Repository to release images from Docker Hub and securely republish them within GitHub Packages in an auditable and reliable manner.
LibertyHub is designed to provide a transparent and secure way to import container images from external sources (initially Docker Hub) into GitHub Packages. This enhances security, provides audit trails, and reduces dependency on external registries.
- Issue-Based Workflow: Users create an issue using a standardized template
- Automated Processing: GitHub Workflows process the request
- Verification & Publishing: The system checks if the image already exists, then imports and publishes it
- Audit Trail: All actions are logged for complete transparency
- Source Selection: Choose the image source (initially Docker Hub, with plans to expand)
- Support for Official Images: Option to mark an image as an official Docker Hub image
- Simple Request Process: Easy-to-use issue template with dropdown options
- Latest Version Support: Option to select the latest version of an image
- Automatic Updates: For images marked as "latest", duplicate requests will trigger an update
- Naming Convention: Images are republished following the pattern
<source>-<image>:<version> - Complete Audit Trail: All actions are logged, including image hashes, versions, and workflow details
- Duplicate Prevention: System verifies if the requested image already exists before processing
- Create a new issue using the "Image Import Request" template
- Fill in the required information:
- Image source (select "Docker Hub" from dropdown)
- Check "This is an official Docker Hub image" if applicable
- Repository name (leave empty for official images, e.g., nginx, ubuntu)
- Repository name (required for non-official images, e.g., bitnami)
- Image name
- Version (or check "Use latest")
- Submit the issue
- The workflow will process your request automatically and provide updates in the issue comments
- Once completed, the image will be available in GitHub Packages with the naming convention
dockerhub-<image>:<version>
To update an image tagged as "latest" to the newest version available:
- Simply create a new image import request with the same image details
- Check the "Use latest" option
- Submit the issue
- The system will detect it's a duplicate request for a "latest" image and automatically update it
Each image import includes the following audit information:
- Original image source and URL
- Image hash before and after import
- Timestamp of import
- GitHub Actions workflow run ID and logs
- User who initiated the request
For updated "latest" images, additional audit information includes:
- Previous image digest
- New image digest
- Update timestamp
- User who initiated the update
Contributions to improve LibertyHub are welcome. Please see our contributing guidelines for more information.
That code was generated with GitHub Copilot using Claude 3.7 Sonnet Model. The code is licensed under the MIT License.