mirror of https://github.com/coder/coder.git
chore(dogfood): fix dogfood image (#7603)
* chore(dogfood): update keys, add script to do so * chore(dogfood): fix urls in Dockerfile * fmt
This commit is contained in:
parent
e375169ac0
commit
a29c4c543d
|
@ -226,7 +226,7 @@ ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \
|
|||
|
||||
# cloud_sql_proxy, for connecting to cloudsql instances
|
||||
# the upstream go.mod prevents this from being installed with go install
|
||||
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \
|
||||
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \
|
||||
chmod a=rx /usr/local/bin/cloud_sql_proxy && \
|
||||
# dive for scanning image layer utilization metrics in CI
|
||||
curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
|
||||
|
@ -246,8 +246,7 @@ RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_prox
|
|||
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
|
||||
# kube-linter for linting Kubernetes objects, including those
|
||||
# that Helm generates from our charts
|
||||
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
|
||||
tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
|
||||
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \
|
||||
# kubens and kubectx for managing Kubernetes namespaces and contexts
|
||||
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
|
||||
tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,62 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
PROJECT_ROOT="$(git rev-parse --show-toplevel)"
|
||||
|
||||
curl_flags=(
|
||||
--silent
|
||||
--show-error
|
||||
--location
|
||||
)
|
||||
|
||||
gpg_flags=(
|
||||
--dearmor
|
||||
--yes
|
||||
)
|
||||
|
||||
pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings"
|
||||
# Upstream Docker signing key
|
||||
curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" |
|
||||
gpg "${gpg_flags[@]}" --output="docker.gpg"
|
||||
|
||||
# Google Cloud signing key
|
||||
curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" |
|
||||
gpg "${gpg_flags[@]}" --output="google-cloud.gpg"
|
||||
|
||||
# Google Linux Software repository signing key (Chrome)
|
||||
curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" |
|
||||
gpg "${gpg_flags[@]}" --output="google-chrome.gpg"
|
||||
|
||||
# Microsoft repository signing key (Edge)
|
||||
curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" |
|
||||
gpg "${gpg_flags[@]}" --output="microsoft.gpg"
|
||||
|
||||
# Upstream PostgreSQL signing key
|
||||
curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" |
|
||||
gpg "${gpg_flags[@]}" --output="postgresql.gpg"
|
||||
|
||||
# NodeSource signing key
|
||||
curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource.gpg.key" |
|
||||
gpg "${gpg_flags[@]}" --output="nodesource.gpg"
|
||||
|
||||
# Yarnpkg signing key
|
||||
curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" |
|
||||
gpg "${gpg_flags[@]}" --output="yarnpkg.gpg"
|
||||
|
||||
# Ansible PPA signing key
|
||||
curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" |
|
||||
gpg "${gpg_flags[@]}" --output="ansible.gpg"
|
||||
|
||||
# Neovim signing key
|
||||
curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" |
|
||||
gpg "${gpg_flags[@]}" --output="neovim.gpg"
|
||||
|
||||
# Hashicorp signing key
|
||||
curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" |
|
||||
gpg "${gpg_flags[@]}" --output="hashicorp.gpg"
|
||||
|
||||
# GitHub CLI signing key
|
||||
curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" |
|
||||
gpg "${gpg_flags[@]}" --output="github-cli.gpg"
|
||||
popd
|
Loading…
Reference in New Issue