From 25fed0032b564c7f27ca8de01d7f61c0ce249b95 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 11:43:09 +1000 Subject: [PATCH 01/10] Remove DockerHub tags for v1.x.y and edge --- .github/workflows/sub-build-docker-image.yml | 24 ++++++++++++++------ 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 1b929324619..03ad1f1d9ea 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -90,17 +90,27 @@ jobs: suffix=${{ inputs.tag_suffix }} # generate Docker tags based on the following events/attributes tags: | - type=schedule - # semver and ref,tag automatically add a "latest" tag, but only on stable releases + # These DockerHub release tags support the following use cases: + # - `1.x.y`: always use the exact version, don't automatically upgrade + # - `sha-zzzzzz`: always use the exact commit (the same as `1.x.y`, but also used in CI and production image tests) + # + # Stopping publishing these tags is a breaking change for these use cases: + # - `latest`: always use the latest Zebra release when you pull or update + # - `1`: use the latest Zebra release, but require manual intervention for the next network upgrade + # - `1.x`: update to bug fix releases, but don't add any new features or incompatibilities + # + # semver automatically adds a "latest" tag, but only on stable releases type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} - type=ref,event=tag - type=ref,event=branch - type=ref,event=pr + # DockerHub release and CI tags. + # This tag makes sure tests are using exactly the right image, even when multiple PRs run at the same time. type=sha - # edge is the latest commit on the default branch. - type=edge,enable={{is_default_branch}} + # These CI-only tags support CI on PRs, the main branch, and scheduled full syncs. + # These tags do not appear on DockerHub, because DockerHub images are only published on the release event. + type=ref,event=pr + type=ref,event=branch + type=schedule # Setup Docker Buildx to allow use of docker cache layers from GH - name: Set up Docker Buildx From cce7484b17b3ff7f5ed37937aa3ce41b2f648063 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 11:46:40 +1000 Subject: [PATCH 02/10] Make the latest tag point to the production image, not experimental --- .github/workflows/release-binaries.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index f0b60acbad5..d7f7ee5ced0 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -18,29 +18,30 @@ jobs: # Each time this workflow is executed, a build will be triggered to create a new image # with the corresponding tags using information from git - # The image will be named `zebra:` - build: - name: Build Release Docker + # The image will be named `zebra:.experimental` + build-experimental: + name: Build Experimental Features Release Docker uses: ./.github/workflows/sub-build-docker-image.yml with: dockerfile_path: ./docker/Dockerfile dockerfile_target: runtime image_name: zebra - features: ${{ vars.RUST_PROD_FEATURES }} + tag_suffix: .experimental + features: ${{ format('{0} {1}', vars.RUST_PROD_FEATURES, vars.RUST_EXPERIMENTAL_FEATURES) }} rust_log: ${{ vars.RUST_LOG }} # This step needs access to Docker Hub secrets to run successfully secrets: inherit - # The image will be named `zebra:.experimental` - build-experimental: - name: Build Experimental Features Release Docker + # The image will be named `zebra:` + # It should be built last, so the `latest` tag is the production build, not the experimental build. + build: + name: Build Release Docker uses: ./.github/workflows/sub-build-docker-image.yml with: dockerfile_path: ./docker/Dockerfile dockerfile_target: runtime image_name: zebra - tag_suffix: .experimental - features: ${{ format('{0} {1}', vars.RUST_PROD_FEATURES, vars.RUST_EXPERIMENTAL_FEATURES) }} + features: ${{ vars.RUST_PROD_FEATURES }} rust_log: ${{ vars.RUST_LOG }} # This step needs access to Docker Hub secrets to run successfully secrets: inherit From ed465e5454d7b0a126821d087c54ed8fa78fc644 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 11:47:32 +1000 Subject: [PATCH 03/10] Remove docker image file change trigger from the OS CI workflow --- .github/workflows/ci-unit-tests-os.