Push a continual "dev" image to dockerhub (#781)

* Push a continual "dev" image to dockerhub

* checkpoint

* add a dev tag to the nox constants and update the docker workflow to push latest on releases

* parametrize the docker push command with dev and prod

* add comments to docker_nox and add a push for the version

* update the changelog

* Flesh out docker ignore

Co-authored-by: Paul Sanders <psanders1@gmail.com>

* Nit the changelog

Co-authored-by: Phil Salant <PSalant726@users.noreply.github.com>

* update workflow job names

Co-authored-by: Paul Sanders <psanders1@gmail.com>
Co-authored-by: Phil Salant <PSalant726@users.noreply.github.com>

.dockerignore

@@ -3,11 +3,31 @@ build/
 dist/
 src/fidesctl.egg-info/
 
+# Ignore Python-Specific Files
+.mypy_cache/
+.nox/
+.pytest_cache/
+__pycache__/
+.coverage
+
+# pyenv
+.python-version
+
+# Environments
+.env
+.venv
+env/
+venv/
+
+# Editors
+.vscode/
+.idea/
+
 # Ignore the docs
 docs/
 
 # Ignore dev files
+.git/
 .github/
 .devcontainer/
-
 node_modules/

.github/workflows/docker.yaml

@@ -2,12 +2,15 @@ name: Docker Build & Push
 
 on:
   push:
+    branches:
+      - main
     tags:
       - "*"
 
 env:
   DOCKER_USER: ethycaci
   DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+  TAG: ${{ github.event.release.tag_name }}
 
 jobs:
   push-fidesctl:
@@ -26,8 +29,12 @@ jobs:
       - name: Install Dev Requirements
         run: pip install -r dev-requirements.txt
 
-      - name: Build Fidesctl
+      - name: Build Fidesctl Image
         run: nox -s "build(prod)"
 
-      - name: Push Fidesctl
-        run: nox -s push
+      - name: Push Fidesctl Dev Tag
+        run: nox -s "push(dev)"
+
+      - name: Push Fidesctl Prod Tags
+        if: ${{ env.TAG }}
+        run: nox -s "push(prod)"

CHANGELOG.md

@@ -42,6 +42,7 @@ The types of changes are:
   * Add a component for Identifiability tags
 * Okta, aws and database credentials can now come from `fidesctl.toml` config [#694](https://github.com/ethyca/fides/pull/694)
 * New `validate` endpoint to test aws and okta credentials [#722](https://github.com/ethyca/fides/pull/722)
+* A new image tagged `ethyca/fidesctl:dev` is published on each push to `main` [781](https://github.com/ethyca/fides/pull/781)
 * A new cli command (`fidesctl sync`) [#765](https://github.com/ethyca/fides/pull/765)
 
 ### Changed

noxfiles/constants_nox.py

@@ -24,6 +24,7 @@ def get_current_tag() -> str:
 IMAGE = f"{REGISTRY}/{IMAGE_NAME}"
 IMAGE_LOCAL = f"{IMAGE}:local"
 IMAGE_LOCAL_UI = f"{IMAGE}:local-ui"
+IMAGE_DEV = f"{IMAGE}:dev"
 IMAGE_LATEST = f"{IMAGE}:latest"
 
 # Disable TTY to perserve output within Github Actions logs

noxfiles/docker_nox.py

@@ -2,6 +2,7 @@
 import nox
 from constants_nox import (
     IMAGE,
+    IMAGE_DEV,
     IMAGE_LATEST,
     IMAGE_LOCAL,
     IMAGE_LOCAL_UI,
@@ -49,8 +50,23 @@ def build(session: nox.Session, image: str) -> None:
 
 
 @nox.session()
-def push(session: nox.Session) -> None:
+@nox.parametrize(
+    "tag",
+    [
+        nox.param("prod", id="prod"),
+        nox.param("dev", id="dev"),
+    ],
+)
+def push(session: nox.Session, tag: str) -> None:
     """Push the fidesctl Docker image to Dockerhub."""
-    session.run("docker", "tag", get_current_image(), IMAGE_LATEST, external=True)
-    session.run("docker", "push", IMAGE, external=True)
-    session.run("docker", "push", IMAGE_LATEST, external=True)
+
+    tag_matrix = {"prod": IMAGE_LATEST, "dev": IMAGE_DEV}
+
+    # Push either "ethyca/fidesctl:dev" or "ethyca/fidesctl:latest"
+    session.run("docker", "tag", get_current_image(), tag_matrix[tag], external=True)
+    session.run("docker", "push", tag_matrix[tag], external=True)
+
+    # Only push the tagged version if its for prod
+    # Example: "ethyca/fidesctl:1.7.0"
+    if tag == "prod":
+        session.run("docker", "push", IMAGE, external=True)