chore: add script and action to sync repositories

Signed-off-by: Dominik Rosiek <[email protected]>
SumoLogic · Apr 23, 2024 · 4641f80 · 4641f80
1 parent e7f3989
commit 4641f80
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 0 deletions.
diff --git a/.github/workflows/sync-repositories.yaml b/.github/workflows/sync-repositories.yaml
@@ -0,0 +1,29 @@
+name: Sync Repositories
+
+on:
+  push:
+    branches:
+      - drosiek-sync-container-repositories
+
+jobs:
+  sync-repositories:
+    strategy:
+      matrix:
+        include:
+          - docker_username: DOCKERHUB_LOGIN_KUBE_RBAC_PROXY
+            docker_password: DOCKERHUB_PASSWORD_KUBE_RBAC_PROXY
+            aws_access_key: AWS_ACCESS_KEY_ID_KUBE_RBAC_PROXY
+            aws_secret_access_key: AWS_SECRET_ACCESS_KEY_KUBE_RBAC_PROXY
+            src_repository: quay.io/brancz/kube-rbac-proxy
+            dest_docker_namespace: docker.io/sumologic
+            dest_ecr_namespace: public.ecr.aws/a4t4y2n3
+    uses: ./.github/workflows/workflow-sync-repositories.yaml
+    with:
+      src_repository: ${{ matrix.src_repository }}
+      dest_docker_namespace: ${{ matrix.dest_docker_namespace }}
+      dest_ecr_namespace: ${{ matrix.dest_ecr_namespace }}
+    secrets:
+      DOCKER_USERNAME: ${{ secrets[matrix.docker_username] }}
+      DOCKER_PASSWORD: ${{ secrets[matrix.docker_password] }}
+      AWS_ACCESS_KEY_ID: ${{ secrets[matrix.aws_access_key] }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets[matrix.aws_secret_access_key] }}
diff --git a/.github/workflows/workflow-sync-repositories.yaml b/.github/workflows/workflow-sync-repositories.yaml
@@ -0,0 +1,51 @@
+name: Sync container repository
+
+on:
+  workflow_call:
+    inputs:
+      src_repository:
+        description: Source repository
+        required: true
+        type: string
+      dest_docker_namespace:
+        description: Destination DockerHub repository
+        required: true
+        type: string
+      dest_ecr_namespace:
+        description: Destination ECR repository
+        required: true
+        type: string
+    secrets:
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_PASSWORD:
+        required: true
+      AWS_ACCESS_KEY_ID:
+        required: true
+      AWS_SECRET_ACCESS_KEY:
+        required: true
+
+jobs:
+  sync-repository:
+    runs-on: ubuntu-20.04
+    name: sync ${{ inputs.src_repository }} repository
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install skopeo
+        run: sudo apt-get install skopeo -y
+      - name: Login to Docker Hub
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Synchronize image to Docker Hub repository
+        run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_docker_namespace }}
+      - name: Login to ECR
+        run: |-
+          aws ecr-public get-login-password --region us-east-1 \
+          | docker login --username AWS --password-stdin ${{ inputs.dest_ecr_namespace }}
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Synchronize image to ECR repository
+        run: ./ci/sync-repository.sh ${{ inputs.src_repository }} ${{ inputs.dest_ecr_namespace }}
diff --git a/ci/sync-repository.sh b/ci/sync-repository.sh
@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+SRC_REPOSITORY=${1}
+DESTINATION_NAMESPACE=${2}
+skopeo sync \
+    -f v2s2 \
+    --retry-times 5 \
+    --src docker \
+    --dest docker \
+    "${SRC_REPOSITORY}" \
+    "${DESTINATION_NAMESPACE}"
diff --git a/shell.nix b/shell.nix
@@ -30,6 +30,7 @@ pkgs.mkShell {
     pkgs.golangci-lint
     pkgs.go
     pkgs.kind
+    pkgs.skopeo
   ];
 }
 ## Output of `make tool-versions`: