From d20bad4cdcfce226b3f1769ed6becbcb6d4e6ed3 Mon Sep 17 00:00:00 2001 From: Joshua Kuestersteffen Date: Mon, 24 Feb 2025 12:23:43 -0600 Subject: [PATCH 1/2] feat: config for setting up ECR repository --- .../code/releasing/publish-docker-image.md | 37 ++++++++++++++++++- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/content/en/contribute/code/releasing/publish-docker-image.md b/content/en/contribute/code/releasing/publish-docker-image.md index 9e7457963b..a8282661f6 100644 --- a/content/en/contribute/code/releasing/publish-docker-image.md +++ b/content/en/contribute/code/releasing/publish-docker-image.md @@ -8,15 +8,48 @@ relatedContent: > core/releases --- -Docker images for CHT projects can be published to the [medicmobile](https://hub.docker.com/u/medicmobile) Docker Hub organization, so they are easily accessible to the community. This process can be automated using GitHub actions. +## Setup Image Repository + +Docker images can be published to Docker Hub or Amazon ECR. (You should only publish to one of these repositories. There is no need to store the same image in both places.) -## Create repository on Docker Hub +### Configure repository on Docker Hub + +Docker images for CHT projects can be published to the [medicmobile](https://hub.docker.com/u/medicmobile) Docker Hub organization, so they are easily accessible to the community. This process can be automated using GitHub actions. First, create a repository for your new image on Docker Hub. 1. Use the admin Docker account to [create a new repository](https://hub.docker.com/u/medicmobile) in the `medicmobile` organization. 2. For your new repository, update the permissions to give the `developers` team the ability to `Read & Write`. This will allow the GitHub action to push to the repository. +### Configure repository on ECR + +There are two Amazon ERC repositories that can be used for publishing CHT images. `public.ecr.aws/medic` contains the released versions of the images, while `720541322708.dkr.ecr.eu-west-2.amazonaws.com/medic` is used to store branch builds (useful for CI testing, etc). + +Use an AWS admin account to add a new _public_ repository configuration for the new Docker image. For example: + +```json +{ + "repository": { + "repositoryArn": "arn:aws:ecr:eu-west-2:720541322708:repository/medic/cht-couchdb-nouveau", + "registryId": "720541322708", + "repositoryName": "medic/cht-couchdb-nouveau", + "repositoryUri": "720541322708.dkr.ecr.eu-west-2.amazonaws.com/medic/cht-couchdb-nouveau", + "createdAt": "2024-12-03T13:05:44.979000+03:00", + "imageTagMutability": "MUTABLE", + "imageScanningConfiguration": { + "scanOnPush": false + }, + "encryptionConfiguration": { + "encryptionType": "AES256" + } + } +} +``` + +Update the `ecr-publishers` IAM Group policy (associated with the IAM user: `ci-user`) in include the resource url for your new Docker image in the `Statement[*].Resource` array. + +_See this issue thread for more details: [#9685](https://github.com/medic/cht-core/issues/9685)._ + ## Add GitHub Action Workflow configuration Now that the Docker Hub repository is created, you can add the GitHub Action workflow configuration to your project. This configuration should build the Docker image based on the code in the repository and then publish it to the Docker Hub repository. From a768b343dd2cc2a8d8c08e05f10b74218a48aaf4 Mon Sep 17 00:00:00 2001 From: Joshua Kuestersteffen Date: Tue, 25 Feb 2025 16:08:51 -0600 Subject: [PATCH 2/2] Update content/en/contribute/code/releasing/publish-docker-image.md Co-authored-by: mrjones <8253488+mrjones-plip@users.noreply.github.com> --- content/en/contribute/code/releasing/publish-docker-image.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/contribute/code/releasing/publish-docker-image.md b/content/en/contribute/code/releasing/publish-docker-image.md index a8282661f6..ac15fd8066 100644 --- a/content/en/contribute/code/releasing/publish-docker-image.md +++ b/content/en/contribute/code/releasing/publish-docker-image.md @@ -25,7 +25,7 @@ First, create a repository for your new image on Docker Hub. There are two Amazon ERC repositories that can be used for publishing CHT images. `public.ecr.aws/medic` contains the released versions of the images, while `720541322708.dkr.ecr.eu-west-2.amazonaws.com/medic` is used to store branch builds (useful for CI testing, etc). -Use an AWS admin account to add a new _public_ repository configuration for the new Docker image. For example: +Use an AWS admin account to add a new _public_ repository configuration for the new Docker image. For example, for the `cht-couchdb-nouveau` image, it would look like: ```json {