Push Synapse docker images to Element OCI Registry#19420
Conversation
|
I manually kicked off the workflow to test but it is failing: https://github.com/element-hq/synapse/actions/runs/21529909621/job/62042989980 This shouldn't be merged until that is passing. |
| - name: Tailscale | ||
| uses: tailscale/github-action@53acf823325fe9ca47f4cdaa951f90b4b0de5bb9 # v4.1.1 | ||
| with: | ||
| oauth-client-id: ${{ secrets.TS_OAUTH_CLIENT_ID }} | ||
| audience: ${{ secrets.TS_AUDIENCE }} | ||
| tags: tag:github-actions |
There was a problem hiding this comment.
I manually kicked off the workflow to test but it is failing: https://github.com/element-hq/synapse/actions/runs/21529909621/job/62042989980
Is that expected? Should it pass before we merge?
It's failing with:
Error: Please provide either an auth key, OAuth secret and tags, or federated identity client ID and audience with tags.
Are the TS_OAUTH_CLIENT_ID/TS_AUDIENCE variables/secrets filled in?
There was a problem hiding this comment.
I don't think it should be failing.
Yes we should wait for it to pass before merging.
There was a problem hiding this comment.
I just followed the steps outlined in the linked issue (which is to literally copy paste what's in this PR).
So I'm guessing there are secrets missing at some layer. Those secrets aren't visible to me in the repo settings, so maybe some steps to obtain and add them are missing.
| - name: Login to Element OCI Registry | ||
| uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 | ||
| with: | ||
| registry: oci-push.vpn.infra.element.io | ||
| username: ${{ steps.import-secrets.outputs.OCI_USERNAME }} | ||
| password: ${{ steps.import-secrets.outputs.OCI_PASSWORD }} |
There was a problem hiding this comment.
Are these workflows based on us doing the same thing somewhere else?
There was a problem hiding this comment.
It's all based on workflow provided by SRE in our handbook: https://handbook.element.io/books/backend-team/page/testing-libraries-utilities-github-actions-deployments-and-packaging#bkmrk-push-to-oci.element.
| services/backend-repositories/secret/data/oci.element.io username | OCI_USERNAME ; | ||
| services/backend-repositories/secret/data/oci.element.io password | OCI_PASSWORD ; | ||
|
|
||
| - name: Login to Element OCI Registry |
There was a problem hiding this comment.
For my own reference, what does OCI stand for? Open Container Initiative?
I understand oci.element.io (docs) is our own container/image registry.
There was a problem hiding this comment.
Yep, registry.element.io was already taken by our private registry
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [element-hq/synapse](https://github.com/element-hq/synapse) | minor | `v1.147.1` → `v1.148.0` | --- ### Release Notes <details> <summary>element-hq/synapse (element-hq/synapse)</summary> ### [`v1.148.0`](https://github.com/element-hq/synapse/releases/tag/v1.148.0) [Compare Source](element-hq/synapse@v1.147.1...v1.148.0) ### Synapse 1.148.0 (2026-02-24) No significant changes since 1.148.0rc1. ### Synapse 1.148.0rc1 (2026-02-17) #### Features - Support sending and receiving [MSC4354 Sticky Event](matrix-org/matrix-spec-proposals#4354) metadata. ([#​19365](element-hq/synapse#19365)) #### Improved Documentation - Fix reference to the `experimental_features` section of the configuration manual documentation. ([#​19435](element-hq/synapse#19435)) #### Deprecations and Removals - Remove support for [MSC3244: Room version capabilities](matrix-org/matrix-spec-proposals#3244) as the MSC was rejected. ([#​19429](element-hq/synapse#19429)) #### Internal Changes - Add in-repo Complement tests so we can test Synapse specific behavior at an end-to-end level. ([#​19406](element-hq/synapse#19406)) - Push Synapse docker images to Element OCI Registry. ([#​19420](element-hq/synapse#19420)) - Allow configuring the Rust HTTP client to use HTTP/2 only. ([#​19457](element-hq/synapse#19457)) - Correctly refuse to start if the Rust workspace config has changed and the Rust library has not been rebuilt. ([#​19470](element-hq/synapse#19470)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yNS44IiwidXBkYXRlZEluVmVyIjoiNDMuMjUuOCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiaW1hZ2UiXX0=--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/4203 Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net> Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
3 participants
Part of https://github.com/element-hq/serverproduct-internal/issues/1153
Pushes Synapse docker images to the Element OCI Registry in addition to the dockerhub and ghcr registries.
Ready for review despite Draft status. See #19420 (comment)
Pull Request Checklist
EventStoretoEventWorkerStore.".code blocks.