Mirroring Docker Images with Github Actions

In light of some recent news about Docker deleting organizations and the containers that are registered with those organizations I figured I would share how we manage our Docker Containers. Zuplo uses a simple Github Action that runs on a cron schedule that mirrors containers we depend on. We initially built this because we experienced some downtime with Docker Hub that caused interruptions to our deployments. The other reason we mirror images is to keep them close to where we use them - in our case that means GCP Artifact Registry.

The Github Action is fairly simple (see below). This has worked well for us and has removed our dependency on Docker Hub for day to day deployments.

name: Mirror Docker Images
on:
  workflow_dispatch:
  schedule:
    - cron: "0 1 * * *"
 
jobs:
  release:
    name: Mirror Images
    runs-on: ubuntu-latest
 
    permissions:
      contents: "read"
      id-token: "write"
 
    env:
      PROJECT_ID: my-project
      REPO_NAME: docker-registry
 
    strategy:
      fail-fast: false
      matrix:
        image:
          - "ubuntu:latest"
          - "node:18-alpine3.16"
 
    steps:
      - uses: actions/checkout@v4
 
      # Uses workload federation: https://github.com/google-github-actions/auth#setting-up-workload-identity-federation
      - id: "auth-gcp"
        name: "Authenticate to Google Cloud"
        uses: "google-github-actions/auth@v1"
        with:
          token_format: "access_token"
          workload_identity_provider: "your-provider"
          service_account: "your-service-account"
          access_token_lifetime: "300s"
 
      - name: Set up Cloud SDK
        uses: google-github-actions/setup-gcloud@v1.1.0
        with:
          project_id: ${{ env.PROJECT_ID }}
 
      - name: Authenticate Docker
        run: gcloud auth configure-docker us-docker.pkg.dev
 
      - name: Pull Image from Docker Hub
        run: docker pull ${{ matrix.image }}
 
      - name: Tag Image
        run:
          docker tag ${{ matrix.image }} us-docker.pkg.dev/${{ env.PROJECT_ID
          }}/${{ env.REPO_NAME }}/${{ matrix.image }}
 
      - name: Push Image
        run:
          docker push us-docker.pkg.dev/${{ env.PROJECT_ID }}/${{ env.REPO_NAME
          }}/${{ matrix.image }}

Designed for Developers, Made for the Edge