sync-ghcr #94
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copies all Pulumi Docker images for the supplied version from Docker Hub to | |
| # GitHub Container Registry. | |
| name: Sync to GHCR | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| pulumi_version: | |
| description: The image tag to copy, fully specified, e.g. "3.18.1" | |
| type: string | |
| required: true | |
| tag_latest: | |
| description: Whether to tag this version as "latest" in GHCR. | |
| type: boolean | |
| required: true | |
| default: true | |
| repository_dispatch: | |
| types: | |
| - sync-ghcr | |
| env: | |
| DOCKER_USERNAME: pulumi | |
| PULUMI_VERSION: ${{ github.event.inputs.pulumi_version || github.event.client_payload.ref }} | |
| jobs: | |
| sync-to-ecr: | |
| name: Kitchen Sink images | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| image: ["pulumi", "pulumi-provider-build-environment"] | |
| steps: | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: pulumibot | |
| password: ${{ secrets.PULUMI_BOT_TOKEN }} | |
| - name: Tag ${{ env.PULUMI_VERSION }} and push to GHCR | |
| run: | | |
| docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
| docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
| docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
| - name: Tag latest and push to GHCR | |
| if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
| run: | | |
| docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
| docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
| docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
| debian-images: | |
| name: Debian SDK and base images | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| [ | |
| "pulumi-base", | |
| "pulumi-go", | |
| "pulumi-nodejs", | |
| "pulumi-python", | |
| "pulumi-dotnet", | |
| ] | |
| steps: | |
| # NOTE: The process we use for the Kichen Sink image, which is | |
| # single-platform, will not work here. Pulling a multi-arch manifest from | |
| # Docker Hub, tagging, then pushing will only result in the image of the | |
| # host's architecture (e.g. linux/amd64) getting pushed to the desintation repo. | |
| # For more information, see: https://docs.docker.com/registry/spec/manifest-v2-2/ | |
| # | |
| # Prior to re-creating the manifests, we must pull, tag, and push the | |
| # consituent images in the manifests because manifests cannot use source | |
| # images from a different registry. | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: pulumibot | |
| password: ${{ secrets.PULUMI_BOT_TOKEN }} | |
| - name: Tag ${{ env.PULUMI_VERSION }}-debian-amd64 image and push to GHCR | |
| run: | | |
| docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
| docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
| docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 | |
| - name: Tag ${{ env.PULUMI_VERSION }}-debian-arm64 and push to GHCR | |
| run: | | |
| docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| - name: Push ${{ env.PULUMI_VERSION }}-debian manifest | |
| run: | | |
| docker manifest create \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian | |
| - name: Push ${{ env.PULUMI_VERSION }} manifest | |
| run: | | |
| docker manifest create \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }} | |
| - name: Push latest manifest | |
| if: ${{ github.event.inputs.tag_latest || github.event_name == 'repository_dispatch' }} | |
| run: | | |
| docker manifest create \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-amd64 \ | |
| ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-debian-arm64 | |
| docker manifest push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:latest | |
| # NOTE: If UBI images become multi platform, this job can be replaced by adding a similar step to "-debian" for "-ubi" the previous job. | |
| ubi-images: | |
| name: UBI SDK and base images | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| [ | |
| "pulumi-base", | |
| "pulumi-go", | |
| "pulumi-nodejs", | |
| "pulumi-python", | |
| "pulumi-dotnet", | |
| ] | |
| steps: | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ghcr.io | |
| username: pulumibot | |
| password: ${{ secrets.PULUMI_BOT_TOKEN }} | |
| - name: Tag ${{ env.PULUMI_VERSION }}-ubi image and push to GHCR | |
| run: | | |
| docker pull docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
| docker tag docker.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi | |
| docker push ghcr.io/${{ env.DOCKER_USERNAME }}/${{ matrix.image }}:${{ env.PULUMI_VERSION }}-ubi |