Port mirror calico action from old coreos-overlay

.github/workflows/mirror-calico.sh

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# This script will mirror the list of Calico images
+# from Docker Hub to GHCR.
+
+# tag will hold the version of calico images we
+# previously fetched
+tag="${1}"
+
+# list of images to mirror from Docker Hub
+images=(
+  calico/typha
+  calico/pod2daemon-flexvol
+  calico/cni
+  calico/node
+  calico/kube-controllers
+)
+
+# we iterate over the images we want to mirror
+for image in "${images[@]}"; do
+  ./mirror-to-ghcr.sh "${image}" "${tag}"
+done

.github/workflows/mirror-calico.yaml

@@ -0,0 +1,40 @@
+name: Sync GHCR Calico images with Docker Hub
+on:
+  schedule:
+    # run every 12h
+    - cron:  '0 */12 * * *'
+  workflow_dispatch:
+
+jobs:
+  mirror-calico:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out scripts
+        uses: actions/checkout@v3
+      - name: Login to GitHub Container Registry (ghcr)
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_PASSWORD }}
+      - name: Figure out latest Calico release version
+        id: calico-latest-release
+        run: |
+          set -exuo pipefail
+
+          calico_version=$(curl \
+                             -H 'Accept: application/vnd.github+json' \
+                             'https://api.github.com/repos/projectcalico/calico/releases' | \
+                           jq --raw-output '.[].tag_name' | \
+                           sort --version-sort --reverse | \
+                           head --lines=1)
+
+          echo "Found version: ${calico_version}"
+          echo "CALICO_VERSION=${calico_verison}" >>"${GITHUB_OUTPUT}"
+      - name: Mirror calico images to GHCR
+        env:
+          CALICO_VERSION: ${{ steps.calico-latest-release.outputs.CALICO_VERSION }}
+        run: |
+          pushd .github/workflows/
+          ./mirror-calico.sh "${CALICO_VERSION}"
+          popd

.github/workflows/mirror-to-ghcr.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# This generic script aims to mirror an image from Docker hub to another registry.
+# Authentication to the registry must be done before.
+
+image="${1}"
+imagetag="${2}"
+org="${3:-kinvolk}"
+
+# we want both arch for running tests
+platforms=( amd64 arm64 )
+
+# tags will hold the mirrored images
+tags=()
+
+name="ghcr.io/${org}/${image}:${imagetag}"
+
+for platform in "${platforms[@]}"; do
+  # we first fetch the image from Docker Hub
+  var=$(docker pull "${image}:${imagetag}" --platform="linux/${platform}" -q)
+  # we prepare the image to be pushed into another registry
+  tag="${name}-${platform}"
+  # we tag the image to create the mirrored image
+  docker tag "${var}" "${tag}"
+  docker push "${tag}"
+  tags+=( "${tag}" )
+done
+
+docker manifest create "${name}" "${tags[@]}"
+# some images have bad arch specs in the individual image manifests :(
+docker manifest annotate "${name}" "${name}-arm64" --arch arm64
+docker manifest push --purge "${name}"