sync-ghcr #201
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copies all Pulumi Docker images for the supplied version from Docker Hub to | |
# GitHub Container Registry. | |
name: Sync to GHCR | |
on: | |
workflow_dispatch: | |
inputs: | |
pulumi_version: | |
description: The image tag to copy, fully specified, e.g. "3.18.1" | |
type: string | |
required: true | |
tag_latest: | |
description: Whether to tag this version as "latest" in GHCR. | |
type: boolean | |
required: true | |
default: true | |
repository_dispatch: | |
types: | |
- sync-ghcr | |
env: | |
DOCKER_USERNAME: pulumi | |
PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }} | |
jobs: | |
sync-to-ecr: | |
name: Kitchen Sink images | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
image: ["pulumi", "pulumi-provider-build-environment"] | |
include: | |
# For the pulumi image add a the nonroot variant | |
- suffix: -nonroot | |
image: pulumi | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-arm64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
- name: Tag ${{ env.PULUMI_VERSION }}-amd64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 | |
- name: Push latest manifest to GHCR | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: | | |
# TODO: https://github.com/pulumi/pulumi-docker-containers/issues/297 | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }} \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}${{ matrix.suffix }}-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest${{ matrix.suffix }} | |
define-debian-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-debian-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix | |
id: define-debian-matrix | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py) >> "$GITHUB_OUTPUT" | |
debian-images: | |
name: Debian SDK and base images | |
runs-on: ubuntu-latest | |
needs: define-debian-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-debian-matrix.outputs.matrix) }} | |
steps: | |
# Pulling a multi-arch manifest from Docker Hub, tagging, then pushing | |
# will only result in the image of the host's architecture (e.g. | |
# linux/amd64) getting pushed to the desintation repo. For more | |
# information, see: https://docs.docker.com/registry/spec/manifest-v2-2/ | |
# | |
# Prior to re-creating the manifests, we must pull, tag, and push the | |
# consituent images in the manifests because manifests cannot use source | |
# images from a different registry. | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-debian-amd64 image and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
- name: Tag ${{ env.PULUMI_VERSION }}-debian-arm64 and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
- name: Push ${{ env.PULUMI_VERSION }}-debian manifest | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian | |
- name: Push ${{ env.PULUMI_VERSION }} manifest | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
- name: Push latest manifest | |
if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
run: | | |
docker manifest create \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
define-ubi-matrix: | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.define-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/checkout@master | |
- name: Define Matrix | |
id: define-matrix | |
run: | | |
echo matrix=$(python ./.github/scripts/matrix/gen-sync-matrix.py) >> "$GITHUB_OUTPUT" | |
# NOTE: If UBI images become multi platform, this job can be replaced by adding a similar step to "-debian" for "-ubi" the previous job. | |
ubi-images: | |
name: UBI SDK and base images | |
runs-on: ubuntu-latest | |
needs: define-ubi-matrix | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJSON(needs.define-ubi-matrix.outputs.matrix) }} | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag ${{ env.PULUMI_VERSION }}-ubi image and push to GHCR | |
run: | | |
docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi |