mirror-container-images: use skopeo to mirror multiarch images

Use skopeo to copy images between registries instead of docker/podman as this allows to copy layers and manifests of different architectures. The same would require far more steps with docker/podman. Change-Id: I1e6cda57d1eb827cc95eee54b19e9fd952cbf99e
2025-03-18 16:12:00 +01:00 · 2025-03-18 16:12:00 +01:00 · 1cd5f68e1a
commit 1cd5f68e1a
parent 2334a41776
5 changed files with 15 additions and 13 deletions
--- a/playbooks/container-image/mirror-pre.yaml
+++ b/playbooks/container-image/mirror-pre.yaml
@ -0,0 +1,3 @@
+- hosts: all
+  roles:
+    - ensure-skopeo
--- a/roles/mirror-container-images/tasks/inner.yaml
+++ b/roles/mirror-container-images/tasks/inner.yaml
@ -13,19 +13,13 @@
    msg: "{{ zj_image.repository }} not permitted by {{ container_registry_credentials[zj_image.dest_registry].repository }}"

 - name: Log in to registry
-  command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.dest_registry].username }} -p {{ container_registry_credentials[zj_image.dest_registry].password }} {{ zj_image.dest_registry }}"
+  command: "skopeo login -u {{ container_registry_credentials[zj_image.dest_registry].username }} -p {{ container_registry_credentials[zj_image.dest_registry].password }} {{ zj_image.dest_registry }}"
  no_log: true

- name: Push and pull image
+- name: Copy image
  block:
-    - name: "Pull image {{ zj_image.src_repository }}:{{ zj_image.src_tag }}"
-      command: "{{ container_command }} pull {{ zj_image.src_repository }}:{{ zj_image.src_tag }}"
-
-    - name: Retag image
-      command: "{{ container_command }} tag {{ zj_image.src_repository }}:{{ zj_image.src_tag }} {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
-
-    - name: "Push image {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
-      command: "{{ container_command }} push {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
+    - name: "Copy to {{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
+      command: "skopeo copy --all docker://{{ zj_image.src_repository }}:{{ zj_image.src_tag }} docker://{{ zj_image.dest_repository }}:{{ zj_image.dest_tag }}"
  always:
    - name: Log out of registry
-      command: "{{ container_command }} logout {{ zj_image.dest_registry }}"
+      command: "skopeo logout {{ zj_image.dest_registry }}"
--- a/roles/mirror-container-images/tasks/main.yaml
+++ b/roles/mirror-container-images/tasks/main.yaml
@ -1,4 +1,4 @@
- name: Pull and push images
+- name: Copy images
  with_items: "{{ mirror_container_images_images }}"
  include_tasks: inner.yaml
  loop_control:
--- a/test-playbooks/registry/test-registry-pre.yaml
+++ b/test-playbooks/registry/test-registry-pre.yaml
@ -48,3 +48,8 @@
        name: ensure-skopeo
      vars:
        ensure_skopeo_install_from_upstream: true
+
+- hosts: builder
+  name: Provide skopeo for the builder
+  roles:
+    - ensure-skopeo
--- a/zuul.d/container-jobs.yaml
+++ b/zuul.d/container-jobs.yaml
@ -37,5 +37,5 @@

      .. include:: ../../playbooks/container-image/README.rst
      .. include:: ../../playbooks/container-image/credentials.rst
-    pre-run: playbooks/container-image/pre.yaml
+    pre-run: playbooks/container-image/mirror-pre.yaml
    run: playbooks/container-image/mirror.yaml