Skip to content

Commit cbf1922

Browse files
bthomeebthomee
authored
Add tools image for .deb and .rpm signing (#76)
Adding the ability to sign the .deb and .rpm packages to the CI builder images is problematic for RHEL. Since it actually isn't necessary to use the same image to sign a package created by a particular image, this PR adds the signing packages to a new "tools" image. As an added bonus, it cleans up the documentation image by adding the `--no-install-recommends` flag.
1 parent a8c7be1 commit cbf1922

File tree

3 files changed

+43
-1
lines changed

3 files changed

+43
-1
lines changed

.github/workflows/tools-rippled.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ jobs:
4444
tool:
4545
- documentation
4646
- pre-commit
47+
- signing
4748
runs-on: ${{ matrix.architecture.runner }}
4849
permissions:
4950
packages: write
@@ -128,6 +129,7 @@ jobs:
128129
tool:
129130
- documentation
130131
- pre-commit
132+
- signing
131133
runs-on: ubuntu-24.04
132134
needs:
133135
- build

docker/tools-rippled/Dockerfile

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -113,8 +113,30 @@ ENV CXX=/usr/bin/g++
113113
ARG DOXYGEN_VERSION
114114
ARG GRAPHVIZ_VERSION
115115
RUN <<EOF
116+
pkgs=()
117+
pkgs+=(doxygen=${DOXYGEN_VERSION})
118+
pkgs+=(graphviz=${GRAPHVIZ_VERSION})
119+
apt-get update
120+
apt-get install -y --no-install-recommends "${pkgs[@]}"
121+
apt-get clean
122+
rm -rf /var/lib/apt/lists/*
123+
EOF
124+
125+
ENV HOME=/root
126+
WORKDIR ${HOME}
127+
128+
# ====================== SIGNING IMAGE ======================
129+
# Note, we do not install a compiler here.
130+
131+
FROM base AS signing
132+
133+
# This is not inherited from base image.
134+
ARG DEBIAN_FRONTEND=noninteractive
135+
136+
# Install tools to sign the .deb and .rpm installers containing our binary.
137+
RUN <<EOF
116138
apt-get update
117-
apt-get install -y doxygen=${DOXYGEN_VERSION} graphviz=${GRAPHVIZ_VERSION}
139+
apt-get install -y --no-install-recommends rpm
118140
apt-get clean
119141
rm -rf /var/lib/apt/lists/*
120142
EOF

docker/tools-rippled/README.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,6 +69,24 @@ docker buildx build . \
6969
--tag ${CONTAINER_IMAGE}
7070
```
7171

72+
#### Building the Docker image for signing
73+
74+
In order to build an image, run the commands below from the root directory of
75+
the repository.
76+
77+
```shell
78+
UBUNTU_VERSION=noble
79+
CONTAINER_IMAGE=ghcr.io/xrplf/ci/tools-rippled-signing:latest
80+
81+
docker buildx build . \
82+
--file docker/tools-rippled/Dockerfile \
83+
--target signing \
84+
--build-arg BUILDKIT_DOCKERFILE_CHECK=skip=InvalidDefaultArgInFrom \
85+
--build-arg BUILDKIT_INLINE_CACHE=1 \
86+
--build-arg UBUNTU_VERSION=${UBUNTU_VERSION} \
87+
--tag ${CONTAINER_IMAGE}
88+
```
89+
7290
### Pushing the Docker image
7391

7492
#### Logging into the GitHub registry

0 commit comments

Comments
 (0)