Fix Docker mirroring job for release context (#4303)

and secure job input parameters

.github/workflows/deploy-RELEASE-flavors.yml

@@ -112,17 +112,19 @@ jobs:
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:v8", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:v8" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Main image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:v8", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:${{ github.event.release.tag_name }}" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Main image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-${{ matrix.flavor }}:v8", "target-image": "docker.io/oxsecurity/megalinter-${{ matrix.flavor }}:latest" }'
-
+          ref: main
       # - name: Build Worker Image
       #   uses: docker/build-push-action@v6
       #   with:

.github/workflows/deploy-RELEASE-linters.yml

@@ -219,17 +219,19 @@ jobs:
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:v8", "target-image": "docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:v8" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Standalone image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:v8", "target-image": "docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:${{ github.event.release.tag_name }}" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Standalone image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter-only-${{ matrix.linter }}:v8", "target-image": "docker.io/oxsecurity/megalinter-only-${{ matrix.linter }}:latest" }'
-
+          ref: main
       #####################################
       # Run Linter test cases #
       #####################################

.github/workflows/deploy-RELEASE.yml

@@ -108,17 +108,19 @@ jobs:
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter:v8", "target-image": "docker.io/oxsecurity/megalinter:v8" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Main image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter:v8", "target-image": "docker.io/oxsecurity/megalinter:${{ github.event.release.tag_name }}" }'
+          ref: main
       - name: Invoke Mirror docker image workflow (Main image)
         uses: benc-uk/workflow-dispatch@v1
         with:
           workflow: mirror-docker-image.yml
           inputs: '{ "source-image": "ghcr.io/oxsecurity/megalinter:v8", "target-image": "docker.io/oxsecurity/megalinter:latest" }'
-
+          ref: main
       # - name: Build Worker Image
       #   uses: docker/build-push-action@v6
       #   with:

.github/workflows/mirror-docker-image.yml

@@ -17,7 +17,7 @@ on:
 jobs:
 
   copy-to-docker-hub-alpha:
-    if: github.ref_name == 'alpha'
+    if: github.ref_name == 'alpha' && endsWith(github.event.inputs.source-image,'alpha') && endsWith(github.event.inputs.target-image,'alpha')
     runs-on: ubuntu-latest
     environment:
       name: alpha
@@ -44,7 +44,7 @@ jobs:
         run: docker push "${{ github.event.inputs.target-image }}"
 
   copy-to-docker-hub-main:
-    if: github.ref_name == 'main' || startsWith(github.ref_name, 'v')
+    if: github.ref_name == 'main' && endsWith(github.event.inputs.source-image,'beta') && endsWith(github.event.inputs.target-image,'beta')
     runs-on: ubuntu-latest
     environment:
       name: beta
@@ -69,3 +69,30 @@ jobs:
         run: docker tag "${{ github.event.inputs.source-image }}" "${{ github.event.inputs.target-image }}"
       - name: Push image to Docker Hub
         run: docker push "${{ github.event.inputs.target-image }}"
+
+  copy-to-docker-hub-release:
+    if: github.ref_name == 'main' && contains(github.event.inputs.source-image,'v8') && (contains(github.event.inputs.target-image,'v8') || contains(github.event.inputs.target-image,'latest'))
+    runs-on: ubuntu-latest
+    environment:
+      name: release
+    steps:
+      # Free disk space
+      - name: Free Disk space
+        if: github.event.inputs.free-space-before == 'true'
+        shell: bash
+        run: |
+          sudo rm -rf /usr/local/lib/android  # will release about 10 GB if you don't need Android
+          sudo rm -rf /usr/share/dotnet # will release about 20GB if you don't need .NET
+      # Login to docker hub
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      # Copy ghrc.io image to Docker Hub
+      - name: Pull image from GHCR
+        run: docker pull "${{ github.event.inputs.source-image }}"
+      - name: Tag image for Docker Hub
+        run: docker tag "${{ github.event.inputs.source-image }}" "${{ github.event.inputs.target-image }}"
+      - name: Push image to Docker Hub
+        run: docker push "${{ github.event.inputs.target-image }}"

CHANGELOG.md

@@ -32,6 +32,7 @@ Note: Can be used with `oxsecurity/megalinter@beta` in your GitHub Action mega-l
 - Flavors
 
 - CI
+  - Fix Docker mirroring job for release context
 
 - mega-linter-runner