-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
copy-images: Use skopeo to "push" images
Instead of pushing images that are available locally (different from a local registry) to Docker Hub, the proper way to make them available in the destination is to copy from the source registry directly without unnecessary pull/push. This is what skopeo can do. A containerized version of skopeo is used since the version pre-installed on the GitHub Actions Ubuntu runners is stuck in the past¹ and does not support --multi-arch², which may be used in the future. Also note that the tag-latest script is replaced by a conditional block in the new script which copies the tag from one registry to `latest` on another another. ¹ actions/runner-images#6180 (comment) ² https://github.com/containers/skopeo/releases/tag/v1.6.0
- Loading branch information
Showing
5 changed files
with
115 additions
and
59 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,107 @@ | ||
#!/bin/bash | ||
# | ||
# Copy the Nextstrain images from one Docker registry (-i <registry>) to | ||
# another (-o <registry>). | ||
# | ||
# If authentication is required for a registry, make the file available as | ||
# ~/.docker/<registry>-config.json. | ||
# | ||
# This copies just the tag specified by -t <tag>. If the boolean -l flag is | ||
# specified, the tag will also be copied to "latest" on the destnation. | ||
# | ||
# Errors if any of the tagged images have already been pushed. | ||
# | ||
set -euo pipefail | ||
|
||
# Set default values. | ||
registry_in=localhost:5000 | ||
registry_out=docker.io | ||
tag="" | ||
push_latest=false | ||
|
||
# Read command-line arguments. | ||
while getopts "i:o:t:l" opt; do | ||
case "$opt" in | ||
i) registry_in="$OPTARG";; | ||
o) registry_out="$OPTARG";; | ||
t) tag="$OPTARG";; | ||
l) push_latest=true;; | ||
*) echo "Usage: $0 [-i <registry>] [-o <registry>] [-t <tag>] [-l]" 1>&2; exit 1;; | ||
esac | ||
done | ||
|
||
if [[ "$tag" = "" ]]; then | ||
echo "Please provide a tag." >&2 | ||
exit 1 | ||
fi | ||
|
||
BUILDER_IMAGE=nextstrain/base-builder | ||
FINAL_IMAGE=nextstrain/base | ||
|
||
if [[ $(docker image inspect --format "{{.RepoDigests}}" $FINAL_IMAGE:$tag) != '[]' || $(docker image inspect --format "{{.RepoDigests}}" $BUILDER_IMAGE:$tag) != '[]' ]]; then | ||
echo "At least one of $BUILDER_IMAGE:$tag and $FINAL_IMAGE:$tag has already been pushed. This can happen if the newly built image is not available in the local registry." >&2 | ||
exit 1 | ||
fi | ||
|
||
|
||
# Use Skopeo via a Docker container¹ to copy a tagged image. | ||
# | ||
# If a registry starts with localhost, do not require HTTPS or verify certificates, and | ||
# access the registry without authentication. | ||
# | ||
# ¹ https://github.com/containers/skopeo/blob/07da29fd371dd88615a0b86e91c6824237484172/install.md#container-images | ||
copy-image() { | ||
local src_registry="$1" | ||
local src_image="$2" | ||
local dest_registry="$3" | ||
local dest_image="$4" | ||
|
||
docker_run_params=(--rm --network=host) | ||
skopeo_copy_params=(--multi-arch=all) | ||
|
||
if [[ "$src_registry" == localhost* ]]; then | ||
skopeo_copy_params+=(--src-tls-verify=false) | ||
else | ||
docker_run_params+=(-v "$HOME/.docker/${src_registry}-config.json:/${src_registry}-config.json:ro") | ||
skopeo_copy_params+=(--src-authfile "${src_registry}-config.json") | ||
fi | ||
|
||
if [[ "$dest_registry" == localhost* ]]; then | ||
skopeo_copy_params+=(--dest-tls-verify=false) | ||
else | ||
docker_run_params+=(-v "$HOME/.docker/${dest_registry}-config.json:/${dest_registry}-config.json:ro") | ||
skopeo_copy_params+=(--dest-authfile "${dest_registry}-config.json") | ||
fi | ||
|
||
docker run "${docker_run_params[@]}" \ | ||
quay.io/skopeo/stable \ | ||
copy "${skopeo_copy_params[@]}" \ | ||
"docker://$src_registry/$src_image" \ | ||
"docker://$dest_registry/$dest_image" | ||
} | ||
|
||
# copy source registry $tag to destination registry $tag | ||
copy-image \ | ||
"$registry_in" \ | ||
"$FINAL_IMAGE:$tag" \ | ||
"$registry_out" \ | ||
"$FINAL_IMAGE:$tag" | ||
copy-image \ | ||
"$registry_in" \ | ||
"$BUILDER_IMAGE:$tag" \ | ||
"$registry_out" \ | ||
"$BUILDER_IMAGE:$tag" | ||
|
||
if [[ "$push_latest" = true ]]; then | ||
# copy source registry $tag to destination registry latest | ||
copy-image \ | ||
"$registry_in" \ | ||
"$FINAL_IMAGE:$tag" \ | ||
"$registry_out" \ | ||
"$FINAL_IMAGE:latest" | ||
copy-image \ | ||
"$registry_in" \ | ||
"$BUILDER_IMAGE:$tag" \ | ||
"$registry_out" \ | ||
"$BUILDER_IMAGE:latest" | ||
fi |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.