From 6b45bcd49177d1afa82a322c6d76906ffe49f8c9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ferm=C3=ADn=20Gal=C3=A1n=20M=C3=A1rquez?= Date: Thu, 4 Jul 2024 12:52:54 +0200 Subject: [PATCH] FIX improve Docker building process --- .github/workflows/publishimage-master.yml | 2 +- .github/workflows/publishimage-tag.yml | 2 +- docker/Dockerfile | 6 ++---- docker/Dockerfile.alpine | 6 ++---- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/.github/workflows/publishimage-master.yml b/.github/workflows/publishimage-master.yml index 64ceb47bcf..c1d42e8662 100644 --- a/.github/workflows/publishimage-master.yml +++ b/.github/workflows/publishimage-master.yml @@ -26,7 +26,7 @@ jobs: password: ${{ secrets.DOCKERHUB_TEF_TOKEN }} - name: Build Docker image - run: docker build -t telefonicaiot/fiware-orion:latest --build-arg GIT_REV_ORION=master --build-arg REPO_ACCESS_TOKEN=${{ secrets.REPO_ACCESS_TOKEN }} --no-cache -f docker/Dockerfile . + run: docker build -t telefonicaiot/fiware-orion:latest --build-arg GIT_REV_ORION=master --secret id=repo_token,env=${{ secrets.REPO_ACCESS_TOKEN }} --no-cache -f docker/Dockerfile . - name: Push Docker image run: docker push telefonicaiot/fiware-orion:latest diff --git a/.github/workflows/publishimage-tag.yml b/.github/workflows/publishimage-tag.yml index 5dde6e8d27..0218590d03 100644 --- a/.github/workflows/publishimage-tag.yml +++ b/.github/workflows/publishimage-tag.yml @@ -30,7 +30,7 @@ jobs: run: echo "VERSION=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV - name: Build Docker image - run: docker build -t telefonicaiot/fiware-orion:${{ env.VERSION }} --build-arg GIT_REV_ORION=${{ env.VERSION }} --build-arg REPO_ACCESS_TOKEN=${{ secrets.REPO_ACCESS_TOKEN }} --no-cache -f docker/Dockerfile . + run: docker build -t telefonicaiot/fiware-orion:${{ env.VERSION }} --build-arg GIT_REV_ORION=${{ env.VERSION }} --secret id=repo_token,env=${{ secrets.REPO_ACCESS_TOKEN }} --no-cache -f docker/Dockerfile . - name: Push Docker image run: docker push telefonicaiot/fiware-orion:${{ env.VERSION }} diff --git a/docker/Dockerfile b/docker/Dockerfile index 463a4e3034..0b2ad28fa7 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -29,19 +29,17 @@ ARG GITHUB_REPOSITORY=fiware-orion ARG GIT_NAME ARG GIT_REV_ORION ARG CLEAN_DEV_TOOLS -ARG REPO_ACCESS_TOKEN ENV ORION_USER ${ORION_USER:-orion} ENV GIT_NAME ${GIT_NAME:-telefonicaid} ENV GIT_REV_ORION ${GIT_REV_ORION:-master} ENV CLEAN_DEV_TOOLS ${CLEAN_DEV_TOOLS:-1} -ENV REPO_ACCESS_TOKEN ${REPO_ACCESS_TOKEN:-""} SHELL ["/bin/bash", "-o", "pipefail", "-c"] WORKDIR /opt -RUN \ +RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ # Install security updates apt-get -y update && \ apt-get -y upgrade && \ @@ -104,7 +102,7 @@ RUN \ git clone https://github.com/${GIT_NAME}/fiware-orion && \ cd fiware-orion && \ git checkout ${GIT_REV_ORION} && \ - bash get_cjexl.sh 0.3.0 ${REPO_ACCESS_TOKEN} && \ + bash get_cjexl.sh 0.3.0 $(cat /run/secrets/repo_token) && \ make && \ make install && \ # reduce size of installed binaries diff --git a/docker/Dockerfile.alpine b/docker/Dockerfile.alpine index 736f2dbf3e..552b903108 100644 --- a/docker/Dockerfile.alpine +++ b/docker/Dockerfile.alpine @@ -32,19 +32,17 @@ ARG GITHUB_REPOSITORY=fiware-orion ARG GIT_NAME ARG GIT_REV_ORION ARG CLEAN_DEV_TOOLS -ARG REPO_ACCESS_TOKEN ENV ORION_USER ${ORION_USER:-orion} ENV GIT_NAME ${GIT_NAME:-telefonicaid} ENV GIT_REV_ORION ${GIT_REV_ORION:-master} ENV CLEAN_DEV_TOOLS ${CLEAN_DEV_TOOLS:-1} -ENV REPO_ACCESS_TOKEN ${REPO_ACCESS_TOKEN:-""} SHELL ["/bin/ash", "-o", "pipefail", "-c"] WORKDIR /opt -RUN \ +RUN --mount=type=secret,id=repo_token,dst=/run/secrets/repo_token \ # Install dependencies apk add --no-cache \ curl \ @@ -110,7 +108,7 @@ RUN \ git clone https://github.com/${GIT_NAME}/fiware-orion && \ cd fiware-orion && \ git checkout ${GIT_REV_ORION} && \ - bash get_cjexl.sh 0.3.0 ${REPO_ACCESS_TOKEN} && \ + bash get_cjexl.sh 0.3.0 $(cat /run/secrets/repo_token) && \ # patch bash and mktemp statement in build script, as in alpine is slightly different sed -i 's/mktemp \/tmp\/compileInfo.h.XXXX/mktemp/g' scripts/build/compileInfo.sh && \ sed -i 's/bash/ash/g' scripts/build/compileInfo.sh && \