Hey @garrytrinder, before we consider the issue closed, shall we try to integrate building and publishing the Docker image in our CI/CD so that it's done automatically on each release?

Thanks for the feedback @waldekmastykarz I did mean to mark this as draft and start these discussions, you beat me to it 😊

A couple of things that we should also consider in this image.

• Run as non-root user (security)
• Remove apt lists after update (image size)
• Add LABEL metadata to image (discoverability)

Update

• Uses microsoft/powershell:latest alpine base image
• Adds LABEL metadata for better transparency and intent
• Installs node v12
• apt lists removed after update to save space
• Container runs as non-root user, cli-microsoft365 to improve security
• CLI for Microsoft 365 installed using --production to save space
• Command completion for bash & PowerShell configured for improved usability
• Bash set as default shell, can be overridden to use PowerShell when starting container

Build

docker build --pull --rm -f "Dockerfile" -t m365pnp/cli-microsoft365:latest "." --build-arg CLI_VERSION=latest

Usage

docker run --rm -it m365pnp/cli-microsoft365:<tag>
docker run --rm -it m365pnp/cli-microsoft365:<tag> pwsh

Tags (Docker Hub)

• latest
• next
• 3.2.0
• 3.1.0
• 3.0.0

We should also include an update to the telemetry so we can track the requests made from Docker.

@waldekmastykarz added update to CI/CD, it does require environment variables for Docker username and password however.

Will look at adding the telemetry tomorrow, any preference on the environment variable name that we use? CLIMICROSOFT365_ENV=docker ?

CLIMICROSOFT365_ENV=docker is good

Apologies @waldekmastykarz really sloppy PR this one, hopefully all should be good now. I'll leave this in draft to work on a doc page as discussed.

Nah, don't worry about it. No harm done. That's why we do reviews 🙂

@YannickRe apologies, looks like the image does not update when I re-push the :next tag after rebuilding, I expect this will be the same for :latest as well. Thanks for bringing this to my attention. I'll take a look 👍

@garrytrinder no worries! In my DevOps pipeline it redownloads the image every run (cloud hosted agent for testing), and I tested just this morning with both. Good you are seeing the version differences! Just wanted to inform you, in case the automatic process needed some tweaking :)

As we are using circleci/node base image for our pipelines, the Docker tools are already installed, so machine: true is not required. Below is a line from the docs.

This is odd, given that the last time we tried to run CI with these changes merged, it failed because it couldn't find docker 😕

@waldekmastykarz at the moment this does need testing fully, how would I test this? Circle CI is very new to me.

In the past I've tested the setup with my own repo. Not quite trivial if you ask me. If you're convinced that we have everything we need, we can also test here. You could also have a look at https://circleci.com/docs/2.0/local-cli/.

This is odd, given that the last time we tried to run CI with these changes merged, it failed because it couldn't find docker 😕

Not deny that 😁 I think it's the Docker setup step that performs the magic echo we were missing.

In the past I've tested the setup with my own repo. Not quite trivial if you ask me. If you're convinced that we have everything we need, we can also test here. You could also have a look at https://circleci.com/docs/2.0/local-cli/.

Exactly the reason I've not got round to testing it fully yet 😁 I'll take a look at the local CLI & spend some time on this later in the week.

No rush, it goes when it's ready.

Thanks for your input on this @waldekmastykarz bit of a learning curve but I'm getting there 😁

@YannickRe :next and :latest tags should now be working, turns out that when I was building locally it was still using a cached layer hence why it was not updating correctly.

Added --no-cache to the docker build command to force the rebuild.

@garrytrinder tested :next and it it works. Are :next and :latest supposed to be the same? I don't know much about Docker tagging but I expect next to be the version 'in the works' and :latest to be the latest released version of CLI (so at the time of writing, I expect to get a container with CLI 3.3.0).

@YannickRe yes that's correct :next is using @pnp/cli-microsoft365@next and :latest is using @pnp/cli-microsoft365@latest, so they are different versions.

:next -> @pnp/cli-microsoft365@next -> 3.4.0-beta.f253fd3
:latest -> @pnp/cli-microsoft365@latest -> 3.3.0

Do you see something different with :latest?

No, I haven't checked. Wrongly assumed from your previous message that you put the same version in :next and :latest. Ignore me :)

Lost in translation, sorry, I should have been clearer.

I meant that the latest tag would have the same issue as the beta tag and not updating correctly, as we don't target a specific version of the CLI in the build for those tags but rather an alias, so Docker doesn't see it as a change & so pulled from cache.