Sync images and artifacts to ghcr #1296
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 'Sync images and artifacts to ghcr' | |
on: | |
schedule: | |
- cron: '30 1 * * *' | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
permissions: read-all | |
jobs: | |
sync-golang: | |
name: 'golang' | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: | |
golang_version: | |
- "1.23" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log in to GitHub Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag and push golang to ghcr | |
run: | | |
docker trust inspect golang:${{ matrix.golang_version }} | |
docker pull golang:${{ matrix.golang_version }} | |
docker tag golang:${{ matrix.golang_version }} ghcr.io/${{ github.repository_owner }}/golang:${{ matrix.golang_version }} | |
docker push ghcr.io/${{ github.repository_owner }}/golang:${{ matrix.golang_version }} | |
sync-trivy: | |
name: 'trivy-db' | |
permissions: | |
contents: read | |
packages: write | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
sparse-checkout: | | |
Makefile | |
sparse-checkout-cone-mode: false | |
- name: Copy trivy-db using oras cli | |
run: | | |
# setup oras | |
make $PWD/hack/tools/bin/oras | |
export PATH=$PATH:$PWD/hack/tools/bin | |
oras login -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }} ghcr.io | |
oras copy ghcr.io/aquasecurity/trivy-db:2 ghcr.io/${{ github.repository_owner }}/trivy-db:2 | |
oras copy ghcr.io/aquasecurity/trivy-db:latest ghcr.io/${{ github.repository_owner }}/trivy-db:latest | |
oras copy ghcr.io/aquasecurity/trivy-java-db:1 ghcr.io/${{ github.repository_owner }}/trivy-java-db:1 | |
sync-localstack: | |
name: 'localstack' | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
matrix: | |
localstack_version: | |
- "3.3.0" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Log in to GitHub Docker Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Tag and push localstack to ghcr | |
run: | | |
docker pull localstack/localstack:${{ matrix.localstack_version }} | |
docker tag localstack/localstack:${{ matrix.localstack_version }} ghcr.io/${{ github.repository_owner }}/ci-images/localstack:${{ matrix.localstack_version }} | |
docker push ghcr.io/${{ github.repository_owner }}/ci-images/localstack:${{ matrix.localstack_version }} |