSED

@kylelaker, @Bronstrom, if you haven't seen we had a 'forbidden' error on updating Docker Hub.

from oscal-editor-deployment.

Unfortunately, Docker Hub will pull the README content automatically only when you've linked source control on Docker Hub and are using their ability to do automated builds. At the moment, we can't really use the automated builds because we need a little more than "just docker build . and hope for the best" -- we've got setup and testing that we need to do. So we need to do a docker push (or equivalent).

To do that, we use a series of GitHub Actions from the docker/ GitHub organization. None of which support setting the descriptions or README (we can and do set the basic description metadata for the image).

There is https://github.com/peter-evans/dockerhub-description; we use this author's Actions elsewhere in the project (though I don't think on this repository specifically). Doing this, we can use a README file from within the repository and just update the description every time we push an image. This gives us the really nice benefit of tracking that configuration as code.

from oscal-editor-deployment.

@Bronstrom I think I'm going to need you to review the Docker Hub documentation and the documentation for the action we're using to see what permissions would be required and how to set it up. Let's discuss the current permission architecture of our Docker Hub account/access token and what is necessary.

from oscal-editor-deployment.

@kylelaker Are we using a PAC for Docker Hub? Apparently 2FA is an issue for the peter-evans/dockerhub-description action.

from oscal-editor-deployment.

Are we using a PAC for Docker Hub? Apparently 2FA is an issue

Ugh this is our problem. I guess we need to coordinate with @pkothare to create a service account to do this. And probably burn one of our Docker licenses in the process. 🙄 Thanks for looking into this. Let's handle getting the necessary accounts, etc internally.

from oscal-editor-deployment.

This works! The description is updated!! Thank you for your work and for troubleshooting @Bronstrom! https://hub.docker.com/repository/docker/easydynamics/oscal-editor-all-in-one

from oscal-editor-deployment.

@kylelaker Thanks and good to see that the description shows now! It looks like a couple of the links are broken on Docker Hub. I'll work on patching these.

from oscal-editor-deployment.

@Bronstrom It looks like there's a failure in the configuration for the action. https://github.com/EasyDynamics/oscal-editor-deployment/runs/6992924233?check_suite_focus=true

I am going to reopen this and return it to "In Progress"

from oscal-editor-deployment.

It appears the job is failing when trying to acquire the username, stating it is "missing". Within this step the username is stated as username: ${{ secrets.DOCKERHUB_USERNAME }}. Looking back through our workflow, we login to Docker Hub stating the username as username: ${{ secrets.DOCKER_USERNAME }}, which excludes "HUB". This is probably the primary issue, although since we already have signed in to Docker Hub, these lines could probably just be removed.

from oscal-editor-deployment.

Yeah, the workflow should use ${{ secrets.DOCKER_USERNAME }} and ${{ secrets.DOCKER_PASSWORD }}. That's how they're configured in the repo settings.

from oscal-editor-deployment.

@rgauss @kylelaker Anything stick out about the new step in our workflow that would cause a 'forbidden' error? I'm not seeing anything obvious.

from oscal-editor-deployment.