Synchronize automatically kube-proxy images (#395)

juanluisvaladas · web-flow · commit 77474f59b7d1 · 2026-03-13T21:27:36.000+05:30
Add a new scheduled workflow (sync-kube-proxy-images.yaml) that runs
daily at 00:00 UTC (2 hours before test-kube-proxy-images.yml) to detect
missing kube-proxy images starting 1.33 (currently the oldest supported
kubernetes version). For each missing version it trigges
build-kube-proxy-images.yml via workflow_dispatch.

Also updates build-kube-proxy-images.yml so that the repository is now a
configurable input so that changes can be tested on local branches.

Signed-off-by: Juan-Luis de Sousa-Valadas Castaño &lt;jvaladas@mirantis.com&gt;
diff --git a/.github/workflows/build-kube-proxy-images.yml b/.github/workflows/build-kube-proxy-images.yml
@@ -7,14 +7,25 @@ on:
       proxy_version:
         description: 'Version of kube-proxy to build (ex: v1.27.1)'
         required: true
+      repository:
+        description: 'Repository to push the image to (ex: docker.io/sigwindowstools)'
+        required: false
+        default: 'docker.io/sigwindowstools'
 
 jobs:
   build:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v2
+
+    - name: Login to DockerHub
+      if: startsWith(github.event.inputs.repository, 'docker.io')
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_SECRET }}
+
     - name: Build and push images
       run: |
-        echo "${{ secrets.DOCKER_SECRET }}" | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
-        pushd ./hostprocess/calico 
-        ./build.sh -p ${{ github.event.inputs.proxy_version }}
+        pushd ./hostprocess/calico
+        ./build.sh -p ${{ github.event.inputs.proxy_version }} -r ${{ github.event.inputs.repository }}
diff --git a/.github/workflows/sync-kube-proxy-images.yaml b/.github/workflows/sync-kube-proxy-images.yaml
@@ -0,0 +1,92 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: Sync Kube-Proxy images
+
+on:
+  schedule:
+    - cron: '0 0 * * *' # Every day at 00:00 UTC
+  workflow_dispatch:
+    inputs:
+      repository:
+        description: 'Repository to push the image to (ex: docker.io/sigwindowstools)'
+        required: false
+        default: 'docker.io/sigwindowstools'
+
+env:
+  REPOSITORY: ${{ github.event.inputs.repository || 'docker.io/sigwindowstools' }}
+
+permissions:
+  actions: write
+
+jobs:
+  sync:
+    name: Find and sync missing kube-proxy images
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v6
+
+    - name: Login to DockerHub
+      if: startsWith(env.REPOSITORY, 'docker.io')
+      uses: docker/login-action@v3
+      with:
+        username: ${{ secrets.DOCKER_USERNAME }}
+        password: ${{ secrets.DOCKER_SECRET }}
+
+    - name: Find and trigger builds for missing images
+      env:
+        GH_TOKEN: ${{ github.token }}
+      run: |
+        set -euo pipefail
+
+        REPOSITORY="${{ env.REPOSITORY }}"
+        MIN_VERSION="1.33"
+        SUFFIX="-calico-hostprocess"
+        MISSING=()
+
+        # Fetch all kube-proxy tags from registry.k8s.io
+        echo "Fetching kube-proxy tags from registry.k8s.io..."
+        TAGS=$(curl -sL "https://registry.k8s.io/v2/kube-proxy/tags/list" | jq -r '.tags[]')
+
+        for TAG in $TAGS; do
+          # Must start with 'v'
+          [[ "$TAG" != v* ]] && continue
+
+          # Skip pre-release tags (contain a hyphen after stripping 'v')
+          VER="${TAG#v}"
+          [[ "$VER" == *-* ]] && continue
+
+          # Version comparison: must be >= MIN_VERSION
+          LOWEST=$(printf '%s\n' "$MIN_VERSION" "$VER" | sort -V | head -n1)
+          [[ "$LOWEST" != "$MIN_VERSION" ]] && continue
+
+          IMAGE="${REPOSITORY}/kube-proxy:${TAG}${SUFFIX}"
+          echo "Checking ${IMAGE} ..."
+
+          if docker manifest inspect "$IMAGE" > /dev/null 2>&1; then
+            echo "  exists"
+          else
+            echo "  missing"
+            MISSING+=("$TAG")
+          fi
+        done
+
+        echo ""
+        echo "=== Summary ==="
+        if [[ ${#MISSING[@]} -eq 0 ]]; then
+          echo "All kube-proxy images are up to date."
+          exit 0
+        fi
+
+        echo "Missing images (${#MISSING[@]}):"
+        for TAG in "${MISSING[@]}"; do
+          echo "  - ${REPOSITORY}/kube-proxy:${TAG}${SUFFIX}"
+        done
+
+        echo ""
+        echo "Triggering builds..."
+        for TAG in "${MISSING[@]}"; do
+          echo "  Dispatching build for ${TAG} -> ${REPOSITORY} ..."
+          gh workflow run build-kube-proxy-images.yml \
+            -f proxy_version="$TAG" \
+            -f repository="$REPOSITORY"
+        done
