Commit 9c43f50c authored by Tomas Krizek's avatar Tomas Krizek Committed by Petr Špaček

job_manager: allow checking out security repo

parent f1013c29
FROM registry.labs.nic.cz/knot/respdiff/knot-resolver-buildenv
# first build stage, it will not persist in the final image
FROM registry.labs.nic.cz/knot/respdiff/knot-resolver-buildenv as intermediate
ARG SSH_PRIVATE_KEY
ARG GIT_SHA
MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
RUN mkdir /root/.ssh/
RUN echo "${SSH_PRIVATE_KEY}" > /root/.ssh/id_rsa
RUN chmod 0600 /root/.ssh/id_rsa
RUN touch /root/.ssh/known_hosts
RUN ssh-keyscan gitlab.labs.nic.cz >> /root/.ssh/known_hosts
RUN git clone --recursive -j8 https://gitlab.labs.nic.cz/knot/knot-resolver.git /var/opt/knot-resolver
RUN \
cd /var/opt/knot-resolver; \
git checkout $GIT_SHA || (\
cd /var/opt; \
rm -rf /var/opt/knot-resolver; \
git clone --recursive -j8 git@gitlab.labs.nic.cz:knot/knot-resolver-security.git /var/opt/knot-resolver; \
cd /var/opt/knot-resolver; \
git checkout $GIT_SHA)
# actual image
FROM registry.labs.nic.cz/knot/respdiff/knot-resolver-buildenv
MAINTAINER Knot Resolver <knot-resolver@labs.nic.cz>
COPY --from=intermediate /var/opt/knot-resolver /var/opt/knot-resolver
WORKDIR /var/opt/knot-resolver
RUN git checkout $GIT_SHA
RUN mkdir .install
RUN make PREFIX=/var/opt/knot-resolver/.install LDFLAGS="-Wl,-rpath=/var/opt/knot-resolver/.install/lib"
RUN make install PREFIX=/var/opt/knot-resolver/.install
......
......@@ -10,6 +10,7 @@ services:
context: ./docker-knot-resolver
args:
GIT_SHA: {{ git_sha }}
SSH_PRIVATE_KEY: ${SSH_PRIVATE_KEY}
image: knot-resolver:{{ git_sha }}
volumes:
- "./{{ name }}.conf:/etc/knot-resolver/kresd.conf:ro"
......
......@@ -60,6 +60,12 @@ trap cleanup ERR EXIT
# Get database
wget --quiet -O {{ database['dest'] }} {{ database['url'] }}
# Prepare ssh key for knot-resolver-security
set +o xtrace
SSH_PRIVATE_KEY=$(cat </home/respdiff/.ssh/knot_resolver_security.id_rsa || :)
export SSH_PRIVATE_KEY
set -o xtrace
# Attempt to build containers (to have stdout/err logs in case of failure)
time docker-compose up --no-start
# Start and wait for resolvers to be available
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment