Docker: Mirror images to GitHub Container Registry

.github/workflows/deploy.yml

@@ -145,6 +145,9 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        if: github.event.inputs.skip-build-push-image != 'true'
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Deploy new images
         if: github.event.inputs.skip-build-push-image != 'true'
         uses: nick-invision/retry@master
@@ -153,6 +156,14 @@ jobs:
           max_attempts: 5
           retry_wait_seconds: 300
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release
+      - name: Mirror versioned images to GHCR
+        if: github.event.inputs.skip-build-push-image != 'true'
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 30
+          max_attempts: 5
+          retry_wait_seconds: 300
+          command: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_ghcr
       - name: Tag images as latest
         if: github.event.inputs.skip-build-push-image != 'true'
         run: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_latest
@@ -164,6 +175,14 @@ jobs:
           max_attempts: 5
           retry_wait_seconds: 300
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_latest
+      - name: Mirror latest images to GHCR
+        if: github.event.inputs.skip-build-push-image != 'true'
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 20
+          max_attempts: 5
+          retry_wait_seconds: 300
+          command: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_ghcr_latest
       - name: Update package versions
         run: make update_browser_versions_matrix
 #          make generate_latest_sbom
@@ -176,6 +195,14 @@ jobs:
           max_attempts: 5
           retry_wait_seconds: 300
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} PUSH_IMAGE=true make tag_and_push_browser_images
+      - name: Mirror browser images to GHCR
+        if: github.event.inputs.skip-build-push-image != 'true'
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 30
+          max_attempts: 5
+          retry_wait_seconds: 300
+          command: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_and_push_browser_images_ghcr
       - name: Delete previous nightly tag & release if any
         uses: dev-drprasad/delete-tag-and-release@master
         with:

.github/workflows/nightly.yml

@@ -97,6 +97,8 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Tag images as nightly
         run: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make tag_nightly
       - name: Deploy nightly tag
@@ -106,6 +108,13 @@ jobs:
           max_attempts: 3
           retry_wait_seconds: 120
           command: VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_nightly
+      - name: Mirror nightly images to GHCR
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 20
+          max_attempts: 3
+          retry_wait_seconds: 120
+          command: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" VERSION="${GRID_VERSION}" BUILD_DATE=${BUILD_DATE} make release_ghcr_nightly
 #      - name: Update package versions
 #        run: make generate_nightly_sbom
       - name: Get current latest tag

.github/workflows/release-chrome-for-testing-versions.yml

@@ -112,6 +112,9 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        if: env.PUSH_IMAGE == 'true'
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Build images with Grid core ${{ env.GRID_VERSION }} and ${{ env.BROWSER_NAME }} v${{ env.BROWSER_VERSION }}
         uses: nick-invision/retry@master
         with:
@@ -148,6 +151,9 @@ jobs:
         if: env.PUSH_IMAGE == 'true'
         run: |
           ./tests/build-backward-compatible/bootstrap.sh ${GRID_VERSION} ${BROWSER_VERSION} ${BROWSER_NAME} ${REUSE_BASE} true true
+      - name: Mirror images to GHCR
+        if: env.PUSH_IMAGE == 'true'
+        run: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" BROWSER_NAME="${BROWSER_NAME}" make mirror_browser_images_ghcr
       - name: Upload changelog
         if: always()
         uses: actions/upload-artifact@main

.github/workflows/release-chrome-versions.yml

@@ -112,6 +112,9 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        if: env.PUSH_IMAGE == 'true'
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Build images with Grid core ${{ env.GRID_VERSION }} and ${{ env.BROWSER_NAME }} v${{ env.BROWSER_VERSION }}
         uses: nick-invision/retry@master
         with:
@@ -148,6 +151,9 @@ jobs:
         if: env.PUSH_IMAGE == 'true'
         run: |
           ./tests/build-backward-compatible/bootstrap.sh ${GRID_VERSION} ${BROWSER_VERSION} ${BROWSER_NAME} ${REUSE_BASE} true true
+      - name: Mirror images to GHCR
+        if: env.PUSH_IMAGE == 'true'
+        run: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" BROWSER_NAME="${BROWSER_NAME}" make mirror_browser_images_ghcr
       - name: Upload changelog
         if: always()
         uses: actions/upload-artifact@main

