diff --git a/.github/workflows/mirror-calico.sh b/.github/workflows/mirror-calico.sh new file mode 100644 index 0000000000..0218af1559 --- /dev/null +++ b/.github/workflows/mirror-calico.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# This script will mirror the list of Calico images +# from Docker Hub to GHCR. + +# tag will hold the version of calico images we +# previously fetched +tag="${1}" + +# list of images to mirror from Docker Hub +images=( + calico/typha + calico/pod2daemon-flexvol + calico/cni + calico/node + calico/kube-controllers +) + +# we iterate over the images we want to mirror +for image in "${images[@]}"; do + ./mirror-to-ghcr.sh "${image}" "${tag}" +done diff --git a/.github/workflows/mirror-calico.yaml b/.github/workflows/mirror-calico.yaml new file mode 100644 index 0000000000..564871b040 --- /dev/null +++ b/.github/workflows/mirror-calico.yaml @@ -0,0 +1,40 @@ +name: Sync GHCR Calico images with Docker Hub +on: + schedule: + # run every 12h + - cron: '0 */12 * * *' + workflow_dispatch: + +jobs: + mirror-calico: + runs-on: ubuntu-latest + steps: + - name: Check out scripts + uses: actions/checkout@v3 + - name: Login to GitHub Container Registry (ghcr) + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ secrets.GHCR_USERNAME }} + password: ${{ secrets.GHCR_PASSWORD }} + - name: Figure out latest Calico release version + id: calico-latest-release + run: | + set -exuo pipefail + + calico_version=$(curl \ + -H 'Accept: application/vnd.github+json' \ + 'https://api.github.com/repos/projectcalico/calico/releases' | \ + jq --raw-output '.[].tag_name' | \ + sort --version-sort --reverse | \ + head --lines=1) + + echo "Found version: ${calico_version}" + echo "CALICO_VERSION=${calico_verison}" >>"${GITHUB_OUTPUT}" + - name: Mirror calico images to GHCR + env: + CALICO_VERSION: ${{ steps.calico-latest-release.outputs.CALICO_VERSION }} + run: | + pushd .github/workflows/ + ./mirror-calico.sh "${CALICO_VERSION}" + popd diff --git a/.github/workflows/mirror-to-ghcr.sh b/.github/workflows/mirror-to-ghcr.sh new file mode 100644 index 0000000000..2b413af021 --- /dev/null +++ b/.github/workflows/mirror-to-ghcr.sh @@ -0,0 +1,32 @@ +#!/bin/bash + +# This generic script aims to mirror an image from Docker hub to another registry. +# Authentication to the registry must be done before. + +image="${1}" +imagetag="${2}" +org="${3:-kinvolk}" + +# we want both arch for running tests +platforms=( amd64 arm64 ) + +# tags will hold the mirrored images +tags=() + +name="ghcr.io/${org}/${image}:${imagetag}" + +for platform in "${platforms[@]}"; do + # we first fetch the image from Docker Hub + var=$(docker pull "${image}:${imagetag}" --platform="linux/${platform}" -q) + # we prepare the image to be pushed into another registry + tag="${name}-${platform}" + # we tag the image to create the mirrored image + docker tag "${var}" "${tag}" + docker push "${tag}" + tags+=( "${tag}" ) +done + +docker manifest create "${name}" "${tags[@]}" +# some images have bad arch specs in the individual image manifests :( +docker manifest annotate "${name}" "${name}-arm64" --arch arm64 +docker manifest push --purge "${name}"