Automated Image Synchronization to Your Registry

This guide helps organizations set up automated synchronization of sfp pro images from Flxbl's registry to their own container registry, with optional customization capabilities

Why Synchronize to Your Registry?

While you can pull directly from source.flxbl.io, maintaining your own synchronized copy provides:

Centralized version control across all teams
Reduced external dependencies during CI/CD runs
Ability to add organization-specific customizations
Improved pull performance from your own registry
Compliance with internal security policies

Setting Up Automated Synchronization

Step 1: Create a Dedicated Repository

Create a GitHub repository in your organization specifically for Docker image management (e.g., docker-images or sfp-docker).

Step 2: Configure Repository Secrets

Add the following secrets to your repository (Settings → Secrets and variables → Actions):

Secret Name

Description

Value

GITEA_USER

Your Gitea username

From your welcome email

GITEA_PAT

Personal Access Token for Gitea

Generate at source.flxbl.io (Settings → Applications → Personal Access Tokens) with read:package permission

Step 3: Create Synchronization Workflow

Create .github/workflows/sync-sfp-pro.yml in your repository:

name: Sync SFP Pro Images

on:
  workflow_dispatch:
    inputs:
      sfp_version:
        description: 'SFP Pro version (leave empty for latest)'
        required: false
        type: string
      include_sf_cli:
        description: 'Also sync SF CLI variant'
        required: false
        type: boolean
        default: true

env:
  REGISTRY: ghcr.io
  IMAGE_PREFIX: ${{ github.repository }}

jobs:
  sync-images:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write
    
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        
      - name: Login to source.flxbl.io
        run: |
          echo "${{ secrets.GITEA_PAT }}" | docker login source.flxbl.io \
            -u ${{ secrets.GITEA_USER }} \
            --password-stdin

      - name: Login to GitHub Container Registry
        run: |
          echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io \
            -u ${{ github.actor }} \
            --password-stdin

      - name: Determine version
        id: version
        run: |
          if [ -n "${{ github.event.inputs.sfp_version }}" ]; then
            echo "version=${{ github.event.inputs.sfp_version }}" >> $GITHUB_OUTPUT
          else
            # Fetch latest version from your version strategy
            echo "version=latest" >> $GITHUB_OUTPUT
          fi

      - name: Sync base SFP-Pro Lite image
        run: |
          SOURCE_IMAGE="source.flxbl.io/flxbl/sfp-pro-lite:${{ steps.version.outputs.version }}"
          TARGET_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-lite"
          
          docker pull ${SOURCE_IMAGE}
          docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:${{ steps.version.outputs.version }}
          docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:latest
          
          docker push ${TARGET_IMAGE}:${{ steps.version.outputs.version }}
          docker push ${TARGET_IMAGE}:latest

      - name: Sync SFP-Pro with SF CLI image
        if: github.event.inputs.include_sf_cli == true
        run: |
          SOURCE_IMAGE="source.flxbl.io/flxbl/sfp-pro:${{ steps.version.outputs.version }}"
          TARGET_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro"
          
          docker pull ${SOURCE_IMAGE}
          docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:${{ steps.version.outputs.version }}
          docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:latest
          
          docker push ${TARGET_IMAGE}:${{ steps.version.outputs.version }}
          docker push ${TARGET_IMAGE}:latest

Creating Custom Images

If you need to add organization-specific tools or configurations, create a Dockerfile:

For base sfp-pro-lite (without SF CLI):

ARG BASE_VERSION=latest
FROM source.flxbl.io/flxbl/sfp-pro-lite:${BASE_VERSION}

# Add your customizations
RUN apt-get update && apt-get install -y \
    jq \
    your-custom-tools \
    && rm -rf /var/lib/apt/lists/*

# Copy custom scripts or configurations
# COPY scripts/ /usr/local/bin/
# COPY config/ /etc/your-app/

For sfp-pro with SF CLI:

ARG BASE_VERSION=latest
FROM source.flxbl.io/flxbl/sfp-pro:${BASE_VERSION}

# Your customizations here

Then modify the workflow to build and push your custom image:

      - name: Build and push custom image
        run: |
          docker build \
            --build-arg BASE_VERSION=${{ steps.version.outputs.version }} \
            -f Dockerfile \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-custom:${{ steps.version.outputs.version }} \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-custom:latest \
            .
          
