Introduction to GitHub Actions and Docker Image Synchronization Using GitHub Actions

GitHub Actions is a powerful continuous integration and continuous deployment (CI/CD) platform provided by GitHub that enables developers to automate various tasks in the software development lifecycle, such as building, testing, packaging, and deploying applications.

The core concept of GitHub Actions is event‑driven workflows defined in YAML files placed in the .github/workflows directory; these workflows specify which events (e.g., push, pull request, schedule) trigger a series of jobs and steps.

Docker image synchronization to domestic registries is a common requirement to improve pull speed and avoid network failures. The process includes selecting a domestic registry provider, creating a target repository, configuring a sync task (source and target images, tags, frequency), triggering the first sync, verifying the result, and adjusting the sync strategy as needed.

GitHub Actions can automate Docker image synchronization. An example workflow file docker-sync.yml is shown below:

name: Docker Image Sync

on:
  push:
    branches: ["main"]
  pull_request:
    branches: ["main"]

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v2
    - name: Set up QEMU
      uses: docker/setup-qemu-action@v1
    - name: Set up Docker Buildx
      uses: docker/setup-buildx-action@v1
    - name: Login to Docker Hub
      uses: docker/login-action@v1
      with:
        username: ${{ secrets.DOCKER_USERNAME }}
        password: ${{ secrets.DOCKER_PASSWORD }}
    - name: Sync Docker Image
      run: |
        docker pull
:
docker tag
:
:
docker push
:

This workflow runs on push or pull_request events on the main branch, logs into Docker Hub using secrets, pulls the source image, retags it, and pushes it to the target registry.

Additional configuration steps include adding Docker credentials ( DOCKER_USERNAME and DOCKER_PASSWORD ) as repository secrets, and replacing placeholder values ( <source-image-name> , <source-tag> , <target-image-name> , <target-tag> ) with actual image names and tags.

In the author’s personal practice, a GitHub repository was created to sync images to Tencent Cloud TCR. The target repository ccr.ccs.tencentyun.com/devopsvip/inbound-agent was set up, secrets for authentication were added, and a CI workflow ( .github/workflows/ci.yaml ) was used to pull the jenkins/inbound-agent:latest-jdk17 image, retag it, log in to Tencent Docker, and push it to the TCR.

# This is a basic workflow to help you get started with Actions
#VERSION 2
#renew
name: Docker image sync to tencent
env:
  REGISTRY_URL: "ccr.ccs.tencentyun.com/devopsvip"
on:
  push:
    paths:
      - '.github/workflows/**'
jobs:
  build:
    runs-on: ubuntu-20.04
    steps:
    - name: Push Docker images
      run: |
        docker pull jenkins/inbound-agent:latest-jdk17 
        docker tag jenkins/inbound-agent:latest-jdk17 ${REGISTRY_URL}/inbound-agent:latest-jdk17
        docker login -u ${{ secrets.TENCENTDOCKER_USER}} -p ${{ secrets.TENCENTDOCKER_PASSWD}} ${REGISTRY_URL}
        docker push ${REGISTRY_URL}/inbound-agent:latest-jdk17

After committing the workflow file to the main branch, each push or pull‑request event automatically triggers the image synchronization, providing a reliable and efficient way to keep Docker images up‑to‑date in the domestic registry.