feat: auto sync image when release

[yyzxw]

close #61

[gemini-code-assist]

Summary of Changes

Hello @yyzxw, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request introduces a new automated workflow to synchronize container images upon release. It achieves this by adding a set of shell scripts that install the GitHub CLI, extract image details from Helm charts, and then use the CLI to create and monitor GitHub issues in a dedicated image mirroring repository. This streamlines the process of ensuring images are consistently mirrored across different registries, enhancing the release pipeline's efficiency.

Highlights

• GitHub CLI Installation Script: A new shell script (hack/install-gh.sh) has been added to automate the installation of the GitHub CLI (gh) tool on Linux and macOS systems. It checks for existing installations and provides manual instructions for unknown operating systems.
• Automated Image Synchronization Script: A new shell script (hack/sync-images.sh) is introduced to automate the process of synchronizing container images. This script leverages the GitHub CLI to create issues in a designated mirror repository (DaoCloud/public-image-mirror), triggering an image sync from ghcr.io to ghcr.m.daocloud.io.
• Image Extraction and Multi-Architecture Support: The sync-images.sh script dynamically extracts image names from the dataset/dataset Helm chart and creates synchronization requests for both linux/amd64 and linux/arm64 architectures.
• Synchronization Status Monitoring: The sync-images.sh script includes logic to continuously monitor the status of the created synchronization issues, waiting until all related issues are closed before concluding the process.
• Shared Utility Functions: A new utility script (hack/util.sh) has been added, providing common shell functions, specifically util::cmd_exist for checking if a command is available in the system's PATH.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• hack/install-gh.sh
  • Added a new script to automate the installation of the GitHub CLI (gh) on Linux and macOS.
• hack/sync-images.sh
  • Added a new script to automate the synchronization of container images.
  • Integrates with gh CLI to create issues in DaoCloud/public-image-mirror for image sync requests.
  • Extracts image names from the dataset/dataset Helm chart.
  • Supports linux/amd64 and linux/arm64 architectures for image sync.
  • Includes logic to wait for created sync issues to be closed.
• hack/util.sh
  • Added a new utility script containing common shell functions.
  • Introduced util::cmd_exist function to check for command existence.

Ignored Files

• Ignored by pattern: .github/workflows/** (1)
  • .github/workflows/build.yml

Activity

• No human activity has been recorded on this pull request since its creation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces scripts to automate image synchronization by creating GitHub issues, a great step towards automation. However, a high-severity command injection vulnerability was identified in the hack/sync-images.sh script due to the unquoted expansion of the ${image} variable, which could lead to arbitrary code execution. It is strongly recommended to apply proper quoting to all variable expansions in the bash scripts. Additionally, a critical bug was found in the logic that waits for issues to be closed, preventing the script from working as intended. Further suggestions have been provided to improve the robustness, clarity, and adherence to best practices in the new shell scripts.