diff --git a/.github/workflows/mirror-upstream-image.yml b/.github/workflows/mirror-upstream-image.yml new file mode 100644 index 00000000..018f2f06 --- /dev/null +++ b/.github/workflows/mirror-upstream-image.yml @@ -0,0 +1,59 @@ +name: Mirror Upstream Image + +on: + workflow_dispatch: + inputs: + version: + description: Upstream version tag like v1.30.1 + required: true + type: string + +env: + SOURCE_IMAGE_REPO: docker.io/hetznercloud/hcloud-cloud-controller-manager + TARGET_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/hcloud-cloud-controller-manager + +jobs: + mirror: + runs-on: ubuntu-latest + concurrency: + group: mirror-upstream-image-${{ inputs.version }} + cancel-in-progress: true + permissions: + packages: write + steps: + - name: Resolve upstream image tag + id: resolve + shell: bash + run: | + set -euo pipefail + + image_tag="${{ inputs.version }}" + if [[ ! "${image_tag}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "version must look like v1.30.1, got ${image_tag}" >&2 + exit 1 + fi + + source_image="${SOURCE_IMAGE_REPO}:${image_tag}" + target_image="${TARGET_IMAGE_REPO}:${image_tag}" + + { + echo "image_tag=${image_tag}" + echo "source_image=${source_image}" + echo "target_image=${target_image}" + } >>"${GITHUB_OUTPUT}" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify upstream image exists + run: docker buildx imagetools inspect "${{ steps.resolve.outputs.source_image }}" + + - name: Mirror upstream image to GHCR + run: docker buildx imagetools create --tag "${{ steps.resolve.outputs.target_image }}" "${{ steps.resolve.outputs.source_image }}"