Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit a29c4c5

Browse files
johnstcnjohnstcn
authored
chore(dogfood): fix dogfood image (coder#7603)
* chore(dogfood): update keys, add script to do so * chore(dogfood): fix urls in Dockerfile * fmt
1 parent e375169 commit a29c4c5

13 files changed

+64
-3
lines changed

dogfood/Dockerfile

+2-3
Original file line numberDiff line numberDiff line change
@@ -226,7 +226,7 @@ ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \
226226

227227
# cloud_sql_proxy, for connecting to cloudsql instances
228228
# the upstream go.mod prevents this from being installed with go install
229-
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \
229+
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \
230230
chmod a=rx /usr/local/bin/cloud_sql_proxy && \
231231
# dive for scanning image layer utilization metrics in CI
232232
curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
@@ -246,8 +246,7 @@ RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_prox
246246
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
247247
# kube-linter for linting Kubernetes objects, including those
248248
# that Helm generates from our charts
249-
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
250-
tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
249+
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \
251250
# kubens and kubectx for managing Kubernetes namespaces and contexts
252251
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
253252
tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \

dogfood/files/usr/share/keyrings/ansible.gpg

-852 Bytes
Binary file not shown.

dogfood/files/usr/share/keyrings/docker.gpg

-2.09 KB
Binary file not shown.

dogfood/files/usr/share/keyrings/github-cli.gpg

-860 Bytes
Binary file not shown.

dogfood/files/usr/share/keyrings/google-chrome.gpg

-5.27 KB
Binary file not shown.

dogfood/files/usr/share/keyrings/google-cloud.gpg

-909 Bytes
Binary file not shown.

dogfood/files/usr/share/keyrings/hashicorp.gpg

-2.15 KB
Binary file not shown.

dogfood/files/usr/share/keyrings/microsoft.gpg

-452 Bytes
Binary file not shown.

dogfood/files/usr/share/keyrings/neovim.gpg

-826 Bytes
Binary file not shown.

dogfood/files/usr/share/keyrings/nodesource.gpg

-1.72 KB
Binary file not shown.

dogfood/files/usr/share/keyrings/postgresql.gpg

-2.57 KB
Binary file not shown.

dogfood/files/usr/share/keyrings/yarnpkg.gpg

-8.02 KB
Binary file not shown.

dogfood/update-keys.sh

+62
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
#!/usr/bin/env bash
2+
3+
set -euo pipefail
4+
5+
PROJECT_ROOT="$(git rev-parse --show-toplevel)"
6+
7+
curl_flags=(
8+
--silent
9+
--show-error
10+
--location
11+
)
12+
13+
gpg_flags=(
14+
--dearmor
15+
--yes
16+
)
17+
18+
pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings"
19+
# Upstream Docker signing key
20+
curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" |
21+
gpg "${gpg_flags[@]}" --output="docker.gpg"
22+
23+
# Google Cloud signing key
24+
curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" |
25+
gpg "${gpg_flags[@]}" --output="google-cloud.gpg"
26+
27+
# Google Linux Software repository signing key (Chrome)
28+
curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" |
29+
gpg "${gpg_flags[@]}" --output="google-chrome.gpg"
30+
31+
# Microsoft repository signing key (Edge)
32+
curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" |
33+
gpg "${gpg_flags[@]}" --output="microsoft.gpg"
34+
35+
# Upstream PostgreSQL signing key
36+
curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" |
37+
gpg "${gpg_flags[@]}" --output="postgresql.gpg"
38+
39+
# NodeSource signing key
40+
curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" |
41+
gpg "${gpg_flags[@]}" --output="nodesource.gpg"
42+
43+
# Yarnpkg signing key
44+
curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" |
45+
gpg "${gpg_flags[@]}" --output="yarnpkg.gpg"
46+
47+
# Ansible PPA signing key
48+
curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" |
49+
gpg "${gpg_flags[@]}" --output="ansible.gpg"
50+
51+
# Neovim signing key
52+
curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" |
53+
gpg "${gpg_flags[@]}" --output="neovim.gpg"
54+
55+
# Hashicorp signing key
56+
curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" |
57+
gpg "${gpg_flags[@]}" --output="hashicorp.gpg"
58+
59+
# GitHub CLI signing key
60+
curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" |
61+
gpg "${gpg_flags[@]}" --output="github-cli.gpg"
62+
popd

0 commit comments

Comments
 (0)