From 453b18d893e01a4351aac0cf9517439ca077eca8 Mon Sep 17 00:00:00 2001 From: s3rj1k Date: Sat, 22 Jun 2024 16:26:28 +0200 Subject: [PATCH] [GHA] Rework how secrets are used inside Dockerfiles. --- .../docker/debian/bookworm/amd64/Dockerfile | 31 ++++++++++++------- .../docker/debian/bookworm/arm32v7/Dockerfile | 31 ++++++++++++------- .../docker/debian/bookworm/arm64v8/Dockerfile | 31 ++++++++++++------- .../docker/debian/bullseye/amd64/Dockerfile | 31 ++++++++++++------- .../docker/debian/bullseye/arm32v7/Dockerfile | 31 ++++++++++++------- .../docker/debian/bullseye/arm64v8/Dockerfile | 31 ++++++++++++------- .github/docker/debian/buster/amd64/Dockerfile | 31 ++++++++++++------- .../docker/debian/buster/arm32v7/Dockerfile | 31 ++++++++++++------- .../docker/debian/buster/arm64v8/Dockerfile | 31 ++++++++++++------- 9 files changed, 171 insertions(+), 108 deletions(-) diff --git a/.github/docker/debian/bookworm/amd64/Dockerfile b/.github/docker/debian/bookworm/amd64/Dockerfile index b500830148..844d9494a4 100644 --- a/.github/docker/debian/bookworm/amd64/Dockerfile +++ b/.github/docker/debian/bookworm/amd64/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/bookworm/arm32v7/Dockerfile b/.github/docker/debian/bookworm/arm32v7/Dockerfile index 43b4778b3e..164e602356 100644 --- a/.github/docker/debian/bookworm/arm32v7/Dockerfile +++ b/.github/docker/debian/bookworm/arm32v7/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/bookworm/arm64v8/Dockerfile b/.github/docker/debian/bookworm/arm64v8/Dockerfile index 50c24957f1..0e30f8504e 100644 --- a/.github/docker/debian/bookworm/arm64v8/Dockerfile +++ b/.github/docker/debian/bookworm/arm64v8/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/bullseye/amd64/Dockerfile b/.github/docker/debian/bullseye/amd64/Dockerfile index aefbd38224..e4557f1ed6 100644 --- a/.github/docker/debian/bullseye/amd64/Dockerfile +++ b/.github/docker/debian/bullseye/amd64/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/bullseye/arm32v7/Dockerfile b/.github/docker/debian/bullseye/arm32v7/Dockerfile index b3a6f00c36..03eb59b40f 100644 --- a/.github/docker/debian/bullseye/arm32v7/Dockerfile +++ b/.github/docker/debian/bullseye/arm32v7/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/bullseye/arm64v8/Dockerfile b/.github/docker/debian/bullseye/arm64v8/Dockerfile index dfa899540e..ca216a82d7 100644 --- a/.github/docker/debian/bullseye/arm64v8/Dockerfile +++ b/.github/docker/debian/bullseye/arm64v8/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/buster/amd64/Dockerfile b/.github/docker/debian/buster/amd64/Dockerfile index 119a18076e..a0da4dbe7c 100644 --- a/.github/docker/debian/buster/amd64/Dockerfile +++ b/.github/docker/debian/buster/amd64/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -73,9 +64,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/buster/arm32v7/Dockerfile b/.github/docker/debian/buster/arm32v7/Dockerfile index 2113f55bd8..c283d9c6ce 100644 --- a/.github/docker/debian/buster/arm32v7/Dockerfile +++ b/.github/docker/debian/buster/arm32v7/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ diff --git a/.github/docker/debian/buster/arm64v8/Dockerfile b/.github/docker/debian/buster/arm64v8/Dockerfile index 150a77fec2..ac1f77959f 100644 --- a/.github/docker/debian/buster/arm64v8/Dockerfile +++ b/.github/docker/debian/buster/arm64v8/Dockerfile @@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main EOF -RUN --mount=type=secret,id=REPO_PASSWORD \ - printf "machine ${REPO_DOMAIN} " > ~/.netrc && \ - printf "login ${REPO_USERNAME} " >> ~/.netrc && \ - printf "password " >> ~/.netrc && \ - cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \ - cp -f ~/.netrc /etc/apt/auth.conf - RUN git config --global --add safe.directory '*' \ && git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.email "${MAINTAINER_EMAIL}" -RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg - # Bootstrap and Build COPY . ${DATA_DIR} WORKDIR ${DATA_DIR} @@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} -RUN apt-get -q update && \ - mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ - apt-get -y -f install +RUN --mount=type=secret,id=REPO_PASSWORD \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + --silent \ + https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf ENV DEB_BUILD_OPTIONS="parallel=1" RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \