pandora/image-copy.woodpecker
3
0
Fork 0
generated from pandora/woodpecker-plugin.template
Code Issues 2 Pull requests Projects Releases 2 Packages 1 Wiki Activity Actions
Woodpecker plugin for skopeo.
4 commits 1 branch 2 tags 58 KiB
  • Go 91.8%
  • Dockerfile 8.2%
Find a file
Exact
renovate-bot 36045d941e
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
Details
ci/woodpecker/tag/release Pipeline was successful
Details
ci/woodpecker/cron/vulnerability Pipeline was successful
Details
ci/woodpecker/cron/renovate Pipeline was successful
Details
ci/woodpecker/cron/auto_merge Pipeline was successful
Details
Update module code.thinkaboutit.tech/pandora/woodpecker-utils.gopack to v1.2.0 #3 
Merged automatically
2026-04-18 07:41:55 +00:00
test_dir initialize project 2026-04-12 19:07:03 +02:00
.gitignore Initial commit 2026-04-11 19:49:59 +00:00
.goreleaser.yaml Initial commit 2026-04-11 19:49:59 +00:00
.markdownlint.json Initial commit 2026-04-11 19:49:59 +00:00
.prettierrc Initial commit 2026-04-11 19:49:59 +00:00
.test.env add validation mode 2026-04-12 20:52:22 +02:00
Containerfile initialize project 2026-04-12 19:07:03 +02:00
go.mod Update module code.thinkaboutit.tech/pandora/woodpecker-utils.gopack to v1.2.0 #3 2026-04-18 07:41:55 +00:00
go.sum Update module code.thinkaboutit.tech/pandora/woodpecker-utils.gopack to v1.2.0 #3 2026-04-18 07:41:55 +00:00
image.go add validation mode 2026-04-12 20:52:22 +02:00
LICENSE Initial commit 2026-04-11 19:49:59 +00:00
main.go add validation mode 2026-04-12 20:52:22 +02:00
README.md add validation mode 2026-04-12 20:52:22 +02:00
renovate.json Initial commit 2026-04-11 19:49:59 +00:00

README.md

Image copy Woodpecker CI plugin

This plugin copies images between registries. It has two way to call depends on the target environment.

Sample images.ini file:

TargetRegistry=test-home.lan:3000
ProdOwner=ati
StagingOwner=foo-org
Image=gcr.io/distroless/static-debian13:nonroot@sha256:64c43684e6d2b581d1eb362ea47b6a4defee6a9cac5f7ebbda3daa67e8c9b8e6
Image=gcr.io/distroless/base-debian13:nonroot@sha256:6a6b038a85cd9e1e540bd8aae8684d9ac7756afe570bb4cc49320269704b2b3a
Image=codeberg.org/forgejo/forgejo:14.0.3-rootless@sha256:097085e8a67e8793439a3ce2fe7b74ee7c28ef9073268a9d5d3d923864ba125c

It has three modes:

  • Copy from source to staging registry: mode: staging
  • Copy from staging registry to production: mode: production
  • Perform validation on the config file: mode: validation

The validation contains the following:

  • Parse the images.ini file.
  • Verify that images are exists in the config file.

Ideal workflow looks like:

  1. Renovate update the images.ini file in case of new version.
  2. After merge happen, for the main push event, this plugin is called with staging environment. So if anything would happen with the source, image already saved.
  3. After that a security check is done, and if no critical CVE, then this plugin called again with production environment.

Usage

No technical restriction, plugin can be used at any event.

Sample for staging mode:

steps:
  - name: Copy to staging environment
    image: code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest
    settings:
      debug: true
      mode: staging
      forgejo_token:
        from_secret: ci-token
      forgejo_user: ci-user

Sample for validation mode:

steps:
  - name: Copy to staging environment
    image: code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest
    settings:
      debug: true
      mode: validation
      forgejo_token: placeholder
      forgejo_user: placeholder

Access token needs to have read:repository,write:package scopes.

Settings

Name Default value Description
context Project_root Directory of images.ini file
forgejo_user* Used for authentucation in staging and prod
forgejo_token* Used for authentiation for staging and prod
mode It can be 'staging', 'production' or 'validation'
allow_insecure false Enable to use insecure registry

*: For 'validation' mode, they are not used, but must have a placeholder value.