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/ci-unit-tests-os.yml b/.github/workflows/ci-unit-tests-os.yml index 69ed6ad40bd..53b52cffc2a 100644 --- a/.github/workflows/ci-unit-tests-os.yml +++ b/.github/workflows/ci-unit-tests-os.yml @@ -51,7 +51,6 @@ on: - '**/clippy.toml' # workflow definitions - '.github/workflows/ci-unit-tests-os.yml' - - '.github/workflows/sub-build-docker-image.yml' env: CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} From a9398a4d4c5b25b1b1715788652342811837969e Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 12:04:48 +1000 Subject: [PATCH 04/10] Disable latest tag by default --- .github/workflows/sub-build-docker-image.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 03ad1f1d9ea..493463ea2e0 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -33,6 +33,10 @@ on: test_features: required: false type: string + latest_tag: + required: false + type: boolean + default: false tag_suffix: required: false type: string @@ -88,6 +92,7 @@ jobs: # appends inputs.tag_suffix to image tags/names flavor: | suffix=${{ inputs.tag_suffix }} + latest=${{ inputs.latest_tag }} # generate Docker tags based on the following events/attributes tags: | # These DockerHub release tags support the following use cases: From fd1ccbe95d36832adef1711e9994cf8198798ecb Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 12:05:38 +1000 Subject: [PATCH 05/10] Enable the latest tag for the production build only --- .github/workflows/release-binaries.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index d7f7ee5ced0..b56681f8d57 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -33,7 +33,7 @@ jobs: secrets: inherit # The image will be named `zebra:` - # It should be built last, so the `latest` tag is the production build, not the experimental build. + # It should be built last, so overlapping tags point to the production build, not the experimental build. build: name: Build Release Docker uses: ./.github/workflows/sub-build-docker-image.yml @@ -41,6 +41,7 @@ jobs: dockerfile_path: ./docker/Dockerfile dockerfile_target: runtime image_name: zebra + latest_tag: true features: ${{ vars.RUST_PROD_FEATURES }} rust_log: ${{ vars.RUST_LOG }} # This step needs access to Docker Hub secrets to run successfully From cb12e7e9836925e426dfa42fa207027a05741a3e Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 12:52:22 +1000 Subject: [PATCH 06/10] Restore `edge` tag, it is used in CI and it is CI only --- .github/workflows/sub-build-docker-image.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 493463ea2e0..096be32c5f1 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -115,6 +115,7 @@ jobs: # These tags do not appear on DockerHub, because DockerHub images are only published on the release event. type=ref,event=pr type=ref,event=branch + type=edge,enable={{is_default_branch}} type=schedule # Setup Docker Buildx to allow use of docker cache layers from GH From 3ce70e1dd6c9b3db9e103bce166d102327948f80 Mon Sep 17 00:00:00 2001 From: teor Date: Wed, 25 Oct 2023 13:17:17 +1000 Subject: [PATCH 07/10] Add Docker tag removal to CHANGELOG.md --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d46c3ec28a6..0a61a2dc967 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,6 +40,13 @@ so it can't be used to retry failed downloads in `zebrad` 1.3.0 and earlier. We recommend upgrading to the latest Zebra release to avoid download issues in new installs. +### DockerHub image tags + +Zebra 1.4.0 and later will not have a `v1.4.0` tag on [`zebrad` Docker images](https://hub.docker.com/r/zfnd/zebra/tags). +If you need to stay on a particular version, use the `1.4.0`, `1.4` (patch releases only), or `1` (until NU6) tags. + +We recommend using the `latest` tag to always get the most recent Zebra release. + ### Security TODO: rest of changelog From 5b922b98867ec3f0206d75f1602eafec8f605045 Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 26 Oct 2023 06:01:08 +1000 Subject: [PATCH 08/10] Actually enforce job order --- .github/workflows/release-binaries.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release-binaries.yml b/.github/workflows/release-binaries.yml index b56681f8d57..977be67d4e8 100644 --- a/.github/workflows/release-binaries.yml +++ b/.github/workflows/release-binaries.yml @@ -33,9 +33,12 @@ jobs: secrets: inherit # The image will be named `zebra:` - # It should be built last, so overlapping tags point to the production build, not the experimental build. + # It should be built last, so tags with the same name point to the production build, not the experimental build. build: name: Build Release Docker + # Run this build last, regardless of whether experimental worked + needs: build-experimental + if: always() uses: ./.github/workflows/sub-build-docker-image.yml with: dockerfile_path: ./docker/Dockerfile From a2fc3da8a7d04fb071a367bc39a2caf90db87913 Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 2 Nov 2023 09:50:14 +1000 Subject: [PATCH 09/10] Revert tag publishing changes, but keep extra docs and tag order changes --- .github/workflows/sub-build-docker-image.