From 76175622c39e30f28844303741e04830f35eabcb Mon Sep 17 00:00:00 2001 From: ChandonPierre Date: Fri, 8 Sep 2023 13:48:07 -0400 Subject: [PATCH] feat(ci): add mirror action --- .github/workflows/master-latest.yaml | 74 ----------- .github/workflows/mirror.yaml | 16 +++ .github/workflows/tags.yaml | 120 ------------------ .github/workflows/test.yaml | 183 --------------------------- 4 files changed, 16 insertions(+), 377 deletions(-) delete mode 100644 .github/workflows/master-latest.yaml create mode 100644 .github/workflows/mirror.yaml delete mode 100644 .github/workflows/tags.yaml delete mode 100644 .github/workflows/test.yaml diff --git a/.github/workflows/master-latest.yaml b/.github/workflows/master-latest.yaml deleted file mode 100644 index 5fa1220..0000000 --- a/.github/workflows/master-latest.yaml +++ /dev/null @@ -1,74 +0,0 @@ -name: master-latest - -on: - push: - branches: [ master ] - -jobs: - multiarch-to-dockerhub-latest: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - # We use buildx instead of regular build so we can take advantage of Docker layer cache via GithubActions' cache - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - # Setup the Github Actions cache. - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildxarch-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildxarch- - - - name: Docker Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Docker Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} # github username or org - password: ${{ secrets.GITHUB_TOKEN }} # github actions builtin token. repo has to have pkg access. - - # the arm64 is of course much slower due to qemu, so build and push amd64 **first** - # due to the way manifests work, the gap between this and the complete push below - # could result in pull failures or inconsistencies for arm64, such is life. - # further duplicated by building both release and debug builds - - name: Build and push amd64 Release Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=0 - BASE_IMAGE_SUFFIX= - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/amd64 - tags: rpardini/docker-registry-proxy:latest,ghcr.io/rpardini/docker-registry-proxy:latest - push: true - cache-from: type=local,src=/tmp/.buildx-cache/release - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release - - - name: Build and push amd64 Debug Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=1 - BASE_IMAGE_SUFFIX=-debug - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/amd64 - tags: rpardini/docker-registry-proxy:latest-debug,ghcr.io/rpardini/docker-registry-proxy:latest-debug - push: true - cache-from: type=local,src=/tmp/.buildx-cache/debug - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/debug diff --git a/.github/workflows/mirror.yaml b/.github/workflows/mirror.yaml new file mode 100644 index 0000000..477ae44 --- /dev/null +++ b/.github/workflows/mirror.yaml @@ -0,0 +1,16 @@ +name: Mirror to Gitlab + +on: [push] + +jobs: + mirror: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + - uses: yesolutions/mirror-action@v0.6.0 + with: + REMOTE: 'https://gitlab.com/${{ github.repository }}' + GIT_USERNAME: ${{ secrets.ORG_GITLAB_SYNC_UN }} + GIT_PASSWORD: ${{ secrets.ORG_GITLAB_SYNC_PW }} diff --git a/.github/workflows/tags.yaml b/.github/workflows/tags.yaml deleted file mode 100644 index c4ba67d..0000000 --- a/.github/workflows/tags.yaml +++ /dev/null @@ -1,120 +0,0 @@ -name: tags - -on: - push: - tags: - - '*' - -jobs: - multiarch-to-dockerhub-tag: - runs-on: ubuntu-latest - steps: - - - name: Checkout - uses: actions/checkout@v2 - - # Parse the ref to get the clean tag name. - - id: get_version - uses: battila7/get-version-action@v2 - - run: echo Current tag ${{ steps.get_version.outputs.version }} - - # Setup qEMU for arm64 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - with: - platforms: arm64 - - # We use buildx instead of regular build so we can take advantage of Docker layer cache via GithubActions's cache - # Also buildx offers multi-arch builds - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - # Setup