Skip to content

Commit aee39ef

Browse files
Fix docker image upload (#63)
* Fix docker image upload The previous way of uploading images to dockerhub exposed our password. Prevent this from happening by using a separate script instead of calling skopeo directly. Co-authored-by: Zhenya Vinogradov <zhenyavinogradov@gmail.com>
1 parent f8fb8b5 commit aee39ef

2 files changed

Lines changed: 9 additions & 2 deletions

File tree

.buildkite/pipeline.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -25,12 +25,12 @@ steps:
2525
branches: master
2626
- command:
2727
- nix-build docker
28-
- nix run -f ci.nix pkgs.skopeo -c skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:latest"
28+
- nix run -f ci.nix pkgs.skopeo -c ./scripts/upload-docker-image.sh "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:latest"
2929
label: Push to dockerhub
3030
branches: master
3131
- command:
3232
- nix-build docker
33-
- nix run -f ci.nix pkgs.skopeo -c skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:${BUILDKITE_BRANCH}"
33+
- nix run -f ci.nix pkgs.skopeo -c ./scripts/upload-docker-image.sh "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:${BUILDKITE_BRANCH}"
3434
label: Push release to dockerhub
3535
if: |
3636
build.branch =~ /^v[0-9]+.*/

scripts/upload-docker-image.sh

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
#!/usr/bin/env bash
2+
3+
# SPDX-FileCopyrightText: 2021 Serokell <https://serokell.io>
4+
#
5+
# SPDX-License-Identifier: MPL-2.0
6+
7+
skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "$1" "$2"

0 commit comments

Comments
 (0)