Merge pull request #2497 from signalwire/gha

[GHA] Rework how secrets are used inside Dockerfiles.
This commit is contained in:
Andrey Volk 2024-06-22 19:29:00 +03:00 committed by GitHub
commit 70c5520466
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
9 changed files with 171 additions and 108 deletions

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -73,9 +64,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODE
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/rpi/debian-dev/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \

View File

@ -51,19 +51,10 @@ deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${COD
deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-unstable ${CODENAME} main
EOF EOF
RUN --mount=type=secret,id=REPO_PASSWORD \
printf "machine ${REPO_DOMAIN} " > ~/.netrc && \
printf "login ${REPO_USERNAME} " >> ~/.netrc && \
printf "password " >> ~/.netrc && \
cat /run/secrets/REPO_PASSWORD >> ~/.netrc && \
cp -f ~/.netrc /etc/apt/auth.conf
RUN git config --global --add safe.directory '*' \ RUN git config --global --add safe.directory '*' \
&& git config --global user.name "${MAINTAINER_NAME}" \ && git config --global user.name "${MAINTAINER_NAME}" \
&& git config --global user.email "${MAINTAINER_EMAIL}" && git config --global user.email "${MAINTAINER_EMAIL}"
RUN curl --netrc -o ${GPG_KEY} https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg
# Bootstrap and Build # Bootstrap and Build
COPY . ${DATA_DIR} COPY . ${DATA_DIR}
WORKDIR ${DATA_DIR} WORKDIR ${DATA_DIR}
@ -72,9 +63,25 @@ RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a
RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x
RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME}
RUN apt-get -q update && \ RUN --mount=type=secret,id=REPO_PASSWORD \
mk-build-deps --install --remove debian/control --tool "apt-get -y --no-install-recommends" && \ printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \
apt-get -y -f install printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \
printf "password " >> /etc/apt/auth.conf && \
cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \
curl \
--fail \
--netrc-file /etc/apt/auth.conf \
--output ${GPG_KEY} \
--silent \
https://${REPO_DOMAIN}/repo/deb/debian-unstable/signalwire-freeswitch-repo.gpg && \
file ${GPG_KEY} && \
apt-get --quiet update && \
mk-build-deps \
--install \
--remove debian/control \
--tool "apt-get --yes --no-install-recommends" && \
apt-get --yes --fix-broken install && \
rm -f /etc/apt/auth.conf
ENV DEB_BUILD_OPTIONS="parallel=1" ENV DEB_BUILD_OPTIONS="parallel=1"
RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \