[OT] Additional container registry mirror [Was: Re: Sunsetting the Docker `openwrtorg` org (not `openwrt` org)]

[Paul Spooren]

Hi all,

>> I've not done any prior research about all viable options yet, but quay.io
>> looks so far as my favorite option. Any objections/ideas?

I added quay.io as a third registry (next to docker.io <http://docker.io/> and ghcr.io <http://ghcr.io/>).

By doing so I found that there seem to be quite a number of security issues[1] with our current build image, could someone upload that please?

My next question would be about tags. When I implemented the container CI a long time ago, I came up with all kinds of extra tags for things, a list below:

* master == snapshot == “” (sdk:master == sdk:snapshot == sdk)
* git tag plus release name (sdk:v21.02.1 == sdk:21.02.1
* git branch plus snapshot name (sdk:openwrt-21.02 == sdk:21.02-SNAPSHOT)
* x64/64 is “default” aka “” (sdk:x86-64 == sdk == dk:latest)
* … else prefix target (sdk:ath79-generic == sdk:ath79-generic-{master, snapshot})

That’s… a bit much maybe. Do people have a conscious idea of what tags to add? If people like the “old” approach I’ll implement it in the GitHub CI, too.

Paul

[1]: https://quay.io/repository/openwrt/imagebuilder/manifest/sha256:9d26dc1bfbe127e006bd14bd8b9c4618dde53ba1f8e6d8e39cd6097854b345ee?tab=vulnerabilities