sync-ghcr #182
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copies all Pulumi Docker images for the supplied version from Docker Hub to | |
# GitHub Container Registry. | |
name: Sync to GHCR | |
on: | |
workflow_dispatch: | |
inputs: | |
pulumi_version: | |
description: The image tag to copy, fully specified, e.g. "3.18.1" | |
type: string | |
required: true | |
tag_latest: | |
description: Whether to tag this version as "latest" in GHCR. | |
type: boolean | |
required: true | |
default: true | |
repository_dispatch: | |
types: | |
- sync-ghcr | |
env: | |
DOCKER_USERNAME: pulumi | |
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }} | |
jobs: | |
sync-to-ecr: | |
name: Kitchen Sink images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
image: ["pulumi", "pulumi-provider-build-environment"] | |
include: | |
# For the pulumi image add a the nonroot variant | |
- suffix: -nonroot | |
image: pulumi | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-arm64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
- name: Tag ${{ env.PULUMI_VERSION }}-amd64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
- name: Push latest manifest to GHCR | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }} \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }} | |
define-debian-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-debian-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix | |
id: define-debian-matrix | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py) >> "$GITHUB_OUTPUT" | |
debian-images: | |
name: Debian SDK and base images | |
runs-on: ubuntu-latest | |
needs: define-debian-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-debian-matrix.outputs.matrix) }} | |
steps: | |
# NOTE: The process we use for the Kichen Sink image, which is | |
# single-platform, will not work here. Pulling a multi-arch manifest from | |
# Docker Hub, tagging, then pushing will only result in the image of the | |
# host's architecture (e.g. linux/amd64) getting pushed to the desintation repo. | |
# For more information, see: https://docs.docker.com/registry/spec/manifest-v2-2/ | |
# | |
# Prior to re-creating the manifests, we must pull, tag, and push the | |
# consituent images in the manifests because manifests cannot use source | |
# images from a different registry. | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-debian-amd64 image and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
- name: Tag ${{ env.PULUMI_VERSION }}-debian-arm64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
- name: Push ${{ env.PULUMI_VERSION }}-debian manifest | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian | |
- name: Push ${{ env.PULUMI_VERSION }} manifest | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
- name: Push latest manifest | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
define-ubi-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix | |
id: define-matrix | |
# Filter out the nodejs 22 and version from the matrix, as it is not supported on UBI. | |
# https://access.redhat.com/articles/3376841 | |
# Filter out the python 3.10 version from the matrix, as it is not supported on UBI. | |
# https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_and_using_dynamic_programming_languages/assembly_introduction-to-python_installing-and-using-dynamic-programming-languages#con_python-versions_assembly_introduction-to-python | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py | | |
jq '.image |= map(select(. != "pulumi-python-3.10" and . != "pulumi-nodejs-22"))' | |
) >> "$GITHUB_OUTPUT" | |
# NOTE: If UBI images become multi platform, this job can be replaced by adding a similar step to "-debian" for "-ubi" the previous job. | |
ubi-images: | |
name: UBI SDK and base images | |
runs-on: ubuntu-latest | |
needs: define-ubi-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-ubi-matrix.outputs.matrix) }} | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-ubi image and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi |