Deploy image to docker optionally, as well as GHCR

[ljones140]

What

To migrate deployment of Production Crawler to CD Azure from Microsoft owned Azure.
Changes to workflow app-build-and-deploy

This PR enables the optional docker image publish to Docker Hub, conditional on providing

• Input docker-hub-username
• secret DOCKERHUB_TOKEN

Without these the action only deploys to ghcr

Why

• Unlocks ability to have production crawlers in Cd Azure means any member of Clearly Defined with access to the account can manage, support and troubleshoot. Currently we need to request help from MSFT if there are any issues.
• Our other App Services the api and website are already using ghcr for images so we need to move crawler there as well
• MSFT crawlers are deployed using webhook from dockerhub that triggers the deploy. So we still need to publish to dockerhub.

Testing

Using test branch https://github.com/clearlydefined/crawler/tree/deploy-production-cd-azure
connfigured to publish to my dockerhub, and deploy to a inactive prod crawler in CD azure

Successful prod deploy which publshses 2 images docker hub and ghcr: https://github.com/clearlydefined/crawler/actions/runs/11163856034
Sucessful dev deploy that publishes 1 gchr image https://github.com/clearlydefined/crawler/actions/runs/11164059253

notes:

I will squash the commits when I merge as there was a lot of back and forth to test

[elrayle]

Really glad to see deploy to DockerHub coming together. I proposed an alternative approach to generating the image name twice. See what you think about that option.

[elrayle]

Based on the example for push-multi-registries, it appears that the image-name-with-tag is the same for both, except that in the case of ghcr, it is prepended with ghcr.io. It might be cleaner to determine the image name once for both and then do a prepend when they are used.

This would require removing ghcr.io from the image_base_name in the script and prepending it when the image name is used. This works here because the username for DockerHub is the same as the org (owner) name.

[ljones140]

Thanks, I will try your proposal

I like that it reduced having the if statements on prefix in the shell script.

[elrayle]

With the previous suggestion, the prefix isn't needed. image_base_name will be $repo for both ghcr and Docker Hub.

[elrayle]

There is a proposal below for a way to only get the image-name-with-tag once and then add the prepend at the point where these are used. An alternative would be to still get the image-name-with-tag only once and do the prepend here instead of at the point the tags are used.

Suggested change

	gchr-docker-image-name-with-tag: "${{ env.GCHR_DOCKER_IMAGE_NAME_WITH_TAG }}"
	dockerhub-image-name-with-tag: "${{ env.DOCKERHUB_IMAGE_NAME_WITH_TAG }}"
	ghcr-docker-image-name-with-tag: "ghcr.io/${{ env.DOCKER_IMAGE_NAME_WITH_TAG }}"
	dockerhub-image-name-with-tag: "${{ env.DOCKER_IMAGE_NAME_WITH_TAG }}"

[elrayle]

If following the previous proposal to have a single image-name-with-tag, you can either do the prepend here like the following or at the point where the tags are created if you think it is clearer to have separate outputs for the tags (as in the suggestion for job determine-image-name).

Suggested change

	tags: |
	${{ needs.determine-image-name.outputs.gchr-docker-image-name-with-tag }}
	${{ needs.determine-image-name.outputs.dockerhub-image-name-with-tag }}
	tags: |
	"ghcr.io/${{ needs.determine-image-name.outputs.docker-image-name-with-tag }}"
	${{ needs.determine-image-name.outputs.docker-image-name-with-tag }}

[ljones140]

This looks great, much simpler than my approach

[elrayle]

One other question related to this, what happens if you have the tag that is expected to go to Docker Hub, but the login to Docker Hub didn't happen, which is what is expected for all but prod crawler deploy? Does it just push to ghcr.io in that case?

[ljones140]

The tag is not generated and it's an empty string, As I've added the conditional if: ${{ inputs.docker-hub-username != '' }} in the step Determine Dockerhub Image Name

      - name: Determine Dockerhub Image Name
        if: ${{ inputs.docker-hub-username != '' }}
        id: determine_dockerhub_name

I've tested this with a dev release and it only publishes the ghcr image.

[ljones140]

@elrayle
Thanks for you review, I will attempt to implement your proposal.

It all depends on wether I can add the conditionals to ensure that dockerhub tag is added only when needed.

[ljones140]

@elrayle I've attempted to implement the strategy you have suggested.

One subtle issue I had to deal with however.
Using the suggestion as documented here couples the dockerhub username with the GitHub repos org name.

          tags: |
            user/app:latest
            user/app:1.0.0
            ghcr.io/user/app:latest
            ghcr.io/user/app:1.0.0    

But in order for me to test the action I've added my docker credentials into the crawler vars.
https://hub.docker.com/repository/docker/ljones140/crawler
I have to do this so we don't accidentally publish a production release. As the prod app services are deployed from a docker hub webhook.

So I've altered the determining image script so it doesn't take the org/repo just the repo_name.
And only call it once.

Then only add the dockerhub tag string conditionally

[elrayle]

This looks great. Thanks for pushing this through. There is a single suggestion to update the documentation of the output of the script.