From da92b328a0eef8258ed02bb23689f9bf8409ceca Mon Sep 17 00:00:00 2001
From: Konstantin Pavlov <thresh@nginx.com>
Date: Tue, 10 Dec 2024 17:58:52 -0800
Subject: [PATCH] Added a CI job to sync images to AWS ECR Public.

---
 .github/workflows/sync.yml | 44 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 .github/workflows/sync.yml

diff --git a/.github/workflows/sync.yml b/.github/workflows/sync.yml
new file mode 100644
index 0000000..99dc986
--- /dev/null
+++ b/.github/workflows/sync.yml
@@ -0,0 +1,44 @@
+name: Sync DockerHub with AWS ECR
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: 23 20 * * *
+
+defaults:
+  run:
+    shell: 'bash -Eeuo pipefail -x {0}'
+
+jobs:
+  sync-awsecr:
+    name: Sync Docker Hub to AWS ECR Public
+    runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
+      contents: read
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_PUBLIC_ECR }}
+          aws-region: us-east-1
+
+      - name: Login to Amazon ECR Public
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2.0.1
+        with:
+          registry-type: public
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build, tag, and push docker image to Amazon ECR Public
+        run: |
+          ./sync-awsecr.sh > sync-real.sh
+          chmod +x sync-real.sh
+          ./sync-real.sh
-- 
GitLab