From 18b9255aa5c7b2bf09fc6ec4164fba037c52bdcf Mon Sep 17 00:00:00 2001 From: Dominik Rosiek Date: Mon, 22 Apr 2024 16:10:58 +0200 Subject: [PATCH] chore: add script and action to sync repositories Signed-off-by: Dominik Rosiek --- .github/workflows/sync-repositories.yaml | 29 +++++++++++ .../workflows/workflow-sync-repositories.yaml | 51 +++++++++++++++++++ ci/sync-repository.sh | 5 ++ shell.nix | 1 + 4 files changed, 86 insertions(+) create mode 100644 .github/workflows/sync-repositories.yaml create mode 100644 .github/workflows/workflow-sync-repositories.yaml create mode 100755 ci/sync-repository.sh diff --git a/.github/workflows/sync-repositories.yaml b/.github/workflows/sync-repositories.yaml new file mode 100644 index 0000000000..33825e0fc4 --- /dev/null +++ b/.github/workflows/sync-repositories.yaml @@ -0,0 +1,29 @@ +name: Sync Repositories + +on: + push: + branches: + - drosiek-sync-container-repositories + +jobs: + sync-repositories: + strategy: + matrix: + include: + - docker_username: DOCKERHUB_LOGIN_KUBE_RBAC_PROXY + docker_password: DOCKERHUB_PASSWORD_KUBE_RBAC_PROXY + aws_access_key: AWS_ACCESS_KEY_ID_KUBE_RBAC_PROXY + aws_secret_access_key: AWS_SECRET_ACCESS_KEY_KUBE_RBAC_PROXY + src_repository: quay.io/brancz/kube-rbac-proxy + dest_docker_namespace: docker.io/sumologic + dest_ecr_namespace: public.ecr.aws/a4t4y2n3 + uses: ./.github/workflows/workflow-sync-repositories.yaml + with: + src_repository: ${{ matrix.src_repository }} + dest_docker_namespace: ${{ matrix.dest_docker_namespace }} + dest_ecr_namespace: ${{ matrix.dest_ecr_namespace }} + secrets: + DOCKER_USERNAME: ${{ secrets[matrix.docker_username] }} + DOCKER_PASSWORD: ${{ secrets[matrix.docker_password] }} + AWS_ACCESS_KEY_ID: ${{ secrets[matrix.aws_access_key] }} + AWS_SECRET_ACCESS_KEY: ${{ secrets[matrix.aws_secret_access_key] }} diff --git a/.github/workflows/workflow-sync-repositories.yaml b/.github/workflows/workflow-sync-repositories.yaml new file mode 100644 index 0000000000..c984e527a9 --- /dev/null +++ b/.github/workflows/workflow-sync-repositories.yaml @@ -0,0 +1,51 @@ +name: Sync container repository + +on: + workflow_call: + inputs: + src_repository: + description: Source repository + required: true + type: string + dest_docker_namespace: + description: Destination DockerHub repository + required: true + type: string + dest_ecr_namespace: + description: Destination ECR repository + required: true + type: string + secrets: + DOCKER_USERNAME: + required: true + DOCKER_PASSWORD: + required: true + AWS_ACCESS_KEY_ID: + required: true + AWS_SECRET_ACCESS_KEY: + required: true + +jobs: + sync-repository: + runs-on: ubuntu-20.04 + name: sync ${{ inputs.src_repository }} repository + steps: + - uses: actions/checkout@v4 + - name: Install skopeo + run: sudo apt-get install skopeo -y + - name: Login to Docker Hub + uses: docker/login-action@v3.1.0 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + - name: Synchronize image to Docker Hub repository + run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_docker_namespace }} + - name: Login to ECR + run: |- + aws ecr-public get-login-password --region us-east-1 \ + | docker login --username AWS --password-stdin ${{ inputs.dest_ecr_namespace }} + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + - name: Synchronize image to ECR repository + run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_ecr_namespace }} diff --git a/ci/sync-repository.sh b/ci/sync-repository.sh new file mode 100755 index 0000000000..549851b556 --- /dev/null +++ b/ci/sync-repository.sh @@ -0,0 +1,5 @@ +#!/usr/bin/bash + +SRC_REPOSITORY=${1} +DESTINATION_NAMESPACE=${2} +skopeo --insecure-policy sync --src docker --dest docker ${SRC_REPOSITORY} ${DESTINATION_NAMESPACE} diff --git a/shell.nix b/shell.nix index 380542c366..415a60cde3 100644 --- a/shell.nix +++ b/shell.nix @@ -30,6 +30,7 @@ pkgs.mkShell { pkgs.golangci-lint pkgs.go pkgs.kind + pkgs.skopeo ]; } ## Output of `make tool-versions`: