Skip to content

ci: build Docker image and push to registry from applicative's CI#98

Open
bolinocroustibat wants to merge 8 commits intomainfrom
feat/build-in-ci
Open

ci: build Docker image and push to registry from applicative's CI#98
bolinocroustibat wants to merge 8 commits intomainfrom
feat/build-in-ci

Conversation

@bolinocroustibat
Copy link
Contributor

@bolinocroustibat bolinocroustibat commented Feb 17, 2026

Closes #94.

Need the little CI simplification #97 to be merged first, and the infra workflow to be adapted (it has its own MR).

Build and push as a Docker image from applicative's CI (here, CircleCI), as we did with cdata

Changes:

  • Add a production Dockerfile (uv base image, non-root user, gunicorn with aiohttp worker). Same image that was used by the infra, with APP_MODULE env var to define if it's for Tabular API or Metrics API
  • Refactor CircleCI workflow: single build job that builds the wheel and the Docker image, then pushes the image to the GitLab registry. publish-pypi runs only on version tags.
  • Workflow: lint, tests, and build run on every push to main and on version tags (v*). Docker image tag is always the package version from setuptools_scm (RELEASE_VERSION), so the wheel and the image stay in sync; no separate branch/tag logic for the image.
  • CI parameters for registry URL, image name, and build branch (default main).

Example workflow:

  • Push a version tag (e.g. v1.2.0):
    • would tag/push image on Docker registry registry.gitlab.com/etalab/data.gouv.fr/infra/tabular-api:1.2.0 and registry.gitlab.com/etalab/data.gouv.fr/infra/metrics-api:1.2.0
    • PyPI: the wheel is published to PyPI as version 1.2.0 (publish-pypi runs on version tags).
  • Push on main (no tag):
    • would tag/push image on docker registry registry.gitlab.com/etalab/data.gouv.fr/infra/tabular-api:1.2.0.dev5 or ...:1.2.0.dev5-a1b2c3d, and registry.gitlab.com/etalab/data.gouv.fr/infra/metrics-api:1.2.0.dev5
    • PyPI: nothing is published: publish-pypi runs only on version tags, not on branch pushes.

Each build gets a unique image tag (no overwriting).

Follow-up

As a follow-up PR, we can also easily set up an automatic infra deployment when pushing a version tag. This would involve a trigger-gitlab-pipeline job to send the tag using @jordanguedj ’s scaffolding script
It’s not a requirement for now, unless you want to go all the way (spoiler: I’m keen, but I’ll keep it for a separate PR).

@bolinocroustibat bolinocroustibat self-assigned this Feb 17, 2026
@bolinocroustibat bolinocroustibat changed the title ci: build Docker image in CI and push to registry ci: build Docker image and push to registry from applicative's CI Feb 17, 2026
@bolinocroustibat bolinocroustibat changed the base branch from main to feat/fix-ci February 18, 2026 10:49
@bolinocroustibat bolinocroustibat force-pushed the feat/fix-ci branch 2 times, most recently from 0159709 to f1b2baf Compare February 18, 2026 11:14
@bolinocroustibat bolinocroustibat force-pushed the feat/build-in-ci branch 4 times, most recently from b493cce to 5ac7859 Compare February 18, 2026 11:56
Base automatically changed from feat/fix-ci to main February 18, 2026 14:41
Comment on lines +122 to +123
# Docker tags allow only [a-zA-Z0-9_.-]; setuptools_scm can output e.g. 0.4.0.dev5+gabc1234
DOCKER_TAG=$(echo "$RELEASE_VERSION" | tr '+' '-')
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we should use commit sha instead of a tag? I think it would be nice to have a single strategy between the different docker images naming?

- publish:
filters:
branches:
only: << pipeline.parameters.publish-branch >>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Have you tried running the pipeline by changing the filter to allow it on this branch?
This would allow testing the resulting docker image :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[tabular-api] Move the CD build from infra to CI/CD workflow's side

2 participants

Comments