the Github Actions cache. - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildxarch-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildxarch- - - - name: Docker Login to DockerHub - uses: docker/login-action@v1 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Docker Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} # github username or org - password: ${{ secrets.GITHUB_TOKEN }} # github actions builtin token. repo has to have pkg access. - - # the arm64 is of course much slower due to qemu, so build and push amd64 **first** - # due to the way manifests work, the gap between this and the complete push below - # could result in pull failures or inconsistencies for arm64, such is life. - # further duplicated by building both release and debug builds - - name: Build and push amd64 Release Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=0 - BASE_IMAGE_SUFFIX= - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/amd64 - tags: rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }},ghcr.io/rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }} - push: true - cache-from: type=local,src=/tmp/.buildx-cache/release - # first run does not export the cache - - - name: Build and push amd64 Debug Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=1 - BASE_IMAGE_SUFFIX=-debug - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/amd64 - tags: rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }}-debug,ghcr.io/rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }}-debug - push: true - cache-from: type=local,src=/tmp/.buildx-cache/debug - # first run does not export the cache - - # Do it all again with both archs. the amd64 will be a huge cache hit - # this will update the manifest have both arches - - name: Build and push multiarch Release Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=0 - BASE_IMAGE_SUFFIX= - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/arm64,linux/amd64 - tags: rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }},ghcr.io/rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }} - push: true - cache-from: type=local,src=/tmp/.buildx-cache/release - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/release - - - name: Build and push multiarch Debug Docker Image to DockerHub/GitHub CR - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=1 - BASE_IMAGE_SUFFIX=-debug - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/arm64,linux/amd64 - tags: rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }}-debug,ghcr.io/rpardini/docker-registry-proxy:${{ steps.get_version.outputs.version }}-debug - push: true - cache-from: type=local,src=/tmp/.buildx-cache/debug - cache-to: type=local,mode=max,dest=/tmp/.buildx-cache/debug - diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml deleted file mode 100644 index 36e6b31..0000000 --- a/.github/workflows/test.yaml +++ /dev/null @@ -1,183 +0,0 @@ -name: test - -on: - workflow_dispatch: - pull_request: - branches: - - master - -jobs: - sanity-check: - runs-on: ubuntu-latest - steps: - - - name: Get machine's first IPv4 address for eth0 - id: ip - run: | - echo ::set-output name=ETHER::$(sudo ip addr show dev eth0 | egrep "^(\ )+inet\ " | head -1 | tr -s " " | cut -d " " -f 3 | cut -d "/" -f 1) - - - name: Show the IPs via vars - run: | - echo "Ethernet IPv4 is: ${{ steps.ip.outputs.ETHER }}" - - - name: Checkout - uses: actions/checkout@v2 - - # We use buildx instead of regular build so we can take advantage of Docker layer cache via Github Actions' cache - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - # Setup the Github Actions cache. - - name: Cache Docker layers - uses: actions/cache@v2 - with: - path: /tmp/.buildx-cache - key: ${{ runner.os }}-buildxarch-${{ github.sha }} - restore-keys: | - ${{ runner.os }}-buildxarch- - - - name: Build amd64 release image locally to Docker - uses: docker/build-push-action@v2 - with: - build-args: | - DEBUG_BUILD=0 - BASE_IMAGE_SUFFIX= - builder: ${{ steps.buildx.outputs.name }} - context: . - file: ./Dockerfile - platforms: linux/amd64 - tags: sanity-check/docker-registry-proxy:latest - push: false - load: true - cache-from: type=local,src=/tmp/.buildx-cache/release - # this only reads from the cache - - - name: Start proxy instance in docker (ENABLE_MANIFEST_CACHE=false) - run: | - docker run -d --rm --name docker_registry_proxy \ - -p 0.0.0.0:3128:3128 -e ENABLE_MANIFEST_CACHE=false \ - -v $(pwd)/docker_mirror_cache:/docker_mirror_cache \ - -v $(pwd)/docker_mirror_certs:/ca \ - sanity-check/docker-registry-proxy:latest - - - name: Get the initial logs for the container into a file after 10s - run: | - echo "Sleeping 10s..." - sleep 10 - docker logs docker_registry_proxy > initial_logs.txt - - - name: Upload artifact initial_logs - uses: actions/upload-artifact@v2 - with: - name: initial_logs - path: initial_logs.txt - - - name: Wait for container to be up - timeout-minutes: 1 - run: | - declare -i IS_UP=0 - while [[ $IS_UP -lt 1 ]]; do - echo "Waiting for docker-mirror to be available at ${{ steps.ip.outputs.ETHER }} ..." - curl --silent -I http://${{ steps.ip.outputs.ETHER }}:3128/ && IS_UP=1 || true - sleep 1 - done - echo "Container is up..." - - - name: Grab the CA cert from running container via curl - run: | - curl http://${{ steps.ip.outputs.ETHER }}:3128/ca.crt | sudo tee /usr/share/ca-certificates/docker_registry_proxy.crt - - - name: Stop proxy instance in docker - timeout-minutes: 1 - run: | - timeout 58 docker stop docker_registry_proxy - - - name: Refresh system-wide CA store - run: | - echo "docker_registry_proxy.crt" | sudo tee -a /etc/ca-certificates.conf - sudo update-ca-certificates --fresh - - - name: Configure dockerd via systemd to use the proxy - run: | - sudo mkdir -p /etc/systemd/system/docker.service.d - cat << EOD | sudo tee /etc/systemd/system/docker.service.d/http-proxy.conf - [Service] - Environment="HTTP_PROXY=http://${{ steps.ip.outputs.ETHER }}:3128/" - Environment="HTTPS_PROXY=http://${{ steps.ip.outputs.ETHER }}:3128/" - EOD - - - name: Reload systemd from disk - run: | - sudo systemctl daemon-reload - - - name: Restart dockerd via systemd - run: | - sudo systemctl restart docker.service - - - name: Start proxy instance in docker again (ENABLE_MANIFEST_CACHE=true) - run: | - docker run -d --rm --name docker_registry_proxy \ - -p 0.0.0.0:3128:3128 -e ENABLE_MANIFEST_CACHE=true \ - -v $(pwd)/docker_mirror_cache:/docker_mirror_cache \ - -v $(pwd)/docker_mirror_certs:/ca \ - sanity-check/docker-registry-proxy:latest - - - name: Wait for container to be up again - timeout-minutes: 1 - run: | - declare -i IS_UP=0 - while [[ $IS_UP -lt 1 ]]; do - echo "Waiting for docker-mirror to be available again at ${{ steps.ip.outputs.ETHER }} ..." - curl --silent -I http://${{ steps.ip.outputs.ETHER }}:3128/ && IS_UP=1 || true - sleep 1 - done - echo "Container is up again..." - - # This can be quite slow, since Github Actions runner Docker comes preloaded with a lot of images. - - name: Initial prune of all unused images from docker cache (slow) - timeout-minutes: 2 - run: | - docker image prune --all --force - - - name: First round of pulls - timeout-minutes: 2 - run: | - docker pull alpine:3.6 - docker pull k8s.gcr.io/pause:3.3 - - - name: Get the cold cache logs for the container into a file - run: | - docker logs docker_registry_proxy > cold_cache.txt - - - name: Upload artifact cold_cache - uses: actions/upload-artifact@v2 - with: - name: cold_cache - path: cold_cache.txt - - - name: prune all unused images from docker cache again - timeout-minutes: 1 - run: | - docker image prune --all --force - - - name: sleep 2s to allow cache to stale a bit - run: | - sleep 2 - - - name: Second round of pulls - timeout-minutes: 2 - run: | - docker pull alpine:3.6 - docker pull k8s.gcr.io/pause:3.3 - - - name: Get the warm cache docker logs for the container into a file - run: | - docker logs docker_registry_proxy > warm_cache.txt - - - name: Upload artifact warm_cache - uses: actions/upload-artifact@v2 - with: - name: warm_cache - path: warm_cache.txt -