perf: make composite action using prebuilt docker image

Mavenoid · Aug 12, 2020 · fd0d3d4 · fd0d3d4
1 parent 3e8d775
commit fd0d3d4
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 32 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/README.md b/README.md
@@ -2,6 +2,8 @@
 
 A GitHub Action for [mirroring a git repository](https://help.github.com/en/articles/duplicating-a-repository#mirroring-a-repository-in-another-location) to another location via SSH.
 
+> N.B. this will discard any changes in the destination repo that are not already in the source-repo. For this reason it is not a reliable approach for 2-way sync unless both repos are very infrequently updated.
+
 ## Inputs
 
 ### `source-repo`
@@ -12,10 +14,17 @@ A GitHub Action for [mirroring a git repository](https://help.github.com/en/arti
 
 **Required** SSH URLs of the destination repo.
 
-## Environment variables
+### `ssh-private-key`
+
+**Required** SSH key to authenticate to both the source and destination repo.
+
+Create a [SSH key](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) which has access to both repositories. On GitHub they are called "deploy keys". Store [the private key as a secret](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) and use it in your workflow as seen in the example usage below.
 
-`SSH_PRIVATE_KEY`: Create a [SSH key](https://help.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key) which has access to both repositories. On GitHub they are called "deploy keys". Store [the private key as a secret](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets) and use it in your workflow as seen in the example usage below.
+### `github-token`
 
+**Required** A github token with at least the `read:packages` scope. You can just use `${{ secrets.GITHUB_TOKEN }}` with no other config required.
+
+This is used to clone the pre-built docker image, which speeds up execution vs. building the docker image every time. It does not need to be a token for Mavenoid as the Docker image itself is public, but GitHub do not allow you to read packages without a token, even when the packages are public.
 
 ## Example workflow
 
@@ -28,20 +37,47 @@ jobs:
   git-mirror:
     runs-on: ubuntu-latest
     steps:
-      - uses: wearerequired/git-mirror-action@v1
-        env:
-          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+      - uses: mavenoid/[email protected]
         with:
           source-repo: '[email protected]:wearerequired/swisscom-magazine.git'
           destination-repo: '[email protected]:wearerequired/git-mirror-action.git'
+          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
+          github-token: ${{ secrets.GITHUB_TOKEN }}
 ```
 
-## Docker
+## Development
+
+### Running pre-built image locally
+
+Authenticate with docker:
+
+```
+docker login docker.pkg.github.com -u YOUR_GITHUB_USERNAME
+```
+
+When prompted, provide a GitHub access token with `read:packages` scope.
+
+Run the prebuilt image:
+
+docker run --rm -e "SSH_PRIVATE_KEY=$(cat ~/.ssh/id_rsa)" "docker.pkg.github.com/mavenoid/git-mirror-action/git-mirror-action:2.1.0" "$SOURCE_REPO" "$DESTINATION_REPO"
+
+### Building and running locally
+
+Clone this repository and then run:
 
 ```
 docker run --rm -e "SSH_PRIVATE_KEY=$(cat ~/.ssh/id_rsa)" $(docker build -q .) "$SOURCE_REPO" "$DESTINATION_REPO"
 ```
 
+### Releasing
+
+To release a new version of git-mirror-action:
+
+1. Find and replace the current version number ("2.1.0") with the new version number
+2. Commit and push to GitHub
+3. [Create and publish a new release](https://github.com/Mavenoid/git-mirror-action/releases/new) with the "Tag version" exactly matching the new version number.
+
+The docker image is automatically built and published once you have created the release, so the release should become usable within about 1 minute.
 
 ## License
 

diff --git a/action.yml b/action.yml
@@ -7,14 +7,21 @@ inputs:
   source-repo:
     description: 'SSH URL of the source repo.'
     required: true
-    default: ''
   destination-repo:
     description: 'SSH URL of the destination repo.'
     required: true
-    default: ''
+  ssh-private-key:
+    description: 'SSH key for authentication.'
+    required: true
+  github-token:
+    description: 'GitHub token for pulling internal docker container (container is public so any token will do).'
+    required: true
 runs:
-  using: 'docker'
-  image: 'Dockerfile'
-  args:
-    - ${{ inputs.source-repo }}
-    - ${{ inputs.destination-repo }}
+  using: "composite"
+  steps:
+    - name: Authenticate
+      run: echo ${{ inputs.github-token }} | docker login docker.pkg.github.com -u $GITHUB_ACTOR --password-stdin
+    - name: Pull Image
+      run: docker pull "docker.pkg.github.com/mavenoid/git-mirror-action/git-mirror-action:2.1.0"
+    - name: Git Mirror
+      run: docker run --rm -e "SSH_PRIVATE_KEY=${{ inputs.ssh-private-key }}" "docker.pkg.github.com/mavenoid/git-mirror-action/git-mirror-action:2.1.0" "${{ inputs.source-repo }}" "${{ inputs.destination-repo }}"