[release-1.29] Sync images to Prime registry (#7802)

Signed-off-by: Brooks Newberry <[email protected]>
rancher · Feb 20, 2025 · 0499c1b · 0499c1b
1 parent 0b75def
commit 0499c1b
Show file tree

Hide file tree

Showing 3 changed files with 144 additions and 0 deletions.
diff --git a/.github/actions/install-crane/action.yml b/.github/actions/install-crane/action.yml
@@ -0,0 +1,17 @@
+name: Install crane
+inputs:
+  version:
+    default: v0.20.3
+  checksum:
+    default: 36c67a932f489b3f2724b64af90b599a8ef2aa7b004872597373c0ad694dc059
+
+runs:
+  using: 'composite'
+  steps:
+    - shell: bash
+      run: |
+        curl -sL "https://github.com/google/go-containerregistry/releases/download/${{ inputs.version }}/go-containerregistry_Linux_x86_64.tar.gz" -o crane.tar.gz
+        echo "${{ inputs.checksum }}  crane.tar.gz" | sha256sum -c
+        tar -xzvf crane.tar.gz crane
+        chmod +x crane
+        mv crane /usr/local/bin/
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -262,3 +262,37 @@ jobs:
           --title "$GITHUB_ACTION_TAG" \
           --latest="false" \
           --notes "Automated release created from $GITHUB_ACTION_TAG tag in ${{ github.repository }}"
+  sync-prime-images:
+    name: "Sync Prime images"
+    needs: [release-amd64, release-arm64, manifest]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install crane
+        uses: ./.github/actions/install-crane
+      - name: "Read secrets"
+        uses: rancher-eio/read-vault-secrets@main
+        with:
+          secrets: |
+            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials registry | PRIME_REGISTRY ;
+            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials username | PRIME_REGISTRY_USERNAME ;
+            secret/data/github/repo/${{ github.repository }}/rancher-prime-registry/credentials password | PRIME_REGISTRY_PASSWORD ;
+      - name: Log in to prime registry
+        uses: docker/login-action@v3
+        with:
+          registry: ${{ env.PRIME_REGISTRY }}
+          username: ${{ env.PRIME_REGISTRY_USERNAME }}
+          password: ${{ env.PRIME_REGISTRY_PASSWORD }}
+      - name: Download image lists
+        run: |
+          gh release download ${{ env.GITHUB_ACTION_TAG }} --repo ${{ github.repository }} --pattern '*.txt'
+      - name: Sync images
+        run: |
+          ./scripts/copy-images.sh -t ${{ env.PRIME_REGISTRY }} -i rke2-images-all.linux-amd64.txt
+          ./scripts/copy-images.sh -t ${{ env.PRIME_REGISTRY }} -i rke2-images-all.linux-arm64.txt
+          ./scripts/copy-images.sh -t ${{ env.PRIME_REGISTRY }} -i rke2-images.windows-amd64.txt
+        
diff --git a/scripts/copy-images.sh b/scripts/copy-images.sh
@@ -0,0 +1,93 @@
+#!/bin/sh
+set -e
+
+TARGET_REGISTRY=''
+IMAGE_LIST=''
+DRY_RUN=''
+
+has_crane() {
+    CRANE="$(command -v crane || true)"
+    if [ -z "${CRANE}" ]; then
+        echo "crane is not installed"
+        exit 1
+    fi
+}
+
+usage() {
+    echo "Syncs images to a registry.
+    usage: $0 [options]
+    -t     target registry
+    -i     image list file path
+    -d     dry run
+    -h     show help
+
+list format:
+    [REGISTRY]/[REPOSITORY]:[TAG]
+
+examples:
+    $0 -t registry.example.com -i build/images-all.txt
+    $0 -d -t registry.example.com -i build/images-all.txt"
+}
+
+while getopts 't:i:dh' c; do
+    case $c in
+        t)
+            TARGET_REGISTRY=$OPTARG
+            ;;
+        i)
+            IMAGE_LIST=$OPTARG
+            ;;
+        d)
+            DRY_RUN=true
+            ;;
+        h)
+            usage
+            exit 0
+            ;;
+        *)
+            usage
+            exit 1
+            ;;
+    esac
+done
+
+if [ -z "${TARGET_REGISTRY}" ]; then
+    echo "target registry is required"
+    usage
+    exit 1
+fi
+
+if [ -z "${IMAGE_LIST}" ]; then
+    echo "image list file is required"
+    usage
+    exit 1
+fi
+
+if [ ! -f "${IMAGE_LIST}" ]; then
+    echo "image listfile ${IMAGE_LIST} not found"
+    exit 1
+fi
+
+has_crane
+
+if [ -n "${DRY_RUN}" ]; then 
+    echo "Dry run, no images will be copied"
+fi
+
+while read -r source_image; do
+    if [ -z "${source_image}" ]; then
+        continue
+    fi
+
+    image_without_registry=$(echo "${source_image}" | cut -d'/' -f2-)
+    target_image="${TARGET_REGISTRY}/${image_without_registry}"
+
+    if [ -n "${DRY_RUN}" ]; then
+        echo "crane copy \"${source_image}\" \"${target_image}\" --no-clobber"
+    else
+        if ! crane copy "${source_image}" "${target_image}" --no-clobber; then
+            echo "failed to copy ${source_image}"
+            continue
+        fi
+    fi
+done < "${IMAGE_LIST}"