Mirroring fix (#4168)

* Alpha big image * permissions * Handle permissions
oxsecurity · Oct 20, 2024 · af6d8d1 · af6d8d1
1 parent 19bba71
commit af6d8d1
Show file tree

Hide file tree

Showing 3 changed files with 49 additions and 16 deletions.
diff --git a/.github/workflows/deploy-ALPHA-flavors.yml b/.github/workflows/deploy-ALPHA-flavors.yml
@@ -45,6 +45,7 @@ jobs:
     # Set the agent to run on
     runs-on: ${{ matrix.os }}
     permissions:
+      actions: write
       packages: write
     strategy:
       fail-fast: false
@@ -121,7 +122,6 @@ jobs:
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:alpha" }'
-          ref: ${{ github.ref_name }}
 
       - name: Build Worker Image
         uses: docker/build-push-action@v6
@@ -145,8 +145,7 @@ jobs:
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
-          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha" }'
-          ref: ${{ github.ref_name }}
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha", "target-image": "docker.io/oxsecurity/megalinter-worker-${{ matrix.flavor }}:alpha" }'    
 
       ##############################################
       # Check Docker image security with Trivy #

diff --git a/.github/workflows/deploy-ALPHA.yml b/.github/workflows/deploy-ALPHA.yml
@@ -45,6 +45,7 @@ jobs:
     # Set the agent to run on
     runs-on: ubuntu-latest
     permissions:
+      actions: write
       packages: write
     # Only run this on the main repo
     if: github.repository == 'oxsecurity/megalinter' && !contains(github.event.head_commit.message, 'skip deploy')
@@ -106,6 +107,12 @@ jobs:
             ghcr.io/oxsecurity/megalinter-server:alpha
           # ghcr.io/oxsecurity/megalinter-server:alpha-${{ github.sha }}
 
+      - name: Invoke Mirror docker image workflow (Server image)
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: mirror-docker-image.yml
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-server:alpha", "target-image": "docker.io/oxsecurity/megalinter-server:alpha" }'
+
       - name: Build & Push Docker Image
         uses: docker/build-push-action@v6
         with:
@@ -124,6 +131,12 @@ jobs:
             ghcr.io/oxsecurity/megalinter:alpha
           # ghcr.io/oxsecurity/megalinter:alpha-${{ github.sha }}
 
+      - name: Invoke Mirror docker image workflow (MegaLinter image)
+        uses: benc-uk/workflow-dispatch@v1
+        with:
+          workflow: mirror-docker-image.yml
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter:alpha", "target-image": "docker.io/oxsecurity/megalinter:alpha" }'
+
       - name: Build & Push Worker Docker Image
         uses: docker/build-push-action@v6
         with:
@@ -142,16 +155,8 @@ jobs:
           tags: |
             ghcr.io/oxsecurity/megalinter-worker:alpha
 
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
+      - name: Invoke Mirror docker image workflow (Worker image)
+        uses: benc-uk/workflow-dispatch@v1
         with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      # Copy ghrc.io image to Docker Hub
-      - name: Pull image from GHCR
-        run: docker system prune -a --volumes --force && docker system prune -a --volumes --force && docker pull ghcr.io/oxsecurity/megalinter:alpha
-      - name: Tag image for Docker Hub
-        run: docker tag ghcr.io/oxsecurity/megalinter:alpha oxsecurity/megalinter:alpha
-      - name: Push image to Docker Hub
-        run: docker push oxsecurity/megalinter:alpha
+          workflow: mirror-docker-image.yml
+          inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-worker:alpha", "target-image": "docker.io/oxsecurity/megalinter-worker:alpha" }'
diff --git a/.github/workflows/mirror-docker-image.yml b/.github/workflows/mirror-docker-image.yml
@@ -15,7 +15,36 @@ on:
         default: 'true'
 
 jobs:
-  copy-to-docker-hub:
+
+  copy-to-docker-hub-alpha:
+    if: github.ref_name == 'alpha'
+    runs-on: ubuntu-latest
+    environment:
+      name: alpha
+    steps:
+      # Free disk space
+      - name: Free Disk space
+        if: github.event.inputs.free-space-before == 'true'
+        shell: bash
+        run: |
+          sudo rm -rf /usr/local/lib/android  # will release about 10 GB if you don't need Android
+          sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
+      # Login to docker hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      # Copy ghrc.io image to Docker Hub
+      - name: Pull image from GHCR
+        run: docker pull "${{ github.event.inputs.source-image }}"
+      - name: Tag image for Docker Hub
+        run: docker tag "${{ github.event.inputs.source-image }}" "${{ github.event.inputs.target-image }}"
+      - name: Push image to Docker Hub
+        run: docker push "${{ github.event.inputs.target-image }}"
+
+  copy-to-docker-hub-main:
+    if: github.ref_name == 'main'
     runs-on: ubuntu-latest
     environment:
       name: beta