James E. Blair 4077fb8e8f Add mirror-container-images role and job
This adds a role (and job) to mirror container images from one
registry to another.

Also, disable the name[template] ansible-lint check because it
greatly reduces the utility of including templates in task names.

Change-Id: Id01295c51b67ffb7e98637c6cdcc4e7a14c92b22
2024-12-02 09:47:12 -08:00

32 lines
1.5 KiB
YAML

- name: Verify repository names
when: |
container_registry_credentials is defined
and zj_image.dest_registry not in container_registry_credentials
fail:
msg: "{{ zj_image.dest_registry }} credentials not found"
- name: Verify repository permission
when: |
container_registry_credentials[zj_image.dest_registry].repository is defined and
not zj_image.dest_repository | regex_search(container_registry_credentials[zj_image.dest_registry].repository)
fail:
msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.dest_registry].repository }}"
- name: Log in to registry
command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.dest_registry].username }} -p {{ container_registry_credentials[zj_image.dest_registry].password }} {{ zj_image.dest_registry }}"
no_log: true
- name: Push and pull image
block:
- name: "Pull image {{ zj_image.src_repository }}:{{ zj_image.src_tag }}"
command: "{{ container_command }} pull {{ zj_image.src_repository }}:{{ zj_image.src_tag }}"
- name: Retag image
command: "{{ container_command }} tag {{ zj_image.src_repository }}:{{ zj_image.src_tag }} {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
- name: "Push image {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
command: "{{ container_command }} push {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
always:
- name: Log out of registry
command: "{{ container_command }} logout {{ zj_image.dest_registry }}"