Externalize mirroring from ghcr.io to docker hub in another workflow …

…to avoid memory issues (#4166)

.github/linters/.checkov.yml

@@ -8,3 +8,4 @@ skip-check:
   - CKV_GHA_2
   - CKV2_DOCKER_7
   - CKV2_GHA_1
+  - CKV_GHA_7

.github/workflows/deploy-ALPHA-flavors.yml

@@ -116,6 +116,13 @@ jobs:
           tags: |
             ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha
 
+      - name: Invoke Mirror docker image workflow (Flavor image)
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: mirror-docker-image.yml
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha" }'
+          ref: ${{ github.ref_name }}
+
       - name: Build Worker Image
         uses: docker/build-push-action@v6
         with:
@@ -134,19 +141,12 @@ jobs:
           tags: |
             ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
+      - name: Invoke Mirror docker image workflow (Flavor worker image)
+        uses: benc-uk/workflow-dispatch@v1
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      # Copy ghrc.io image to Docker Hub
-      - name: Pull image from GHCR
-        run: docker system prune -a --volumes --force && docker pull ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha
-      - name: Tag image for Docker Hub
-        run: docker tag ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha
-      - name: Push image to Docker Hub
-        run: docker push oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha 
+          workflow: mirror-docker-image.yml
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha" }'
+          ref: ${{ github.ref_name }}
 
       ##############################################
       # Check Docker image security with Trivy #

.github/workflows/mirror-docker-image.yml

@@ -0,0 +1,42 @@
+name: Mirror docker image
+
+on:
+  workflow_dispatch:
+    inputs:
+      source-image:
+        description: 'Source of the image on ghcr.io'
+        required: true
+      target-image:
+        description: 'Target of the image hosted on docker hub'
+        required: true
+      free-space-before:
+        description: 'Free space on the runner before pulling and pushing docker image'
+        required: false
+        default: 'true'
+
+jobs:
+  copy-to-docker-hub:
+    runs-on: ubuntu-latest
+    environment:
+      name: beta
+    steps:
+      # Free disk space
+      - name: Free Disk space
+        if: github.event.inputs.free-space-before == 'true'
+        shell: bash
+        run: |
+          sudo rm -rf /usr/local/lib/android  # will release about 10 GB if you don't need Android
+          sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
+      # Login to docker hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      # Copy ghrc.io image to Docker Hub
+      - name: Pull image from GHCR
+        run: docker pull "${{ github.event.inputs.source-image }}"
+      - name: Tag image for Docker Hub
+        run: docker tag "${{ github.event.inputs.source-image }}" "${{ github.event.inputs.target-image }}"
+      - name: Push image to Docker Hub
+        run: docker push "${{ github.event.inputs.target-image }}"

CHANGELOG.md

@@ -29,6 +29,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 
 - CI
   - Also prune volumes before pulling and pushing to docker hub
+  - Externalize mirroring from ghcr.io to docker hub in another workflow to avoid memory issues
 
 - mega-linter-runner