containers/ws: Publish image more frequently, only when needed #22042
Conversation
There was a problem hiding this comment.
Thank you! In our defence, the regular rebuilds were somewhat intended to pick up security updates etc. from the distro even if cockpit didn't change. But we release often enough that this doesn't matter so much, and cockpit is the primary attack vector anyway. So I agree to this change.
Let's just fix the version check. Also, can you please reorder the commit subject to "containers/ws: Publish image..."?
* Change cron schedule to daily * Compare current version to tags in registry, skip push if match found * Force push image if workflow dispatched manually with input set Signed-off-by: Marvin A. Ruder <[email protected]>
marvinruder
force-pushed
the
publish-ws-image-only-when-needed
branch
from
03cd772 to
f64a1f6
Compare
Ah, I see.
Also, in case some major vulnerability in the base image is found, you can still publish a new image immediately using the
All done, thanks! |
martinpitt
changed the title
cockpit/ws image more frequently, only when needed
martinpitt
added
the
.github-changes
As mentioned in #21969 (comment), the current method of pushing new
cockpit/wsimages to the registry is not optimal, as an image is pushed in regular intervals regardless of whether the Cockpit version changed. To not push an excessive number of images, a weekly schedule has been adopted, so that the container releases can be up to 7 days late after a new release landed in the Fedora repositories (this has also been discussed in #21950).This PR proposes the following changes:
FORCE_PUSHfor manual workflow dispatches has been added. If set totrue, the image will be pushed to the registry regardless of whether an image with the current version is already present.