Skip to content

sync-ghcr

sync-ghcr #185

Workflow file for this run

# Copies all Pulumi Docker images for the supplied version from Docker Hub to
# GitHub Container Registry.
name: Sync to GHCR
on:
workflow_dispatch:
inputs:
pulumi_version:
description: The image tag to copy, fully specified, e.g. "3.18.1"
type: string
required: true
tag_latest:
description: Whether to tag this version as "latest" in GHCR.
type: boolean
required: true
default: true
repository_dispatch:
types:
- sync-ghcr
env:
DOCKER_USERNAME: pulumi
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }}
jobs:
sync-to-ecr:
name: Kitchen Sink images
runs-on: ubuntu-latest
strategy:
matrix:
image: ["pulumi", "pulumi-provider-build-environment"]
include:
# For the pulumi image add a the nonroot variant
- suffix: -nonroot
image: pulumi
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# TODO: https://github.com/pulumi/pulumi-docker-containers/issues/297
# - name: Tag ${{ env.PULUMI_VERSION }}-arm64 and push to GHCR
# run: |
# docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64
# docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64
# docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64
- name: Tag ${{ env.PULUMI_VERSION }}-amd64 and push to GHCR
run: |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64
- name: Push latest manifest to GHCR
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
run: |
# TODO: https://github.com/pulumi/pulumi-docker-containers/issues/297
docker manifest create \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }} \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }}
define-debian-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.define-debian-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@master
- name: Define Matrix
id: define-debian-matrix
run: |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py) >> "$GITHUB_OUTPUT"
debian-images:
name: Debian SDK and base images
runs-on: ubuntu-latest
needs: define-debian-matrix
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.define-debian-matrix.outputs.matrix) }}
steps:
# NOTE: The process we use for the Kichen Sink image, which is
# single-platform, will not work here. Pulling a multi-arch manifest from
# Docker Hub, tagging, then pushing will only result in the image of the
# host's architecture (e.g. linux/amd64) getting pushed to the desintation repo.
# For more information, see: https://docs.docker.com/registry/spec/manifest-v2-2/
#
# Prior to re-creating the manifests, we must pull, tag, and push the
# consituent images in the manifests because manifests cannot use source
# images from a different registry.
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag ${{ env.PULUMI_VERSION }}-debian-amd64 image and push to GHCR
run: |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64
- name: Tag ${{ env.PULUMI_VERSION }}-debian-arm64 and push to GHCR
run: |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
- name: Push ${{ env.PULUMI_VERSION }}-debian manifest
run: |
docker manifest create \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian
- name: Push ${{ env.PULUMI_VERSION }} manifest
run: |
docker manifest create \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}
- name: Push latest manifest
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }}
run: |
docker manifest create \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest
define-ubi-matrix:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.define-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@master
- name: Define Matrix
id: define-matrix
# Filter out the nodejs 22 and version from the matrix, as it is not supported on UBI.
# https://access.redhat.com/articles/3376841
# Filter out the python 3.10 version from the matrix, as it is not supported on UBI.
# https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/installing_and_using_dynamic_programming_languages/assembly_introduction-to-python_installing-and-using-dynamic-programming-languages#con_python-versions_assembly_introduction-to-python
run: |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py |
jq '.image |= map(select(. != "pulumi-python-3.10" and . != "pulumi-nodejs-22"))'
) >> "$GITHUB_OUTPUT"
# NOTE: If UBI images become multi platform, this job can be replaced by adding a similar step to "-debian" for "-ubi" the previous job.
ubi-images:
name: UBI SDK and base images
runs-on: ubuntu-latest
needs: define-ubi-matrix
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.define-ubi-matrix.outputs.matrix) }}
steps:
- name: Login to GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Tag ${{ env.PULUMI_VERSION }}-ubi image and push to GHCR
run: |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi