In light of some recent news about Docker deleting organizations and the
containers that are registered with those organizations I figured I would share
how we manage our Docker Containers. Zuplo uses a simple Github Action that runs
on a cron schedule that mirrors containers we depend on. We initially built this
because we experienced some downtime with Docker Hub that caused interruptions
to our deployments. The other reason we mirror images is to keep them close to
where we use them - in our case that means GCP Artifact Registry.
The Github Action is fairly simple (see below). This has worked well for us and
has removed our dependency on Docker Hub for day to day deployments.
name: Mirror Docker Images
on:
workflow_dispatch:
schedule:
- cron: "0 1 * * *"
jobs:
release:
name: Mirror Images
runs-on: ubuntu-latest
permissions:
contents: "read"
id-token: "write"
env:
PROJECT_ID: my-project
REPO_NAME: docker-registry
strategy:
fail-fast: false
matrix:
image:
- "ubuntu:latest"
- "node:18-alpine3.16"
steps:
- uses: actions/checkout@v4
# Uses workload federation: https://github.com/google-github-actions/auth#setting-up-workload-identity-federation
- id: "auth-gcp"
name: "Authenticate to Google Cloud"
uses: "google-github-actions/auth@v1"
with:
token_format: "access_token"
workload_identity_provider: "your-provider"
service_account: "your-service-account"
access_token_lifetime: "300s"
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v1.1.0
with:
project_id: ${{ env.PROJECT_ID }}
- name: Authenticate Docker
run: gcloud auth configure-docker us-docker.pkg.dev
- name: Pull Image from Docker Hub
run: docker pull ${{ matrix.image }}
- name: Tag Image
run:
docker tag ${{ matrix.image }} us-docker.pkg.dev/${{ env.PROJECT_ID
}}/${{ env.REPO_NAME }}/${{ matrix.image }}
- name: Push Image
run:
docker push us-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME
}}/${{ matrix.image }}