.github/workflows/release-edge-versions.yml

@@ -112,6 +112,9 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        if: env.PUSH_IMAGE == 'true'
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Build images with Grid core ${{ env.GRID_VERSION }} and ${{ env.BROWSER_NAME }} v${{ env.BROWSER_VERSION }}
         uses: nick-invision/retry@master
         with:
@@ -148,6 +151,9 @@ jobs:
         if: env.PUSH_IMAGE == 'true'
         run: |
           ./tests/build-backward-compatible/bootstrap.sh ${GRID_VERSION} ${BROWSER_VERSION} ${BROWSER_NAME} ${REUSE_BASE} true true
+      - name: Mirror images to GHCR
+        if: env.PUSH_IMAGE == 'true'
+        run: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" BROWSER_NAME="${BROWSER_NAME}" make mirror_browser_images_ghcr
       - name: Upload changelog
         if: always()
         uses: actions/upload-artifact@main

.github/workflows/release-firefox-versions.yml

@@ -112,6 +112,9 @@ jobs:
         env:
           DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
           DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Login GitHub Container Registry
+        if: env.PUSH_IMAGE == 'true'
+        run: echo "${{ secrets.SELENIUM_CI_TOKEN }}" | docker login ghcr.io -u "${{ github.repository_owner }}" --password-stdin
       - name: Build images with Grid core ${{ env.GRID_VERSION }} and ${{ env.BROWSER_NAME }} v${{ env.BROWSER_VERSION }}
         uses: nick-invision/retry@master
         with:
@@ -148,6 +151,9 @@ jobs:
         if: env.PUSH_IMAGE == 'true'
         run: |
           ./tests/build-backward-compatible/bootstrap.sh ${GRID_VERSION} ${BROWSER_VERSION} ${BROWSER_NAME} ${REUSE_BASE} true true
+      - name: Mirror images to GHCR
+        if: env.PUSH_IMAGE == 'true'
+        run: GHCR_NAMESPACE="ghcr.io/${{ github.repository_owner }}" BROWSER_NAME="${BROWSER_NAME}" make mirror_browser_images_ghcr
       - name: Upload changelog
         if: always()
         uses: actions/upload-artifact@main

Makefile

@@ -37,6 +37,7 @@ KEDA_BASED_NAME := $(or $(KEDA_BASED_NAME),$(KEDA_BASED_NAME),kedacore)
 KEDA_BASED_TAG := $(or $(KEDA_BASED_TAG),$(KEDA_BASED_TAG),2.19.0)
 TEST_PATCHED_KEDA := $(or $(TEST_PATCHED_KEDA),$(TEST_PATCHED_KEDA),false)
 TRACING_EXPORTER_ENDPOINT := $(or $(TRACING_EXPORTER_ENDPOINT),$(TRACING_EXPORTER_ENDPOINT),http://\$$KUBERNETES_NODE_HOST_IP:4317)
+GHCR_NAMESPACE := $(or $(GHCR_NAMESPACE),$(GHCR_NAMESPACE),ghcr.io/seleniumhq)
 
 all: hub \
 	distributor \
@@ -468,6 +469,28 @@ tag_and_push_edge_images:
 tag_and_push_firefox_images:
 	./tag_and_push_browser_images.sh $(VERSION) $(BUILD_DATE) $(NAMESPACE) $(PUSH_IMAGE) firefox $(RELEASE_OLD_VERSION)
 
+tag_and_push_browser_images_ghcr:
+	for image in node-chrome standalone-chrome \
+	    node-chromium standalone-chromium \
+	    node-chrome-for-testing standalone-chrome-for-testing \
+	    node-edge standalone-edge \
+	    node-firefox standalone-firefox; do \
+	  docker images --format "{{.Tag}}" "$(NAME)/$$image" | grep -v "^<none>$$" | while IFS= read -r tag; do \
+	    docker buildx imagetools create \
+	      --tag $(GHCR_NAMESPACE)/$$image:$$tag \
+	      docker.io/$(NAME)/$$image:$$tag ; \
+	  done ; \
+	done
+
+mirror_browser_images_ghcr:
+	for image in node-$(BROWSER_NAME) standalone-$(BROWSER_NAME); do \
+	  docker images --format "{{.Tag}}" "$(NAME)/$$image" | grep -v "^<none>$$" | while IFS= read -r tag; do \
+	    docker buildx imagetools create \
+	      --tag $(GHCR_NAMESPACE)/$$image:$$tag \
+	      docker.io/$(NAME)/$$image:$$tag ; \
+	  done ; \
+	done
+
 tag_ffmpeg_latest:
 	docker tag $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE) $(NAME)/ffmpeg:latest
 	docker tag $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE) $(NAME)/ffmpeg:$(FFMPEG_VERSION)
@@ -537,6 +560,18 @@ release_latest:
 	docker push $(NAME)/standalone-all-browsers:latest
 	docker push $(NAME)/video:latest
 
+release_ghcr_latest:
+	for image in base hub distributor router sessions session-queue event-bus \
+	    node-base node-chrome node-chromium node-chrome-for-testing node-edge \
+	    node-firefox node-docker node-kubernetes node-all-browsers \
+	    standalone-chrome standalone-chromium standalone-chrome-for-testing \
+	    standalone-edge standalone-firefox standalone-docker \
+	    standalone-kubernetes standalone-all-browsers video; do \
+	  docker buildx imagetools create \
+	    --tag $(GHCR_NAMESPACE)/$$image:latest \
+	    docker.io/$(NAME)/$$image:latest ; \
+	done
+
 generate_latest_sbom:
 	NAME=$(NAME) FILTER_IMAGE_TAG=latest OUTPUT_FILE=$(SBOM_OUTPUT) ./generate_sbom.sh
 
@@ -600,6 +635,18 @@ release_nightly:
 	docker push $(NAME)/standalone-all-browsers:nightly
 	docker push $(NAME)/video:nightly
 
+release_ghcr_nightly:
+	for image in base hub distributor router sessions session-queue event-bus \
+	    node-base node-chrome node-chromium node-chrome-for-testing node-edge \
+	    node-firefox node-docker node-kubernetes node-all-browsers \
+	    standalone-chrome standalone-chromium standalone-chrome-for-testing \
+	    standalone-edge standalone-firefox standalone-docker \
+	    standalone-kubernetes standalone-all-browsers video; do \
+	  docker buildx imagetools create \
+	    --tag $(GHCR_NAMESPACE)/$$image:nightly \
+	    docker.io/$(NAME)/$$image:nightly ; \
+	done
+
 generate_nightly_sbom:
 	NAME=$(NAME) FILTER_IMAGE_TAG=nightly OUTPUT_FILE=$(SBOM_OUTPUT) ./generate_sbom.sh
 
@@ -800,6 +847,23 @@ release: tag_major_minor
 	docker push $(NAME)/standalone-all-browsers:$(MAJOR_MINOR_PATCH)
 	docker push $(NAME)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE)
 
+release_ghcr:
+	for image in base hub distributor router sessions session-queue event-bus \
+	    node-base node-chrome node-chromium node-chrome-for-testing node-edge \
+	    node-firefox node-docker node-kubernetes node-all-browsers \
+	    standalone-chrome standalone-chromium standalone-chrome-for-testing \
+	    standalone-edge standalone-firefox standalone-docker \
+	    standalone-kubernetes standalone-all-browsers; do \
+	  for tag in $(TAG_VERSION) $(MAJOR) $(MAJOR).$(MINOR) $(MAJOR_MINOR_PATCH); do \
+	    docker buildx imagetools create \
+	      --tag $(GHCR_NAMESPACE)/$$image:$$tag \
+	      docker.io/$(NAME)/$$image:$$tag ; \
+	  done ; \
+	done
+	docker buildx imagetools create \
+	  --tag $(GHCR_NAMESPACE)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) \
+	  docker.io/$(NAME)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE)
+
 start_test_site:
 	@docker rm -f the-internet 2>/dev/null || true
 	@docker run --rm --name the-internet -d -p 5001:5000 ndviet/the-internet:latest