Skip to content

Commit 85dc544

Browse files
markt-sublimeclaude
andcommitted
Mirror MCR azurite/azure-cli images to GHCR and pull from there
mcr.microsoft.com rate-limits anonymous pulls (toomanyrequests), which intermittently fails the azurite + create_azure_blob_containers services during go-mantis CI. Add a weekly workflow that mirrors both images into ghcr.io/sublime-security, and point the compose services at the mirror so CI pulls from a registry we control. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent fa78afc commit 85dc544

2 files changed

Lines changed: 42 additions & 2 deletions

File tree

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
name: Mirror MCR images to GHCR
2+
3+
# Azurite and azure-cli are pulled from mcr.microsoft.com on every go-mantis CI run.
4+
# MCR rate-limits anonymous pulls (toomanyrequests), which flakes CI. Mirror them into
5+
# our own GHCR namespace so CI pulls from a registry we control instead of MCR.
6+
on:
7+
schedule:
8+
- cron: "0 6 * * 1" # weekly, Monday 06:00 UTC
9+
workflow_dispatch: {}
10+
11+
jobs:
12+
mirror:
13+
name: Mirror MCR images to GHCR
14+
runs-on: ubuntu-22.04
15+
16+
permissions:
17+
packages: write
18+
19+
strategy:
20+
fail-fast: false
21+
matrix:
22+
image:
23+
- src: mcr.microsoft.com/azure-storage/azurite:latest
24+
dst: ghcr.io/sublime-security/azurite:latest
25+
- src: mcr.microsoft.com/azure-cli:latest
26+
dst: ghcr.io/sublime-security/azure-cli:latest
27+
28+
steps:
29+
- name: Log in to GHCR
30+
uses: docker/login-action@v3
31+
with:
32+
registry: ghcr.io
33+
username: ${{ github.actor }}
34+
password: ${{ secrets.GITHUB_TOKEN }}
35+
36+
# imagetools copies the multi-arch manifest list registry-to-registry without a local pull.
37+
- name: Copy ${{ matrix.image.src }} to ${{ matrix.image.dst }}
38+
run: docker buildx imagetools create --tag ${{ matrix.image.dst }} ${{ matrix.image.src }}

docker-compose.yml

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,8 @@ services:
113113
- sublime_create_buckets
114114
sublime_azurite:
115115
container_name: sublime_azurite
116-
image: mcr.microsoft.com/azure-storage/azurite
116+
# mirrored from mcr.microsoft.com to dodge MCR anonymous-pull rate limits in CI
117+
image: ghcr.io/sublime-security/azurite:latest
117118
restart: unless-stopped
118119
networks:
119120
- net
@@ -125,7 +126,8 @@ services:
125126
- azurite_data:/data
126127
command: azurite --blobHost 0.0.0.0 --queueHost 0.0.0.0 --tableHost 0.0.0.0 --location /data --skipApiVersionCheck
127128
sublime_create_azure_blob_containers:
128-
image: mcr.microsoft.com/azure-cli
129+
# mirrored from mcr.microsoft.com to dodge MCR anonymous-pull rate limits in CI
130+
image: ghcr.io/sublime-security/azure-cli:latest
129131
depends_on:
130132
- sublime_azurite
131133
networks:

0 commit comments

Comments
 (0)