diff --git a/.github/linters/.checkov.yml b/.github/linters/.checkov.yml index 90a9a8b8d95..f386a13b702 100644 --- a/.github/linters/.checkov.yml +++ b/.github/linters/.checkov.yml @@ -8,3 +8,4 @@ skip-check: - CKV_GHA_2 - CKV2_DOCKER_7 - CKV2_GHA_1 + - CKV_GHA_7 diff --git a/.github/workflows/deploy-ALPHA-flavors.yml b/.github/workflows/deploy-ALPHA-flavors.yml index 7df27ac756f..44683b91510 100644 --- a/.github/workflows/deploy-ALPHA-flavors.yml +++ b/.github/workflows/deploy-ALPHA-flavors.yml @@ -116,6 +116,13 @@ jobs: tags: | ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha + - name: Invoke Mirror docker image workflow (Flavor image) + uses: benc-uk/workflow-dispatch@v1 + with: + workflow: mirror-docker-image.yml + inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha" }' + ref: ${{ github.ref_name }} + - name: Build Worker Image uses: docker/build-push-action@v6 with: @@ -134,19 +141,12 @@ jobs: tags: | ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha - - name: Login to Docker Hub - uses: docker/login-action@v3 + - name: Invoke Mirror docker image workflow (Flavor worker image) + uses: benc-uk/workflow-dispatch@v1 with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - # Copy ghrc.io image to Docker Hub - - name: Pull image from GHCR - run: docker system prune -a --volumes --force && docker pull ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha - - name: Tag image for Docker Hub - run: docker tag ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha - - name: Push image to Docker Hub - run: docker push oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha + workflow: mirror-docker-image.yml + inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha" }' + ref: ${{ github.ref_name }} ############################################## # Check Docker image security with Trivy # diff --git a/.github/workflows/mirror-docker-image.yml b/.github/workflows/mirror-docker-image.yml new file mode 100644 index 00000000000..4e4ebbec45b --- /dev/null +++ b/.github/workflows/mirror-docker-image.yml @@ -0,0 +1,42 @@ +name: Mirror docker image + +on: + workflow_dispatch: + inputs: + source-image: + description: 'Source of the image on ghcr.io' + required: true + target-image: + description: 'Target of the image hosted on docker hub' + required: true + free-space-before: + description: 'Free space on the runner before pulling and pushing docker image' + required: false + default: 'true' + +jobs: + copy-to-docker-hub: + runs-on: ubuntu-latest + environment: + name: beta + steps: + # Free disk space + - name: Free Disk space + if: github.event.inputs.free-space-before == 'true' + shell: bash + run: | + sudo rm -rf /usr/local/lib/android # will release about 10 GB if you don't need Android + sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET + # Login to docker hub + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + # Copy ghrc.io image to Docker Hub + - name: Pull image from GHCR + run: docker pull "${{ github.event.inputs.source-image }}" + - name: Tag image for Docker Hub + run: docker tag "${{ github.event.inputs.source-image }}" "${{ github.event.inputs.target-image }}" + - name: Push image to Docker Hub + run: docker push "${{ github.event.inputs.target-image }}" diff --git a/CHANGELOG.md b/CHANGELOG.md index bb28f1dd5e9..c0749646ac9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,6 +29,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l - CI - Also prune volumes before pulling and pushing to docker hub + - Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues - mega-linter-runner