Mirror container images #8

	---
	name: Mirror container images

	'on':
	workflow_dispatch:
	push:
	branches:
	- main
	pull_request:
	branches:
	- main
	# Run weekly (Monday at 11:32 UTC)
	schedule:
	- cron: '32 11 * * 1'

	jobs:
	push:
	name: Mirror ${{ matrix.image }}:${{ matrix.tag }}
	runs-on: ubuntu-latest
	strategy:
	matrix:
	image:
	- ''
	tag:
	- ''
	source_image:
	- ''
	platform:
	- ''
	exclude:
	- image: ''
	include:
	- image: vault
	tag: 1.10.0
	source_image: docker.io/library/vault:1.10.0
	platform: linux/amd64
	- image: local-kms
	tag: 3.11.1
	source_image: docker.io/nsmithuk/local-kms:3.11.1
	platform: linux/amd64
	max-parallel: 4
	fail-fast: false
	permissions:
	contents: read
	packages: write
	attestations: write
	id-token: write
	steps:
	- name: Install dependencies
	run: \|
	sudo apt-get install podman

	- name: Build ${{ matrix.image }}:${{ matrix.tag }}
	env:
	SOURCE_IMAGE: ${{ matrix.source_image }}
	DESTINATION_REPO: ${{ github.repository }}
	DESTINATION_NAME: ${{ matrix.image }}:${{ matrix.tag }}
	PLATFORM: ${{ matrix.platform }}
	run: >
	echo
	"FROM ${SOURCE_IMAGE}"
	\|
	podman
	build
	--platform
	"${PLATFORM}"
	--annotation
	"org.opencontainers.image.source=https://github.com/${DESTINATION_REPO}"
	-t
	"ghcr.io/${DESTINATION_REPO}/${DESTINATION_NAME}"
	-

	- name: Push ${{ matrix.image }}:${{ matrix.tag }} to GHCR
	if: github.event_name != 'pull_request'
	uses: redhat-actions/push-to-registry@v2
	with:
	registry: ghcr.io/${{ github.repository }}
	image: ${{ matrix.image }}
	tags: ${{ matrix.tag }}
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}

Provide feedback