-
-
Save tuananh/414bd3386b6e26db39423672768573f1 to your computer and use it in GitHub Desktop.
Mirror a list of images to GHCR with crane (and sign them with cosign!)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
set -o errexit | |
set -o nounset | |
set -o pipefail | |
if ! crane version >/dev/null; then echo "Must install crane."; exit 1; fi | |
if ! cosign version >/dev/null; then echo "Must install cosign."; exit 1; fi | |
GHCR_ROOT_NAMESPACE="${GHCR_ROOT_NAMESPACE:-}" | |
if [ "${GHCR_ROOT_NAMESPACE}" == "" ]; then echo "Must set GHCR_ROOT_NAMESPACE."; exit 1; fi | |
# Convert the registry hostname to the first part of namespace | |
# e.g. "index.docker.io/ubuntu/mysql:8.0-20.04_beta" | |
# ---> "ghcr.io/<root>/index--docker--io/ubuntu/mysql:8.0-20.04_beta" | |
# | |
for img in $(cat "$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )/images.txt"); do | |
new_img="ghcr.io/${GHCR_ROOT_NAMESPACE}" | |
new_img="${new_img}/$(echo $img | cut -d/ -f1 | sed 's/\./--/g')" | |
new_img="${new_img}/$(echo $img | cut -d/ -f2-)" | |
crane copy "${img}" "${new_img}" | |
cosign sign "${new_img}" | |
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# .github/workflows/FREEDOM.yml | |
name: FREEDOM | |
on: | |
push: | |
branches: main | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
id-token: write | |
packages: write | |
contents: read | |
steps: | |
- uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # v3.0.0 | |
- uses: imjasonh/setup-crane@01d26682810dcd47bfc8eb1efe791558123a9373 # v0.1 | |
- uses: sigstore/cosign-installer@179e0f15e70e22ca2e7254fc12d68a9fbab35614 # v2.0.1 | |
- uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7 # v1.14.1 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ github.token }} | |
- run: bash FREEDOM.sh | |
env: | |
COSIGN_EXPERIMENTAL: "true" | |
GHCR_ROOT_NAMESPACE: ${{ github.repository_owner }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
index.docker.io/envoyproxy/envoy:v1.18-latest | |
index.docker.io/library/debian:stable-slim | |
index.docker.io/minio/mc:latest | |
index.docker.io/minio/minio:latest | |
index.docker.io/ubuntu/mysql:8.0-20.04_beta |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment