Skip to content

Mirror Docker Images to GHCR #334

Mirror Docker Images to GHCR

Mirror Docker Images to GHCR #334

# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# OpenCRVS is also distributed under the terms of the Civil Registration
# & Healthcare Disclaimer located at http://opencrvs.org/license.
#
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
name: Mirror Docker Images to GHCR
on:
schedule:
# Run 30 mins after trivy DB runs (the trivy job takes 15 mins max)
# https://github.com/aquasecurity/trivy-db/blob/cfa337a1088bbcee598ab93656c83fe6b9acb946/.github/workflows/cron.yml#L5
# https://github.com/aquasecurity/trivy-db/actions
- cron: '30 */6 * * *'
workflow_dispatch: # Allows manual triggering of the workflow
jobs:
mirror-dbs:
runs-on: ubuntu-latest
env:
RETRIES: 100
steps:
- name: Install Skopeo
run: |
sudo apt-get update
sudo apt-get install -y skopeo
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to GHCR
run: echo "${{ secrets.GITHUB_TOKEN }}" | skopeo login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Create mirror-image.sh script
run: |
cat << 'EOF' > mirror-image.sh
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail
if [ "$#" -ne 3 ]; then
echo "Usage: $0 <source_image> <destination_image> <retries>"
exit 1
fi
SOURCE_IMAGE=$1
DESTINATION_IMAGE=$2
RETRIES=$3
COUNT=0
until skopeo copy "$SOURCE_IMAGE" "$DESTINATION_IMAGE" || [ $COUNT -ge $RETRIES ]; do
COUNT=$((COUNT+1))
echo "Retry $COUNT/$RETRIES for $SOURCE_IMAGE to $DESTINATION_IMAGE..."
sleep 1
done
if [ $COUNT -ge $RETRIES ]; then
echo "Failed to mirror $SOURCE_IMAGE after $RETRIES attempts."
exit 1
fi
echo "Successfully mirrored $SOURCE_IMAGE to $DESTINATION_IMAGE."
EOF
- name: Make mirror-image.sh executable
run: chmod +x mirror-image.sh
- name: Mirror trivy-db to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-db:2 docker://ghcr.io/${{ github.repository_owner }}/trivy-db:2 ${{ env.RETRIES }}
- name: Mirror trivy-java-db to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-java-db:1 docker://ghcr.io/${{ github.repository_owner }}/trivy-java-db:1 ${{ env.RETRIES }}
- name: Mirror trivy-checks to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-checks:1 docker://ghcr.io/${{ github.repository_owner }}/trivy-checks:1 ${{ env.RETRIES }}