pandora/image-copy.woodpecker
3
0
Fork 0
generated from pandora/woodpecker-plugin.template
Code Issues 2 Pull requests Projects Releases 2 Packages 1 Wiki Activity Actions
2 releases 2 tags
  • 1.0.0 7078a67836

    1.0.0
    All checks were successful
    ci/woodpecker/push/ci Pipeline was successful
    Details
    ci/woodpecker/tag/release Pipeline was successful
    Details
    ci/woodpecker/cron/vulnerability Pipeline was successful
    Details
    ci/woodpecker/cron/renovate Pipeline was successful
    Details
    ci/woodpecker/cron/auto_merge Pipeline was successful
    Details
    Stable

    onlyati released this 2026-04-12 19:00:51 +00:00 | 1 commits to main since this release

    Image copy Woodpecker CI plugin

    This plugin copies images between registries. It has two way to call depends on
    the target environment.

    Sample images.ini file:

    TargetRegistry=test-home.lan:3000
ProdOwner=ati
StagingOwner=foo-org
Image=gcr.io/distroless/static-debian13:nonroot@sha256:64c43684e6d2b581d1eb362ea47b6a4defee6a9cac5f7ebbda3daa67e8c9b8e6
Image=gcr.io/distroless/base-debian13:nonroot@sha256:6a6b038a85cd9e1e540bd8aae8684d9ac7756afe570bb4cc49320269704b2b3a
Image=codeberg.org/forgejo/forgejo:14.0.3-rootless@sha256:097085e8a67e8793439a3ce2fe7b74ee7c28ef9073268a9d5d3d923864ba125c

    It has three modes:

    • Copy from source to staging registry: mode: staging
    • Copy from staging registry to production: mode: production
    • Perform validation on the config file: mode: validation

    The validation contains the following:

    • Parse the images.ini file.
    • Verify that images are exists in the config file.

    Ideal workflow looks like:

    1. Renovate update the images.ini file in case of new version.
    2. After merge happen, for the main push event, this plugin is called with
      staging environment. So if anything would happen with the source, image
      already saved.
    3. After that a security check is done, and if no critical CVE, then this plugin
      called again with production environment.

    Usage

    No technical restriction, plugin can be used at any event.

    Sample for staging mode:

    steps:
  - name: Copy to staging environment
    image: code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest
    settings:
      debug: true
      mode: staging
      forgejo_token:
        from_secret: ci-token
      forgejo_user: ci-user

    Sample for validation mode:

    steps:
  - name: Copy to staging environment
    image: code.thinkaboutit.tech/pandora/image-copy.woodpecker:latest
    settings:
      debug: true
      mode: validation
      forgejo_token: placeholder
      forgejo_user: placeholder

    Access token needs to have read:repository,write:package scopes.

    Settings

    Name Default value Description
    context Project_root Directory of images.ini file
    forgejo_user* Used for authentucation in staging and prod
    forgejo_token* Used for authentiation for staging and prod
    mode It can be 'staging', 'production' or 'validation'
    allow_insecure false Enable to use insecure registry

    *: For 'validation' mode, they are not used, but must have a placeholder value.

    Downloads