Add allows check for sync

.github/workflows/target-image-sync.yml

@@ -64,6 +64,10 @@ jobs:
         gh issue edit ${{ github.event.issue.number }} --add-label "sync image succeeded" -b "IMAGE SYNC"
         gh issue close ${{ github.event.issue.number }} --reason "completed"
 
+        if ! ./hack/verify-allows.sh ./allows.txt "${ORIGIN_IMAGE}"; then
+          gh issue comment ${{ github.event.issue.number }} -b "这个镜像不在白名单列表里, 在未来可能将无法访问<br>将其添加到[白名单](https://github.com/DaoCloud/public-image-mirror/blob/main/allows.txt)"
+        fi
+
     - name: Fail Sync
       if: failure()
       env:

.github/workflows/target-sync-image.yml

@@ -59,6 +59,10 @@ jobs:
         gh issue edit ${{ github.event.issue.number }} --add-label "sync image succeeded" -b "IMAGE SYNC"
         gh issue close ${{ github.event.issue.number }} --reason "completed"
 
+        if ! ./hack/verify-allows.sh ./allows.txt "${ORIGIN_IMAGE}"; then
+          gh issue comment ${{ github.event.issue.number }} -b "这个镜像不在白名单列表里, 在未来可能将无法访问<br>将其添加到[白名单](https://github.com/DaoCloud/public-image-mirror/blob/main/allows.txt)"
+        fi
+
     - name: Fail Sync
       if: failure()
       run: |

hack/verify-allows.sh

@@ -0,0 +1,27 @@
+#!/usr/bin/env bash
+
+file=$1
+
+image=$2
+
+function check_allows() {
+    local file=$1
+    local image=$2
+    while read line; do
+        if [[ "${line}" == *"**" ]]; then
+            if [[ "${image}" == "${line%\*\*}"* ]]; then
+                return 0
+            fi
+        elif [[ "${line}" == *"*" ]]; then
+            if [[ "${image}" == "${line%\*}"* ]]; then
+                if [[ "${image#"${line%\*}"}" != *"/"* ]]; then
+                    return 0
+                fi
+            fi
+        fi
+    done <"${file}"
+
+    return 1
+}
+
+check_allows "${file}" "${image}"