We are pushing DockerHub images using personal accounts in Airflow. I believe we have three "active" users - Kaxil, Jarek, Ash, likely some more seasoned PMC members (those can be removed), Basically everyone who is a member of the "airflow" team in DockerHub. But we also would like to add one or two more people as we have several people who can assume the release manager role.
Is there a way we can keep the workflow where several release managers prepare (and sign) images manually and push the images there? I also have a comment about autobuilds - I heartily recommend not to use them and especially not to rely on them if you rely on fast and reliable providing images to your users. We used autobuilds in the past but they are terribly slow and unreliable (we had multiple cases where the autobuilds were hanging and actually blocking our release). Sometimes the queue was not cleared for days without help or response from DockerHub. * GitHub issue with 48 comments about stuck/pending builds : https://github.com/docker/hub-feedback/issues/1935 (last one Dec 2021) * Builds stuck in pending: https://forums.docker.com/t/build-stuck-in-pending-on-docker-hub/1360 * Slow builds: https://forums.docker.com/t/why-does-it-take-so-long-for-the-docker-hub-automated-builds-to-upload-the-built-image/1653/29 * Duplicated and slow builds: https://forums.docker.com/t/in-docker-auto-build-images-building-duplicates-please-fix-this-images-building-very-long-it-was-taking-more-than-1-hour/87705/2 * Duplicated builds (I raised this) https://forums.docker.com/t/duplicate-builds-again/93127 I raised and commented and followed up about it in a number of issues (follow the links) a number of times, None of the issues raised for ~ 1 year (with follow-ups) got any reasonable response from DockerHub (I was following it very closely). After those experiences I do not trust autobuilds at all. Autobuilds caused us major pain and long delays in providing reference images to our users. This was a major problem for us therefore eventually we switched to Github Registry for CI and we only use DockerHub to do manual pushing of the images (we experienced pretty much no problems since). We only use DockerHub to push "release images" and it's part of the release process of ours - we treat the images the same way as "source releases" - we prepare it on the "hardware" owned by the release manager (semi-automatically using the same scripts as are used on CI) and push them from there (I actually plan to sign those images very soon too with private keys). J On Fri, Jan 21, 2022 at 5:57 PM Chris Lambertus <c...@apache.org> wrote: > Hi folks, > > We have reached our 200 seat maximum for dockerhub users in the Apache > organization, and Docker Hub is unable to provide any activity records for > those users, so we do not know who to cull. > > Do we have any internal contacts amongst the list at DockerHub who might > be able to assist? > > If not, we'll need to start removing users at more-or-less random as > needed. > > Infra will be moving to a more conservative process for adding dockerhub > users in the future. We will request that: > > - autobuilds be used where possible instead of manual creation > - user access to dockerhub/teams be limited to a max of 2 per project > - all use of dockerhub for pushing artifacts from build servers be limited > to the Infra-provided accounts for this purpose (e.g don't use personal > accounts to push artifacts) > > If your project falls into any of the above categories, please let us know > ASAP so we can trim excess users. > > Thanks, > Chris > ASF Infra > > > >
