Epic Goal

• Support mirroring of sets of repositories or entire namespaces in a single configuration step so that changes in set of repos to mirrors are automatically discovered and captured

Why is this important?

• repo mirroring is done individually today, per repository
• users often want to mirror various related repositories from a single namespace and/or quay organization

Scenarios

1. As a Quay user, I want to mirror a pre-defined set of namespaces (aka 'organzations' in Quay, 'projects' in Harbor, etc) from an upstream registry into Quay deployment using a single mirroring task
2. As a Quay user, I want to configure the mirroring task so that only a subset of repositories found in the given namespaces are mirrored, using a list or a regular expression
3. As a Quay user, I want to configure the mirroring task so that only a subset of tags found in the matched repositories are mirrored, using a list or a regular expression
4. As a Quay user, I want to configure the mirroring task so that it automatically mirrors referring manifests related to the tags matched in the mirroring operation
5. As a Quay user, I want to configure the mirroring task so that it can restrict the manifest / image types matched by the mirroring task by supplying a list 
6. As a Quay user, I want to configure the mirroring task so that it can restrict the os/platform of manifest lists / OCI indexes matched by the mirroring task by supplying a list
7. As a Quay user, I want to configure the mirroring task so that it can be configured whether or not organizations, repositories, tags, referrers, and manifest list childs that are absent in the upstream registry should be deleted if found in the local Quay instance
8. As a Quay user, I want to configure the mirroring task so that it can be configured whether it stop when errors occur (default is continue)
9. As a Quay user, I want to configure the mirroring task so that it can be configured how often it re-attempt image downloads (default is 3, minimum is 1)

Acceptance Criteria

• The mirroring jobs can be created regular users unless they are in the restricted user list
• The mirroring jobs automatically create organizations and repositories, regardless of how Quay is configured to generally handle automatic creation of organizations and repositories on push
• The creation or deletion of organizations, repositories, images and referrers is subject to the permission of the user owning the mirroring task
• The feature should come with a config toggle to optionally disable it, by default it is enabled
• Audit events are created when orgs, repos, tags and referrers are created as part of a mirroring task, and are separate event types from regular creation of these entities
• Quay-specific features (see below) are not required for this feature to be considered done

Open questions:

1. Are there any Quay-specific features / use cases that arise when the remote Registry is also a Quay instance?
   1. Auto-discover all available organizations (there is no OCI endpoint for this)
   2. Mirror organization and repository settings
   3. Mirror organization and repository permissions

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>