Support testing Docker images in PR #1174
Description
Here is how a new builder Docker image is released at the moment:
- A PR is submitted, i.e. [BE] Add sccache to manywheel binary build #1169
- https://github.com/pytorch/builder/blob/main/.github/workflows/build-manywheel-images.yml is triggered to build the new Docker image. However, it won't pushed anything to https://hub.docker.com/r/pytorch for security reason (exposing the docker token), i.e. https://github.com/pytorch/builder/actions/runs/3319194712/jobs/5484043846
- [PROBLEM] Because the image isn't published, there is no clear way to use it from PyTorch or PyTorch canary for testing, i.e. [BE] Use sccache when building manywheel binary pytorch#87523.
- [PROBLEM] The docker image can still be pushed manually for testing, but in the current state, the new image will become available to everyone right away when it's uploaded to PyTorch Docker hub. Note that PyTorch DOCKER_TOKEN is a privilege secret and won't be open to take
- Take a leap of faith, PR is approved and pushed. The Docker image will then be pushed to https://hub.docker.com/r/pytorch right away and become available to all workflows across PyTorch and other domain libraries
We should figure out how to address step 3 and get rid of step 4 by providing a way to support testing new Docker images as part of the PR. Here are some thoughts:
- Use a different tag and a different Docker repository for testing. People will have permission to upload the images there in their PR
- Manually upload the image to personal Docker hub using personal token