https://github.com/docker/go-tuf-mirror

Mirror TUF metadata to/between OCI registries
https://github.com/docker/go-tuf-mirror

github-actions oci the-update-framework tuf

Last synced: 23 days ago
JSON representation

Mirror TUF metadata to/between OCI registries

• Host: GitHub
• URL: https://github.com/docker/go-tuf-mirror
• Owner: docker
• License: apache-2.0
• Created: 2024-02-06T13:58:28.000Z (11 months ago)
• Default Branch: main
• Last Pushed: 2024-10-24T09:34:58.000Z (2 months ago)
• Last Synced: 2024-10-25T16:28:39.211Z (2 months ago)
• Topics: github-actions, oci, the-update-framework, tuf
• Language: Go
• Homepage:
• Size: 272 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE-OF-CONDUCT.md
  • Codeowners: .github/CODEOWNERS

Awesome Lists containing this project

README

        
# go-tuf-mirror

Mirror TUF metadata to/between OCI registries







## Usage

### GitHub Actions

Example GHA workflow:

```yaml

name: Run go-tuf-mirror

on:

  workflow_dispatch:

jobs:

  mirror:

    runs-on: ubuntu-latest

    env:

      DOCKER_CONFIG: ${{ github.workspace }}/.docker

    steps:

      - name: Login to Docker Hub

        uses: docker/login-action@v3

        with:

          username: dockerpublicbot

          password: ${{ secrets.DOCKERPUBLICBOT_WRITE_PAT }}

      - name: Mirror metadata

        uses: docker/go-tuf-mirror/actions/[email protected]

        with:

          source: https://docker.github.io/tuf-staging/metadata

          destination: docker://docker/tuf-metadata:latest

      - name: Mirror targets

        uses: docker/go-tuf-mirror/actions/[email protected]

        with:

          metadata: https://docker.github.io/tuf-staging/metadata

          source: https://docker.github.io/tuf-staging/targets

          destination: docker://docker/tuf-targets

```

### Mirror only metadata from web

1. Build `go-tuf-mirror`

   ```sh

   make build

   ```

1. Run `metadata` command

   ```sh

   ./go-tuf-mirror metadata -s  -d 

   ```

   example:

   ```sh

   # output metadata to docker registry

   ./go-tuf-mirror metadata -s https://docker.github.io/tuf-staging/metadata -d docker://docker/tuf-metadata:latest

   Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to docker://docker/tuf-metadata:latest

   Metadata manifest pushed to docker/tuf-metadata:latest

   ```

#### Mirror delegated targets metadata

1. Run `metadata` command with the `-f` flag

   example:

   ```sh

   ./go-tuf-mirror metadata -f -s "https://docker.github.io/tuf-staging/metadata" -d "docker://docker/tuf-metadata:latest"

   Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to docker://docker/tuf-metadata:latest

   Metadata manifest pushed to docker/tuf-metadata:latest

   Delegated metadata manifest pushed to docker/tuf-metadata:opkl

   Delegated metadata manifest pushed to docker/tuf-metadata:doi

   ```

### Mirror only targets from web

1. Build `go-tuf-mirror`

   ```sh

   make build

   ```

1. Run `metadata` command

   ```sh

   ./go-tuf-mirror targets -m  -s   -d 

   ```

   example:

   ```sh

   # output targets to docker registry

   ./go-tuf-mirror targets -m https://docker.github.io/tuf-staging/metadata -s https://docker.github.io/tuf-staging/targets  -d docker://docker/tuf-targets

   Mirroring TUF targets https://docker.github.io/tuf-staging/targets to docker://docker/tuf-targets

   Target manifest pushed to docker/tuf-targets:ecc736303caf8cf22ef00df2db3c411a563030c2e1e7ae24f4e38113e7ad610d.doi-signing-stage.pem

   Target manifest pushed to docker/tuf-targets:3965bb0a873cff50e16b277444d659553ab79c9632a1fb03a6d9360af536c142.image-signer-verifier.pem

   Target manifest pushed to docker/tuf-targets:e4dc114275694612ee236b231990d606b7879d05f64809611545c8234efb6cd4.doi-signing-key.pem

   Target manifest pushed to docker/tuf-targets:5ddbaf12a091d0b877b7574af7cc19bf85023d649a520ccfebc0f2b5f8c2c4de.doi-signing-prod.pem

   ```

### Mirror metadata and targets from web

1. Build `go-tuf-mirror`

   ```sh

   make build

   ```

1. Run `all` command

   ```sh

   ./go-tuf-mirror all --source-metadata  --source-targets  --dest-metadata  --dest-targets 

   ```

   example:

   ```sh

   # outputs metadata and targets to local OCI layout

   ./go-tuf-mirror all --source-metadata "https://docker.github.io/tuf-staging/metadata" --source-targets "https://docker.github.io/tuf-staging/targets" --dest-targets "oci://./tmp/targets" --dest-metadata "oci://./tmp/metadata"

   Mirroring TUF metadata https://docker.github.io/tuf-staging/metadata to oci://./tmp/metadata

   Metadata manifest layout saved to ./tmp/metadata

   Mirroring TUF targets https://docker.github.io/tuf-staging/targets to oci://./tmp/targets

   Target manifest layout saved to tmp/targets/ecc736303caf8cf22ef00df2db3c411a563030c2e1e7ae24f4e38113e7ad610d.doi-signing-stage.pem

   Target manifest layout saved to tmp/targets/3965bb0a873cff50e16b277444d659553ab79c9632a1fb03a6d9360af536c142.image-signer-verifier.pem

   Target manifest layout saved to tmp/targets/e4dc114275694612ee236b231990d606b7879d05f64809611545c8234efb6cd4.doi-signing-key.pem

   ```