forked from fluent/fluent-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
139 lines (130 loc) · 4.71 KB
/
clone-docker-image-action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
---
name: Reusable workflow to clone a Docker image from one registry to another
on:
workflow_call:
inputs:
source_image:
description: The source image to clone
required: true
type: string
source_registry:
description: The source registry
required: true
type: string
target_image:
description: The target image to clone
required: true
type: string
target_registry:
description: 'The target registry'
required: true
type: string
platforms:
description: 'The platforms to clone'
required: false
type: string
default: '["linux/arm64", "linux/amd64"]'
suffix:
description: 'The suffix to append to the target image'
required: false
type: string
default: ''
is_latest:
description: 'Whether to tag the image as latest'
required: false
type: boolean
default: false
secrets:
source_registry_token:
description: The Github token or similar to authenticate with for the registry.
required: true
target_registry_token:
description: The Github token or similar to authenticate with for the registry.
required: true
source_registry_username:
description: The source registry username
required: true
target_registry_username:
description: The target registry username
required: true
jobs:
check-image-exists:
strategy:
matrix:
platform: ${{ fromJson(inputs.platforms) }}
runs-on: ubuntu-latest
steps:
- name: Login to source container registry ${{ inputs.source_registry }}
uses: docker/login-action@v3
with:
registry: ${{ inputs.source_registry }}
username: ${{ secrets.source_registry_username }}
password: ${{ secrets.source_registry_token }}
- name: Pull the source image; verify it exists
run:
docker pull "$SOURCE_IMAGE" --platform=${{ matrix.platform }}
env:
SOURCE_IMAGE: ${{ inputs.source_registry }}/${{ inputs.source_image }}
shell: bash
create-tags:
runs-on: ubuntu-latest
outputs:
tags: ${{ steps.tags-converter.outputs.TAGS }}
steps:
- name: docker metadata for tags
id: tags-metadata
uses: docker/metadata-action@v5
with:
flavor: |
latest=${{ inputs.is_latest }}
suffix=${{ inputs.suffix }}
tags: |
raw,latest
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Convert tags to JSON array
id: tags-converter
run: |
# Get the line-separated list of tags
TAGS="${{ steps.tags-metadata.outputs.tags }}"
# Initialize an empty array
JSON_TAGS="["
# Loop through each tag and append to the JSON array
while read -r tag; do
JSON_TAGS+="\"$tag\","
done <<< "$TAGS"
# print the JSON array
echo "TAGS=$JSON_TAGS"
# Remove the trailing comma and close the array
JSON_TAGS="${JSON_TAGS%,}]"
# Output the JSON array
echo "TAGS=$JSON_TAGS" >> $GITHUB_OUTPUT
push-image:
needs:
- check-image-exists
- create-tags
strategy:
matrix:
image_tags: ${{fromJson(needs.create-tags.outputs.tags)}}
runs-on: ubuntu-latest
steps:
- name: Promote container images from ${{ inputs.source_registry }} to ${{ inputs.target_registry }}
run: |
echo "Promoting $SOURCE_IMAGE to $RELEASE_IMAGE"
docker run --rm \
quay.io/skopeo/stable:latest \
copy \
--all \
--retry-times 10 \
--dest-creds "$RELEASE_CREDS" \
--src-creds "$SOURCE_CREDS" \
"docker://$SOURCE_IMAGE" \
"docker://$RELEASE_IMAGE"
env:
SOURCE_IMAGE: "${{ inputs.source_registry }}/${{ inputs.source_image }}"
RELEASE_IMAGE: "${{ inputs.target_registry }}/${{ inputs.target_image }}:${{ matrix.image_tags }}"
RELEASE_CREDS: ${{ secrets.target_registry_username }}:${{ secrets.target_registry_token }}
SOURCE_CREDS: ${{ secrets.source_registry_username }}:${{ secrets.source_registry_token }}