add permissions for token

Signed-off-by: Sarath Chandra Oruganti <[email protected]>
sarathchandra24 · Mar 9, 2024 · 24ee683 · 24ee683
1 parent 897631d
commit 24ee683
Showing 1 changed file with 68 additions and 26 deletions.
diff --git a/.github/workflows/clone-image.yaml b/.github/workflows/clone-image.yaml
@@ -7,12 +7,22 @@ on:
       - personal-*
 env:
   DOCKER_REPO: "sarathchandra24"
-  DOCKER_IMAGE: "fluent-bit"
+  DOCKER_IMAGE: "fluent-operator"
   GITHUB_IMAGE: "${{ github.repository }}/fluent-operator"
 
+permissions:
+  contents: read
+  packages: write
+
 jobs:
-  copy_images:
+  copy_images_metadata:
     runs-on: ubuntu-latest
+    outputs:
+      image_tags: ${{ steps.release-metadata.outputs.tags }}
+      image_labels: ${{ steps.release-metadata.outputs.labels }}
+      docker_image_name: ${{ env.DOCKER_IMAGE }}
+      docker_image_repo: ${{ env.DOCKER_REPO }}
+      github_image: ${{ env.GITHUB_IMAGE }}
 
     steps:
     - name: Checkout code
@@ -30,13 +40,35 @@ jobs:
           type=ref,event=tag
           type=semver,pattern={{version}}
           type=semver,pattern={{major}}.{{minor}}
+    
+    - name: docker metadata
+      id: release-metadata
+      uses: docker/metadata-action@v5
+      with:
+        tags: |
+          raw,latest
+          type=ref,event=branch
+          type=ref,event=pr
+          type=ref,event=tag
+          type=semver,pattern={{version}}
+          type=semver,pattern={{major}}.{{minor}}
 
     - name: Install Skopeo
       run: sudo apt-get update && sudo apt-get install -y skopeo
 
     - name: Set up Docker Buildx
       id: buildx
       uses: docker/setup-buildx-action@v3
+
+    - name: Login to GitHub Container Registry
+      uses: docker/login-action@v3
+      with:
+        registry: ghcr.io
+        username: ${{ github.actor }}
+        password: ${{ secrets.GITHUB_TOKEN }}
+
+    - name: display tags
+      run: echo "${{ steps.release-metadata.outputs.tags }}"
 
     - name: Build and Push Image for Fluent Bit
       id: docker-build
@@ -49,29 +81,39 @@ jobs:
         tags: ${{ steps.image-metadata.outputs.tags }}
         labels: ${{ steps.image-metadata.outputs.labels }}
 
-    - name: Copy images
-      run: |
-        # Define your source and destination repositories
-        DEST_REPO="docker.io/username/repository"
-
-        # Define your credentials
-        SRC_CREDS="username:token"
-        DEST_CREDS="username:password"
-
-        # Get the list of tags from metadata action output
-        TAGS=$(echo "${{ steps.image-metadata.outputs.tags }}")
+    # - name: Copy images
+    #   run: |
+    #     # Get the list of tags from metadata action output
+    #     TAGS=$(echo "${{ steps.release-metadata.outputs.tags }}")
 
-        # Convert the string of tags to an array
-        IFS=',' read -ra TAGS_ARRAY <<< "$TAGS"
+    #     # Loop through each tag and copy the image
+    #     echo "Total tags: $TAGS"
+    #     echo "$TAGS" 
+    #     echo "$TAGS" | while IFS= read -r tag; do
+    #       echo "Copying $tag"
+    #       skopeo copy --src-creds=$SOURCE_CREDS --dest-creds=$RELEASE_CREDS \
+    #       "docker://$SOURCE_IMAGE:$tag" \
+    #       "docker://$RELEASE_IMAGE:$tag"
+    #     done
+    #   env:
+    #       SOURCE_IMAGE: "ghcr.io/${{env.GITHUB_IMAGE}}"
+    #       RELEASE_IMAGE: "docker.io/${{env.DOCKER_REPO}}/${{ env.DOCKER_IMAGE }}"
+    #       RELEASE_CREDS: "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD}}"
+    #       SOURCE_CREDS: "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
 
-        # Loop through each tag and copy the image
-        for tag in "${TAGS_ARRAY[@]}"; do
-          skopeo copy --src-creds=$SOURCE_IMAGE --dest-creds=$RELEASE_CREDS \
-          "docker://$SOURCE_IMAGE:$tag" \
-          "docker://$RELEASE_IMAGE:$tag"
-        done
-      env:
-          SOURCE_IMAGE: "ghcr.io/${{env.GITHUB_IMAGE}}"
-          RELEASE_IMAGE: "docker.io/${{env.DOCKER_REPO}}/${{ env.DOCKER_IMAGE }}"
-          RELEASE_CREDS: "${{ secrets.REGISTRY_USER }}:${{ secrets.REGISTRY_PASSWORD}}"
-          SOURCE_CREDS: "${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}"
+  clone-docker-image:
+    uses: ./.github/workflows/clone-docker-image-action.yaml
+    needs: copy_images_metadata
+    with:
+      source_image: "${{needs.copy_images_metadata.outputs.github_image}}"
+      source_registry: ghcr.io
+      target_image: "]${{needs.copy_images_metadata.outputs.docker_image_repo}}/${{ needs.copy_images_metadata.outputs.docker_image_name }}"
+      target_registry: docker.io
+      platforms: "['linux/arm64', 'linux/amd64']"
+      image_tags: ${{ needs.copy_images_metadata.outputs.image_tags }}
+    secrets:
+      source_registry_token: ${{ secrets.GITHUB_TOKEN }}
+      target_registry_token: ${{ secrets.REGISTRY_PASSWORD }}
+      source_registry_username: ${{ github.actor }}
+      target_registry_username: ${{ secrets.REGISTRY_USER }}
+