id,node_id,number,state,locked,title,user,body,created_at,updated_at,closed_at,merged_at,merge_commit_sha,assignee,milestone,draft,head,base,author_association,repo,url,merged_by,auto_merge
655726387,MDExOlB1bGxSZXF1ZXN0NjU1NzI2Mzg3,1347,closed,0,Test docker platform blair only,10801138,,2021-05-28T02:47:09Z,2021-05-28T02:47:28Z,2021-05-28T02:47:28Z,,e755dd8c8cf7149046a8b5fd44aec07c4b2416d3,,,0,f730725fd260ba6578c472c344269d5d5df4e650,7b106e106000713bbee31b34d694b3dadbd4818c,CONTRIBUTOR,107914493,https://github.com/simonw/datasette/pull/1347,,
655741428,MDExOlB1bGxSZXF1ZXN0NjU1NzQxNDI4,1348,open,0,DRAFT: add test and scan for docker images,10801138,"**NOTE: I don't think this PR is ready, since the arm/v6 and arm/v7 images are failing pytest due to missing dependencies (gcc and friends). But it's pretty close.**

Closes https://github.com/simonw/datasette/issues/1344 . Using a build-matrix for the platforms and [this test](https://github.com/simonw/datasette/issues/1344#issuecomment-849820019), we test all the platforms in parallel. I also threw in container scanning.

### Switch `pip install` to use either tags or commit shas

Notably! This also [changes the Dockerfile](https://github.com/blairdrummond/datasette/blob/7fe5315d68e04fce64b5bebf4e2d7feec44f8546/Dockerfile#L20) so that it accepts tags or commit-shas.

```
# It's backwards compatible with tags, but also lets you use shas
root@712071df17af:/# pip install git+git://github.com/simonw/datasette.git@0.56                                                                                                                                            
Collecting git+git://github.com/simonw/datasette.git@0.56                                                                                                                                                                  
  Cloning git://github.com/simonw/datasette.git (to revision 0.56) to /tmp/pip-req-build-u6dhm945                                                                                                                          
  Running command git clone -q git://github.com/simonw/datasette.git /tmp/pip-req-build-u6dhm945                                                                                                                           
  Running command git checkout -q af5a7f1c09f6a902bb2a25e8edf39c7034d2e5de                                                                                                                                                 
Collecting Jinja2<2.12.0,>=2.10.3                                                                            
  Downloading Jinja2-2.11.3-py2.py3-none-any.whl (125 kB) 
```

This lets you build the containers in CI every push for testing, which maybe resolves [this problem](https://github.com/simonw/datasette/issues/1272#issuecomment-808648974)?

# Workflow run example

You can see the results in my workflow [here](https://github.com/blairdrummond/datasette/pull/2/checks?check_run_id=2690570717). The commit history is different because I squashed this branch, also in the testing branch I had to change `github.com/simonw` to `github.com/blairdrummond` for the CI to pick up my git_sha.

## Why did the builds fail?

**NOTE:** The results of all the tests fail, but for different reasons! A few fail to install Rust, the amd64 passes the tests (phew!) but has critical CVEs which fail the container scan, the Arm/v6 and Arm/v7 seem to fail to install the test dependencies due to missing programs like `gcc`. (`gcc` is not sufficient though, as [this run](https://github.com/blairdrummond/datasette/pull/3/checks?check_run_id=2690672982) indicates) ",2021-05-28T03:02:12Z,2021-05-28T03:06:16Z,,,eeea7cb835be0f0319cafccf50dffa6ad26826c5,,,0,56cba8fb837cd938c2f9d7423ee43d62a81c8f7c,7b106e106000713bbee31b34d694b3dadbd4818c,CONTRIBUTOR,107914493,https://github.com/simonw/datasette/pull/1348,,