Publish latest images to Docker Hub #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish latest images to Docker Hub | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 10 * * MON" | |
jobs: | |
# Sync the 'latest' tag from GAR to Docker Hub | |
# | |
# From your GitHub repo clock Settings. In the left menu, click Environments. | |
# Click New environment, set the name production, and click Configure environment. | |
# Check the "Required reviewers" box and enter at least one user or team name. | |
promote-latest: | |
runs-on: ubuntu-latest | |
environment: "production-restricted" | |
permissions: | |
contents: "read" | |
id-token: "write" | |
env: | |
WORKLOAD_IDENTITY_POOL_ID: projects/665270063338/locations/global/workloadIdentityPools/workspace-images-github-actions/providers/workspace-images-gha-provider | |
GAR_IMAGE_REGISTRY: europe-docker.pkg.dev | |
DH_IMAGE_REGISTRY: registry.hub.docker.com | |
IAM_SERVICE_ACCOUNT: [email protected] | |
steps: | |
- name: π₯ Checkout workspace-images | |
uses: actions/checkout@v3 | |
with: | |
repository: gitpod-io/workspace-images | |
- name: π§ Setup tools | |
run: | | |
sudo apt-get install python3-pip | |
sudo pip3 install yq | |
- name: π Install skopeo | |
run: | | |
. /etc/os-release | |
# Update ca-certificates to avoid issues with letsencrypt SSL certificates | |
sudo apt update && sudo apt --only-upgrade install ca-certificates -y | |
echo "deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/ /" | sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list | |
curl -L https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_${VERSION_ID}/Release.key | sudo apt-key add - | |
sudo apt update && sudo apt install -y skopeo | |
- name: βοΈ Set up Cloud SDK | |
uses: google-github-actions/[email protected] | |
with: | |
version: 393.0.0 | |
- name: π Authenticate to Google Cloud | |
id: "auth" | |
uses: google-github-actions/[email protected] | |
with: | |
token_format: "access_token" | |
workload_identity_provider: ${{env.WORKLOAD_IDENTITY_POOL_ID}} | |
service_account: ${{env.IAM_SERVICE_ACCOUNT}} | |
- name: βπ½ Login to GAR using skopeo | |
run: | | |
sudo skopeo login -u oauth2accesstoken --password=${{ steps.auth.outputs.access_token }} ${{env.GAR_IMAGE_REGISTRY}} | |
- name: βπ½ Login to Docker Hub using skopeo | |
env: | |
docker_user: ${{ secrets.DOCKERHUB_USER_NAME }} | |
docker_password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} | |
run: | | |
sudo skopeo login -u ${{ env.docker_user }} --password=${{ env.docker_password }} ${{ env.DH_IMAGE_REGISTRY }} | |
- name: π³ Sync latest tag of images to Docker Hub | |
run: | | |
IMAGES=$(cat .github/promote-images.yml | yq '."europe-docker.pkg.dev/gitpod-artifacts/docker-dev"."images-by-tag-regex"|keys[]' -r) | |
for IMAGE in $IMAGES; | |
do | |
sudo skopeo copy --format=oci --dest-oci-accept-uncompressed-layers \ | |
docker://${{ env.GAR_IMAGE_REGISTRY }}/gitpod-artifacts/docker-dev/$IMAGE:latest \ | |
docker://${{ env.DH_IMAGE_REGISTRY }}/gitpod/$IMAGE:latest | |
done |