From 312c4958518c6255cda72069188a81177b9b85a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20G=C3=BCttler?= Date: Tue, 7 Apr 2026 14:29:17 +0200 Subject: [PATCH] Mirror upstream images to GHCR on demand --- .github/workflows/mirror-upstream-image.yml | 59 +++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/workflows/mirror-upstream-image.yml diff --git a/.github/workflows/mirror-upstream-image.yml b/.github/workflows/mirror-upstream-image.yml new file mode 100644 index 00000000..018f2f06 --- /dev/null +++ b/.github/workflows/mirror-upstream-image.yml @@ -0,0 +1,59 @@ +name: Mirror Upstream Image + +on: + workflow_dispatch: + inputs: + version: + description: Upstream version tag like v1.30.1 + required: true + type: string + +env: + SOURCE_IMAGE_REPO: docker.io/hetznercloud/hcloud-cloud-controller-manager + TARGET_IMAGE_REPO: ghcr.io/${{ github.repository_owner }}/hcloud-cloud-controller-manager + +jobs: + mirror: + runs-on: ubuntu-latest + concurrency: + group: mirror-upstream-image-${{ inputs.version }} + cancel-in-progress: true + permissions: + packages: write + steps: + - name: Resolve upstream image tag + id: resolve + shell: bash + run: | + set -euo pipefail + + image_tag="${{ inputs.version }}" + if [[ ! "${image_tag}" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + echo "version must look like v1.30.1, got ${image_tag}" >&2 + exit 1 + fi + + source_image="${SOURCE_IMAGE_REPO}:${image_tag}" + target_image="${TARGET_IMAGE_REPO}:${image_tag}" + + { + echo "image_tag=${image_tag}" + echo "source_image=${source_image}" + echo "target_image=${target_image}" + } >>"${GITHUB_OUTPUT}" + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v4 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Verify upstream image exists + run: docker buildx imagetools inspect "${{ steps.resolve.outputs.source_image }}" + + - name: Mirror upstream image to GHCR + run: docker buildx imagetools create --tag "${{ steps.resolve.outputs.target_image }}" "${{ steps.resolve.outputs.source_image }}"