CloudBees action: Copy a remote container image with Crane

3 minute read

Use this action to copy a remote image from a source to a destination with Crane, a tool for managing container images. To copy Docker images with this action, you must have a Docker configuration file. This action also reports artifact-related data to the workflow run for artifact traceability purposes.

Prerequisites for copying a Docker image

Before invoking the action, you must have a Docker config file in the ${HOME}/.docker/config.json path. This file is used to authenticate with the Docker registry.

Use either of the following actions to generate a Docker config file:

If your source and destination registries are different, you must authenticate to both registries. Invoke the Docker registry authentication action separately for those registries before invoking the Crane action.
All CloudBees action repositories are listed at CloudBees, Inc. on GitHub.

Inputs

Table 1. Input details
Input name Data type Required? Description

destination

String

Yes

The destination image.

src

String

Yes

The source image to copy.

platform

String

No

Specifies the platform in the format os/arch[/variant][:osversion].

skip-image-validation

String

No

Default is true. When true, the source and destination image validation is skipped.

Outputs

Table 2. Output details
Output name Data type Description

artifact-id

String

The unique identifier of the artifact reported to the CloudBees platform.

digest

String

Image digest of the destination image.

image

String

Image reference of the destination image, including the image digest.

Usage examples

Basic example

The following is a basic example of using this action:

- name: Copy remote image with Crane id: copy-image uses: cloudbees-io/crane@v1 with: src: my-source-registry/source-image-name:source-tag-name destination: my-destination-registry/destination-image-name:destination-tag-name

Using optional inputs

The following example specifies optional inputs:

- name: Copy remote image with Crane id: copy-image uses: cloudbees-io/crane@v1 with: src: my-source-registry/source-image:source-tag destination: my-destination-registry/destination-image:destination-tag platform: linux/arm/v7 skip-image-validation: false

Using the action output

Access the output values in downstream steps using the outputs context. In the following example, a Helm chart is copied using the Crane action, and output values are displayed.

- name: Run Crane action id: promotecharts uses: cloudbees-io/crane@v1 with: src: ghcr.io/nginxinc/charts/nginx-ingress:1.0.2 destination: ${{ vars.my_chart_registry }}/nginx-ingress:1.0.2 - name: Crane output uses: docker://gcr.io/go-containerregistry/crane:debug run: | echo "artifact ID for ${{ vars.my_chart_registry }}/nginx-ingress:1.0.2: ${{ steps.promotecharts.outputs.artifact-id }}" echo "digest for ${{ vars.my_chart_registry }}/nginx-ingress:1.0.2: ${{ steps.promotecharts.outputs.digest }}" echo "image for ${{ vars.my_chart_registry }}/nginx-ingress:1.0.2: ${{ steps.promotecharts.outputs.image }}"

Full workflow example

The following workflow example:

  • Checks out source code from a repository.

  • Configures credentials.

  • Copies an official Ubuntu image with the Crane action.

  • Gets the digest of the official Ubuntu image, and compares it to the output digest value of the destination image.

apiVersion: automation.cloudbees.io/v1alpha1 kind: workflow name: Action test on: push: branches: - '**' permissions: scm-token-own: read scm-token-org: read id-token: write jobs: docker-build: steps: - name: Check out source code uses: cloudbees-io/checkout@v1 with: repository: my-name/my-repo-name - name: Configure container registry credentials uses: cloudbees-io/configure-oci-credentials@v1 with: registry: docker.io username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Log in to AWS uses: cloudbees-io/configure-aws-credentials@v1 with: aws-region: us-east-1 role-to-assume: ${{ vars.MY_ROLE }} role-duration-seconds: 3600 - name: Run Crane action id: run-crane uses: cloudbees-io/crane@v1 with: src: ubuntu:latest destination: ${{ vars.my_image_registry }}/ubuntu:test platform: linux/amd64 skip-image-validation: false - name: Test Crane action output uses: docker://gcr.io/go-containerregistry/crane:debug run: | SRC_DIGEST=$(crane digest ubuntu:latest --platform linux/amd64) DEST_DIGEST=$(crane digest ${{ vars.my_image_registry }}/ubuntu:test --platform linux/amd64) [ "$DEST_DIGEST" = '${{ steps.run-crane.outputs.digest }}' ] [ "$SRC_DIGEST" = "$DEST_DIGEST" ]