From ff8840011cf6bc8fe19b815bb03f7c29c29aa218 Mon Sep 17 00:00:00 2001 From: knqyf263 Date: Fri, 11 Oct 2024 11:24:01 +0400 Subject: [PATCH] ci: push the database to Docker Hub Signed-off-by: knqyf263 --- .github/workflows/cron.yml | 76 ++++++++++++++++++++++++++------------ 1 file changed, 52 insertions(+), 24 deletions(-) diff --git a/.github/workflows/cron.yml b/.github/workflows/cron.yml index 2648bb55..38955889 100644 --- a/.github/workflows/cron.yml +++ b/.github/workflows/cron.yml @@ -52,6 +52,12 @@ jobs: - name: Move DB run: mv assets/db.tar.gz . + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USER }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Login to GitHub Packages Container registry uses: docker/login-action@v3 with: @@ -59,22 +65,6 @@ jobs: username: ${{ env.GH_USER }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Install oras - run: | - # upgrade to ORAS 1.0.0 - curl -LO https://github.com/oras-project/oras/releases/download/v1.0.0/oras_1.0.0_linux_amd64.tar.gz - tar -xvf ./oras_1.0.0_linux_amd64.tar.gz - - - name: Upload assets to GHCR - run: | - ./oras version - tags=(latest ${{ env.VERSION }}) - for tag in ${tags[@]}; do - ./oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ - ghcr.io/${{ github.repository }}:${tag} \ - db.tar.gz:application/vnd.aquasec.trivy.db.layer.v1.tar+gzip - done - - name: Login to ECR uses: docker/login-action@v3 with: @@ -82,12 +72,50 @@ jobs: username: ${{ secrets.ECR_ACCESS_KEY_ID }} password: ${{ secrets.ECR_SECRET_ACCESS_KEY }} - - name: Upload assets to ECR + - name: Install oras + run: | + # upgrade to ORAS 1.0.0 + curl -LO https://github.com/oras-project/oras/releases/download/v1.0.0/oras_1.0.0_linux_amd64.tar.gz + tar -xvf ./oras_1.0.0_linux_amd64.tar.gz + + + - name: Upload assets to registries run: | - ./oras version - tags=(latest ${{ env.VERSION }}) - for tag in ${tags[@]}; do - ./oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ - public.ecr.aws/aquasecurity/trivy-db:${tag} \ - db.tar.gz:application/vnd.aquasec.trivy.db.layer.v1.tar+gzip - done \ No newline at end of file + lowercase_repo=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') + echo "Starting artifact upload process..." + + # Define an array of registry base URLs and their corresponding repository names + declare -A registries=( + ["ghcr.io"]="${lowercase_repo}" + ["public.ecr.aws"]="${lowercase_repo}" + ["docker.io"]="${lowercase_repo}" + ) + + # Special case for docker.io if the organization is 'aquasecurity' + if [[ "${lowercase_repo}" == "aquasecurity/"* ]]; then + registries["docker.io"]="aquasec/${lowercase_repo#aquasecurity/}" + echo "Docker Hub repository adjusted for aquasecurity: ${registries["docker.io"]}" + fi + + # Loop through each registry and push the artifact + for registry in "${!registries[@]}"; do + repo_name=${registries[$registry]} + full_registry_url="${registry}/${repo_name}" + echo "Processing registry: ${full_registry_url}" + + tags=(latest ${{ env.VERSION }}) + for tag in "${tags[@]}"; do + echo "Pushing artifact with tag: ${tag}" + + if oras push --artifact-type application/vnd.aquasec.trivy.config.v1+json \ + "${full_registry_url}:${tag}" \ + db.tar.gz:application/vnd.aquasec.trivy.db.layer.v1.tar+gzip; then + echo "Successfully pushed to ${full_registry_url}:${tag}" + else + echo "Failed to push to ${full_registry_url}:${tag}" + exit 1 + fi + done + done + + echo "Artifact upload process completed." \ No newline at end of file