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-custom:${{ steps.version.outputs.version }}
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-custom:latest

Using Synchronized Images in Your Pipelines

Update your project workflows to use images from your registry:

GitHub Actions:

jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/your-org/docker-images/sfp-pro:latest
      credentials:
        username: ${{ github.actor }}
        password: ${{ secrets.GITHUB_TOKEN }}

GitLab CI:

image: ghcr.io/your-org/docker-images/sfp-pro:latest

before_script:
  - echo "$CI_REGISTRY_PASSWORD" | docker login ghcr.io -u "$CI_REGISTRY_USER" --password-stdin

Azure DevOps:

resources:
  containers:
  - container: sfp
    image: ghcr.io/your-org/docker-images/sfp-pro:latest
    endpoint: your-service-connection

jobs:
- job: Build
  container: sfp

Verification

After running the workflow, verify the synchronization:

# List available images in your registry
docker search ghcr.io/your-org/docker-images

# Pull and test the synchronized image
docker pull ghcr.io/your-org/docker-images/sfp-pro:latest
docker run --rm ghcr.io/your-org/docker-images/sfp-pro:latest sfp --version

Troubleshooting

Authentication Issues

If you encounter authentication errors:

Verify your PAT has read:package permission
Check that secrets are correctly set in repository settings
Ensure your Gitea username is correct

Image Not Found

If the source image cannot be pulled:

Check the version exists at https://source.flxbl.io/flxbl/-/packages/container/sfp-pro/
Verify your network can reach source.flxbl.io
Confirm your credentials are valid

Push Failures to GitHub Container Registry

Ensure the workflow has packages: write permission
Verify the repository name in IMAGE_PREFIX is correct
Check GitHub Packages settings for your repository

Last updated 5 months ago

name: Sync SFP Pro Images on: workflow_dispatch: inputs: sfp_version: description: 'SFP Pro version (leave empty for latest)' required: false type: string include_sf_cli: description: 'Also sync SF CLI variant' required: false type: boolean default: true env: REGISTRY: ghcr.io IMAGE_PREFIX: ${{ github.repository }} jobs: sync-images: runs-on: ubuntu-latest permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v4 - name: Login to source.flxbl.io run: | echo "${{ secrets.GITEA_PAT }}" | docker login source.flxbl.io \ -u ${{ secrets.GITEA_USER }} \ --password-stdin - name: Login to GitHub Container Registry run: | echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io \ -u ${{ github.actor }} \ --password-stdin - name: Determine version id: version run: | if [ -n "${{ github.event.inputs.sfp_version }}" ]; then echo "version=${{ github.event.inputs.sfp_version }}" >> $GITHUB_OUTPUT else # Fetch latest version from your version strategy echo "version=latest" >> $GITHUB_OUTPUT fi - name: Sync base SFP-Pro Lite image run: | SOURCE_IMAGE="source.flxbl.io/flxbl/sfp-pro-lite:${{ steps.version.outputs.version }}" TARGET_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro-lite" docker pull ${SOURCE_IMAGE} docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:${{ steps.version.outputs.version }} docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:latest docker push ${TARGET_IMAGE}:${{ steps.version.outputs.version }} docker push ${TARGET_IMAGE}:latest - name: Sync SFP-Pro with SF CLI image if: github.event.inputs.include_sf_cli == true run: | SOURCE_IMAGE="source.flxbl.io/flxbl/sfp-pro:${{ steps.version.outputs.version }}" TARGET_IMAGE="${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/sfp-pro" docker pull ${SOURCE_IMAGE} docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:${{ steps.version.outputs.version }} docker tag ${SOURCE_IMAGE} ${TARGET_IMAGE}:latest docker push ${TARGET_IMAGE}:${{ steps.version.outputs.version }} docker push ${TARGET_IMAGE}:latest

Good evening

hashtagWhy Synchronize to Your Registry?

hashtagSetting Up Automated Synchronization

hashtagStep 1: Create a Dedicated Repository

hashtagStep 2: Configure Repository Secrets

hashtagStep 3: Create Synchronization Workflow

hashtagCreating Custom Images

hashtagFor base sfp-pro-lite (without SF CLI):

hashtagFor sfp-pro with SF CLI:

hashtagUsing Synchronized Images in Your Pipelines

hashtagGitHub Actions:

hashtagGitLab CI:

hashtagAzure DevOps:

hashtagVerification

hashtagTroubleshooting

hashtagAuthentication Issues

hashtagImage Not Found

hashtagPush Failures to GitHub Container Registry