INF-526 Add mirror job and update the workflow values

Author: Odida

.github/workflows/01-build-then-test.yml

@@ -133,10 +133,10 @@ jobs:
     needs:
       - start-runner-test_branch
     container:
-      image: ghcr.io/fews-net/inf/docker:latest
+      image: ghcr.io/american-institutes-for-research/actions-cli:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PAT }}
+        password: ${{ secrets.CR_PAT }}
     defaults:
       run:
         shell: ash --noprofile --norc -eo pipefail {0} # Fail on any non-zero exit code, even in piped commands
@@ -167,7 +167,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
       - name: "Pull previous images to speed up builds"
         run: |
           for SERVICE in ${BUILD_IMAGES}; do (docker pull ${CI_REGISTRY_IMAGE}/${SERVICE}:edge | grep -i -e 'Pulling from' -e Digest -e Status -e Error) || true; done
@@ -276,10 +276,10 @@ jobs:
     needs:
       - start-runner-test_keepdb
     container:
-      image: ghcr.io/fews-net/inf/docker:latest
+      image: ghcr.io/american-institutes-for-research/actions-cli:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PAT }}
+        password: ${{ secrets.CR_PAT }}
     defaults:
       run:
         shell: ash --noprofile --norc -eo pipefail {0} # Fail on any non-zero exit code, even in piped commands
@@ -310,7 +310,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
       - name: "Pull previous images to speed up builds"
         run: |
           for SERVICE in ${BUILD_IMAGES}; do (docker pull ${CI_REGISTRY_IMAGE}/${SERVICE}:edge | grep -i -e 'Pulling from' -e Digest -e Status -e Error) || true; done
@@ -401,10 +401,10 @@ jobs:
     needs:
       - start-runner-test_main
     container:
-      image: ghcr.io/fews-net/inf/docker:latest
+      image: ghcr.io/american-institutes-for-research/actions-cli:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PAT }}
+        password: ${{ secrets.CR_PAT }}
     defaults:
       run:
         shell: ash --noprofile --norc -eo pipefail {0} # Fail on any non-zero exit code, even in piped commands
@@ -435,7 +435,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
       - name: "Pull previous images to speed up builds"
         run: |
           echo Using registry image ${CI_REGISTRY_IMAGE}
@@ -529,10 +529,10 @@ jobs:
     needs:
       - start-runner-test_tag
     container:
-      image: ghcr.io/fews-net/inf/docker:latest
+      image: ghcr.io/american-institutes-for-research/actions-cli:latest
       credentials:
         username: ${{ github.repository_owner }}
-        password: ${{ secrets.GHCR_PAT }}
+        password: ${{ secrets.CR_PAT }}
     defaults:
       run:
         shell: ash --noprofile --norc -eo pipefail {0} # Fail on any non-zero exit code, even in piped commands
@@ -563,7 +563,7 @@ jobs:
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+          password: ${{ secrets.DOCKER_HUB_TOKEN }}
       - uses: "actions/checkout@v4"
         with:
           ssh-key: ${{ secrets.GIT_SSH_PRIVATE_KEY }}

.github/workflows/03-mirror-to-fdw.yml

@@ -0,0 +1,41 @@
+name: Mirror to FDW
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - "main"
+    tags:
+      - "*"
+
+jobs:
+  mirror:
+    runs-on: [ fewsnet ]
+    # run in container to avoid file permission issues like EACCES: permission denied
+    container: "python:3.12"
+    steps:
+      - uses: "actions/checkout@v4"
+        with:
+          # we don't want the current commit only,
+          # but also previous commits in case those haven't been synced
+          fetch-depth: 0
+
+        # since we are running this on the runner controller (like lint), action/checkout
+        # will not create a new repo for subsequent runs. This lead to
+        # error: remote mirror already exists.
+        # We will just remove the remote here if it already exists, so mirror-action works
+      - name: Remove existing remote
+        run: |
+          # seems to be necessary to run git commands
+          git config --global --add safe.directory /__w/FEWSNET-HEA-Database-Development/FEWSNET-HEA-Database-Development
+          git remote remove mirror || echo "No remote 'mirror' existed"
+
+      - uses: yesolutions/[email protected]
+        with:
+          REMOTE: "ssh://[email protected]/FEWS-NET/HEA-Database-Development.git"
+          GIT_SSH_PRIVATE_KEY: ${{ secrets.FDW_GIT_SSH_PRIVATE_KEY }}
+          # @TODO: change this to secrets.GIT_SSH_KNOWN_HOSTS
+          GIT_SSH_NO_VERIFY_HOST: "true"
+          PUSH_ALL_REFS: "false"