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 096be32c5f1..4c8d9fc05f9 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -96,15 +96,18 @@ jobs: # generate Docker tags based on the following events/attributes tags: | # These DockerHub release tags support the following use cases: - # - `1.x.y`: always use the exact version, don't automatically upgrade - # - `sha-zzzzzz`: always use the exact commit (the same as `1.x.y`, but also used in CI and production image tests) - # - # Stopping publishing these tags is a breaking change for these use cases: # - `latest`: always use the latest Zebra release when you pull or update # - `1`: use the latest Zebra release, but require manual intervention for the next network upgrade # - `1.x`: update to bug fix releases, but don't add any new features or incompatibilities + # - `v1.x.y` or `1.x.y`: always use the exact version, don't automatically upgrade + # - `sha-zzzzzz`: always use the exact commit (the same as `1.x.y`, but also used in CI and production image tests) + # + # Stopping publishing some tags is a silently breaking change: + # - `1`: doesn't get expected new consensus-compatible releases or bug fixes + # - `1.x`: doesn't get expected bug fixes # - # semver automatically adds a "latest" tag, but only on stable releases + # `semver` adds a "latest" tag if `inputs.latest_tag` is `true`. + type=ref,event=tag type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} From 9e44edd107b76b374acaafd75b701af54cef63eb Mon Sep 17 00:00:00 2001 From: teor Date: Thu, 2 Nov 2023 09:59:29 +1000 Subject: [PATCH 10/10] Update the changelog --- .github/workflows/sub-build-docker-image.yml | 2 +- CHANGELOG.md | 20 ++++++++++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sub-build-docker-image.yml b/.github/workflows/sub-build-docker-image.yml index 4c8d9fc05f9..c1d0c0df698 100644 --- a/.github/workflows/sub-build-docker-image.yml +++ b/.github/workflows/sub-build-docker-image.yml @@ -107,10 +107,10 @@ jobs: # - `1.x`: doesn't get expected bug fixes # # `semver` adds a "latest" tag if `inputs.latest_tag` is `true`. - type=ref,event=tag type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} + type=ref,event=tag # DockerHub release and CI tags. # This tag makes sure tests are using exactly the right image, even when multiple PRs run at the same time. type=sha diff --git a/CHANGELOG.md b/CHANGELOG.md index e8aa4194bd0..cf775ec656b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -46,8 +46,24 @@ We recommend upgrading to the latest Zebra release to avoid download issues in n ### DockerHub image tags -Zebra 1.4.0 and later will not have a `v1.4.0` tag on [`zebrad` Docker images](https://hub.docker.com/r/zfnd/zebra/tags). -If you need to stay on a particular version, use the `1.4.0`, `1.4` (patch releases only), or `1` (until NU6) tags. +Zebra currently publishes 11 [DockerHub tags](https://hub.docker.com/r/zfnd/zebra/tags) for each new release. +We want to reduce the number of DockerHub tags we publish at the next minor Zebra release 1.5.0. + +Based on usage and user feedback, we could stop publishing: +- The `1` tag, which updates each release until NU6 +- The `1.x` tag, which updates each patch release until the next minor release +- The `1.x.y` tag, which is the same as `v1.x.y` +- The `sha-xxxxxxx` tag, which is the same as `v1.x.y` (for production releases) + +We also want to standardise experimental image tags to `-experimental`, rather than `.experimental`. + +So for release 1.5.0, we might only publish these tags: +- `latest` +- `latest-experimental` (a new tag) +- `v1.5.0` +- `v1.5.0-experimental` + +Please let us know if you need any other tags by [opening a GitHub ticket](https://github.com/ZcashFoundation/zebra/issues/new?assignees=&labels=C-enhancement%2CS-needs-triage&projects=&template=feature_request.yml&title=feature%3A+). We recommend using the `latest` tag to always get the most recent Zebra release.