Add basic mirroring.

Signed-off-by: Felix Fontein <[email protected]>

Author: felixfontein

.github/workflows/mirror.yml

@@ -0,0 +1,81 @@
+---
+name: Mirror container images
+
+'on':
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+  # Run weekly (Monday at 11:32 UTC)
+  schedule:
+    - cron: '32 11 * * 1'
+
+jobs:
+  push:
+    name: Mirror ${{ matrix.image }}:${{ matrix.tag }}
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        image:
+          - ''
+        tag:
+          - ''
+        source_image:
+          - ''
+        platform:
+          - ''
+        exclude:
+          - image: ''
+        include:
+          - image: vault
+            tag: 1.10.0
+            source_image: docker.io/library/vault:1.10.0
+            platform: linux/amd64
+          - image: local-kms
+            tag: 3.11.1
+            source_image: docker.io/nsmithuk/local-kms:3.11.1
+            platform: linux/amd64
+      max-parallel: 4
+      fail-fast: false
+    permissions:
+        contents: read
+        packages: write
+        attestations: write
+        id-token: write
+    steps:
+      - name: Install dependencies
+        run: |
+          sudo apt-get install podman
+
+      - name: Build ${{ matrix.image }}:${{ matrix.tag }}
+        env:
+          SOURCE_IMAGE: ${{ matrix.source_image }}
+          DESTINATION_REPO: ${{ github.repository }}
+          DESTINATION_NAME: ${{ matrix.image }}:${{ matrix.tag }}
+          PLATFORM: ${{ matrix.platform }}
+        run: >
+          echo
+          "FROM ${SOURCE_IMAGE}"
+          |
+          podman
+          build
+          --platform
+          "${PLATFORM}"
+          --annotation
+          "org.opencontainers.image.source=https://github.com/${DESTINATION_REPO}"
+          -t
+          "ghcr.io/${DESTINATION_REPO}/${DESTINATION_NAME}"
+          -
+
+      - name: Push ${{ matrix.image }}:${{ matrix.tag }} to GHCR
+        if: github.event_name != 'pull_request'
+        uses: redhat-actions/push-to-registry@v2
+        with:
+          registry: ghcr.io/${{ github.repository }}
+          image: ${{ matrix.image }}
+          tags: ${{ matrix.tag }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -0,0 +1,7 @@
+# Container Images Mirror for SOPS' CI
+
+This repository mirrors certain container images of upstream applications that are used in SOPS' CI.
+
+## Purpose
+
+This is to get around rate-limiting of other container registries (like Docker Hub), which currently disrupts SOPS' CI from time to time.