Uploaded image for project: 'Infrastructure'
  1. Infrastructure
  2. INFRA-20959

Enabling Github Container Registry

    XMLWordPrintableJSON

    Details

    • Type: Wish
    • Status: Waiting for Infra
    • Priority: Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Github
    • Labels:
      None
    • Project:
      Airflow

      Description

      Github Container Registry is going to superseed the GitHub Packages we are using. It also allows public access to images published which might eventually replace dockerhub as distribution mechanism for the images for the users.

      https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/about-github-container-registry

      Can we enable access to Github Container Registry ?

      It has some unique challenges like - publishing the images as organisation rather than project (so for example

      This image:

      docker.pkg.github.com/apache/airflow/master-python3.8-build:293704534

      Will have to become:

      ghcr.io/apache/airflow:master-python3.8-build-293704534

      And somehow we would have to link the permissions 'per-project' (currently limited to committers) to particular image. The images are not connected with the projects by default. It is possible to link images to particular projects (even automatically via labels) https://docs.github.com/en/free-pro-team@latest/packages/managing-container-images-with-github-container-registry/connecting-a-repository-to-a-container-image but it is only to link it to the project's README and to be shown on the project's page rather than with permission management.

      I am not sure about the permissions of individual project committers and automated permissions of GITHUB_TOKENS from CI builds - whether they will be ok for the infrastructure-managed project isolation, but as I understand this - the current "per-project" access to those images is not implemented.


        Attachments

          Activity

            People

            • Assignee:
              gmcdonald Gav McDuck
              Reporter:
              potiuk Jarek Potiuk
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Review Date: