ci: add docker build action

[vnghia]

Part of #544

This PR adds a docker pipeline for PR, and push to main. Since we are no longer supporting bare-metal installation, I think we should probably just remove cargo-dist entirely and only focusing on Docker. What do you think @IgnisDa ?

[IgnisDa]

Yep cargo dist can be removed completely.

[vnghia]

@IgnisDa I think our .dockerignore is not strict enough and is causing a lot of cache invalidation. Could you point me to all the necessary files that we need to build the docker image (for example, I don't think we need the .github folder inside the Docker)? After this PR, we will build a lot more docker image than before and long building time could be a problem.

[vnghia]

The build successed on my end (https://github.com/vnghia/ryot/pkgs/container/ryot/162832490?tag=pr-3), this is probably because I don't have permission to write to this repo yet and the PR isn't merged.

Pushing to main will update ryot:unstable (https://github.com/vnghia/ryot/pkgs/container/ryot/162837319?tag=unstable)

[IgnisDa]

Should we do away with cargo-dist in this release?

[vnghia]

sorry, what do you mean by "do away" ?

[vnghia]

Oh, I got it, never heard it before. The reason why I haven't touched it is because I don't have enough information about what it is doing, espcially the upload-kodi-plugin. Also the deploy and the build docs should probably be kept so what do you think about these two jobs ?

[IgnisDa]

Yep deploy updates the public instance and upload-kodi-plugin creates the kodi archive. Both of the jobs are required.

[vnghia]

This PR also addresses #544 (comment)

[IgnisDa]

Help me understand this PR.

When I push a new tag, the Release workflow should now be responsible for creating the release and uploading the kodi artifact to it. Simultaneously, the Docker workflow creates the correct and uploads the image to ghcr.

If this is the case the only jobs in Release workflow should only have create-release, upload-kodi-plugin, publish-release, deploy, deploy-docs jobs. Currently, some of these jobs use cargo-dist, which we have to remove completely.

[vnghia]

Do you want the fly deploy to use the latest release or the latest commit to main ?

[IgnisDa]

The latest commit, what we tag as unstable as of now.

[vnghia]

I am not sure how we should handle the ci logic without cargo-dist, particularly the release vs pre-release so I think I will let you do the rest so it can fit with your needs.

[IgnisDa]

@vnghia I'm not sure how, but v4.1.0 got published by this PR (#557).

Is there any way to prevent changes from this PR being published to this repo?

[vnghia]

@IgnisDa, as far as I can tell, github will internally create a branch everytime there is a new PR. So when I do a release commit for testing on my fork, it will also make that commit a release on your end. It seems bypassing whatever permission model about the CI as well and this is a security issue with github and I will try to report it as soons as possible.

[vnghia]

It seems that you are the one who pushing the release commit, not me and thus bypassing the permission checking. Maybe because you are editing directly my PR so github counts that commit as yours.

[IgnisDa]

Ah well, that makes sense. I assumed that only workflows committed to main run.

[vnghia]

@IgnisDa, and my last suggestion: switch from supervisord to concurrently which will show logs as well as kill other processes if one dies. See vnghia#5. You can test by using ghcr.io/vnghia/ryot:pr-5.

and concurrently log

[backend] 2024-01-04T04:18:13.134363Z  INFO ryot: Running version: 4.0.8-beta.2
[proxy] {"level":"info","ts":1704341893.1851282,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
[proxy] {"level":"info","ts":1704341893.1903105,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
[proxy] {"level":"warn","ts":1704341893.1918602,"logger":"http.auto_https","msg":"automatic HTTPS is completely disabled for server","server_name":"srv0"}
[backend] 2024-01-04T04:18:13.192501Z  INFO sea_orm_migration::migrator: Applying all pending migrations
[proxy] {"level":"info","ts":1704341893.1934648,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003a9b00"}
[proxy] {"level":"info","ts":1704341893.1941092,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/home/ryot/.local/share/caddy"}
[proxy] {"level":"info","ts":1704341893.1944227,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
[proxy] {"level":"info","ts":1704341893.1955075,"msg":"autosaved config (load with --resume flag)","file":"/home/ryot/.config/caddy/autosave.json"}
[proxy] {"level":"info","ts":1704341893.195525,"msg":"serving initial configuration"}
[backend] 2024-01-04T04:18:13.196112Z ERROR ryot: Database migration failed: Custom Error: Migration file of version 'm20230901_create_metadata_group' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231025_add_collection_id_field_to_review' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231025_remove_duplicate_calendar_events' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231106_change_primary_key_exercise' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231113_add_media_ownership' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20230507_create_collection' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231101_change_production_status' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231105_change_calendar_event_column_type' is missing, this migration has been applied but its file is missing
[backend] Migration file of version 'm20231024_add_metadata_group_id_field_to_review' is missing, this migration has been applied but its file is missing
[proxy] {"level":"info","ts":1704341893.200983,"logger":"tls","msg":"finished cleaning storage units"}
[backend] Error: If this is a major version upgrade, please follow the instructions in the migration docs.
[backend] ryot exited with code 1
--> Sending SIGTERM to other processes..
node:events:492
      throw er; // Unhandled 'error' event
      ^

Error: spawn ps ENOENT
    at ChildProcess._handle.onexit (node:internal/child_process:286:19)
    at onErrorNT (node:internal/child_process:484:16)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
Emitted 'error' event on ChildProcess instance at:
    at ChildProcess._handle.onexit (node:internal/child_process:292:12)
    at onErrorNT (node:internal/child_process:484:16)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
  errno: -2,
  code: 'ENOENT',
  syscall: 'spawn ps',
  path: 'ps',
  spawnargs: [ '-o', 'pid', '--no-headers', '--ppid', 17 ]
}

[vnghia]

I've just made a tag here: https://github.com/vnghia/ryot/releases/tag/v4.2.0
I think the CI is falling because it is my own PR which don't have enough permission to push to your ghcr.io. After it is merged, that error should go away.

[IgnisDa]

@vnghia Do you think this is ready to be merged?

[vnghia]

I think it's ready to be merged 🥳

[IgnisDa]

@vnghia I am not able to figure out how to publish the latest tag. With the current configuration of the release workflow, that tag will not be published at all.

Can't have that happening since that will prevent all existing installations of Ryot (that use :latest tag) to not update at all.

[Robin-Sch]

@vnghia I am not able to figure out how to publish the latest tag. With the current configuration of the release workflow, that tag will not be published at all.

Can't have that happening since that will prevent all existing installations of Ryot (that use :latest tag) to not update at all.

Something like this should work for the publish to ghcr step:

tags: |
            ghcr.io/IgnisDa/ryot:latest
            ghcr.io/IgnisDa/ryot:${{ steps.meta.outputs.tags }}

I'm not sure if you can omit the ghcr.io/user/repo, but this is how I have it on my private repo.

[IgnisDa]

@vnghia I am not able to figure out how to publish the latest tag. With the current configuration of the release workflow, that tag will not be published at all.
Can't have that happening since that will prevent all existing installations of Ryot (that use :latest tag) to not update at all.

Something like this should work for the publish to ghcr step:

tags: |
            ghcr.io/IgnisDa/ryot:latest
            ghcr.io/IgnisDa/ryot:${{ steps.meta.outputs.tags }}

I'm not sure if you can omit the ghcr.io/user/repo, but this is how I have it on my private repo.

@Robin-Sch I want this workflow to make a :latest tag only if it is on the default branch (main). I think if I make the changes you proposed, it will release the latest tag for PRs too.

[Robin-Sch]

If a PR is made do you want a new docker version to be released at all? And do you want it to update the public fly instance?

You could make 2 seperate workflows, one for whatever you want on a PR, and one for whatever you want on a push.

[IgnisDa]

If a PR is made do you want a new docker version to be released at all? And do you want it to update the public fly instance?

You could make 2 seperate workflows, one for whatever you want on a PR, and one for whatever you want on a push.

On PRs I want a release called ghcr.io/ignisda/ryot:pr-505. When a commit is pushed to main, I want it to be released as ghcr.io/ignisda/ryot:unstable and the Fly instance be updated (it runs the unstable image). When a tag is pushed, I want it to be tagged as ghcr.io/ignisda/ryot:unstable and ghcr.io/ignisda/ryot:latest, and update the Fly instance.

Would these requirements mean I have to create 2 different workflows? Won't that result in a lot of duplicated code?

[Robin-Sch]

I'm not sure how you'd do it otherwise, maybe @vnghia could help with that?

EDIT:
You might be able to tweak https://github.com/vnghia/ryot/blob/c50989f96cc91c7e3f121c8359a8afe2c39b8059/.github/workflows/release.yml#L46

and add something like:

type=raw,value=latest,enable={{XXXXX}}

But I'm not sure what that XXXXX variable would be.

Also looking at the same workflow step, it seems like the current setup will also update vX.X.X whenever a new commit is made (at the same time that unstable is updated), as they use the same enable variable. Which I don't think is what you want?

[IgnisDa]

True, I do not want it.

@vnghia Could you please help here?

[vnghia]

I am a little busy right now. I will try on my fork next week!

[Robin-Sch]

Did you manage to find a solution?

[IgnisDa]

Hey @vnghia, any updates on this?

[vnghia]

I will be back next week. Sorry for the delay 😅

[IgnisDa]

Closing in favour of #770.