-
Notifications
You must be signed in to change notification settings - Fork 70
78 lines (62 loc) · 2.78 KB
/
mirror-trivy-db.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at https://mozilla.org/MPL/2.0/.
#
# OpenCRVS is also distributed under the terms of the Civil Registration
# & Healthcare Disclaimer located at http://opencrvs.org/license.
#
# Copyright (C) The OpenCRVS Authors located at https://github.com/opencrvs/opencrvs-core/blob/master/AUTHORS.
name: Mirror Docker Images to GHCR
on:
schedule:
# Run 30 mins after trivy DB runs (the trivy job takes 15 mins max)
# https://github.com/aquasecurity/trivy-db/blob/cfa337a1088bbcee598ab93656c83fe6b9acb946/.github/workflows/cron.yml#L5
# https://github.com/aquasecurity/trivy-db/actions
- cron: '30 */6 * * *'
workflow_dispatch: # Allows manual triggering of the workflow
jobs:
mirror-dbs:
runs-on: ubuntu-latest
env:
RETRIES: 100
steps:
- name: Install Skopeo
run: |
sudo apt-get update
sudo apt-get install -y skopeo
- name: Checkout repository
uses: actions/checkout@v3
- name: Log in to GHCR
run: echo "${{ secrets.GITHUB_TOKEN }}" | skopeo login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Create mirror-image.sh script
run: |
cat << 'EOF' > mirror-image.sh
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail
if [ "$#" -ne 3 ]; then
echo "Usage: $0 <source_image> <destination_image> <retries>"
exit 1
fi
SOURCE_IMAGE=$1
DESTINATION_IMAGE=$2
RETRIES=$3
COUNT=0
until skopeo copy "$SOURCE_IMAGE" "$DESTINATION_IMAGE" || [ $COUNT -ge $RETRIES ]; do
COUNT=$((COUNT+1))
echo "Retry $COUNT/$RETRIES for $SOURCE_IMAGE to $DESTINATION_IMAGE..."
sleep 1
done
if [ $COUNT -ge $RETRIES ]; then
echo "Failed to mirror $SOURCE_IMAGE after $RETRIES attempts."
exit 1
fi
echo "Successfully mirrored $SOURCE_IMAGE to $DESTINATION_IMAGE."
EOF
- name: Make mirror-image.sh executable
run: chmod +x mirror-image.sh
- name: Mirror trivy-db to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-db:2 docker://ghcr.io/${{ github.repository_owner }}/trivy-db:2 ${{ env.RETRIES }}
- name: Mirror trivy-java-db to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-java-db:1 docker://ghcr.io/${{ github.repository_owner }}/trivy-java-db:1 ${{ env.RETRIES }}
- name: Mirror trivy-checks to GHCR
run: ./mirror-image.sh docker://ghcr.io/aquasecurity/trivy-checks:1 docker://ghcr.io/${{ github.repository_owner }}/trivy-checks:1 ${{ env.RETRIES }}