-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RHEL PoC #991
base: master
Are you sure you want to change the base?
RHEL PoC #991
Conversation
@@ -1,30 +0,0 @@ | |||
# syntax=docker/dockerfile:1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This one may be in use by IBM?
RUN subscription-manager register --username=$RH_USER --password=$RH_PASS | ||
RUN subscription-manager repos --enable codeready-builder-for-rhel-8-$(arch)-rpms |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Didn't this produce a subscription-file, so something we could run in CI, and --mount
? Passing these as argument means they leak into the image produced (and build-cache).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is somewhat intentional for now; the cleanup step is "manual" (read: a cron job elsewhere) as a stopgap while I work on lifecycle robustness. That being said, I hadn't considered build cache issues since we don't actually clean the cache on the Jenkins nodes, as best I can tell...
Given that, maybe it would be better to use fixed certificates; this is somewhat messier (mostly for containerd-packaging) and introduces the manual update process/point of failure, but I can mock it up as an alternative (and it does obviate the runtime lifecycle issues).
af4d718
to
2bb1964
Compare
ARG RH_USER | ||
ARG RH_PASS | ||
RUN rm /etc/rhsm-host | ||
RUN subscription-manager register --username=$RH_USER --password=$RH_PASS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should use RUN --mount=type=secret
to avoid leaking the password in the image history (although the image is never pushed to public)
98a8275
to
6485b2d
Compare
3739fa8
to
a1e3656
Compare
Rebased |
rebased |
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com> Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com> Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com> Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com> Signed-off-by: Bjorn Neergaard <bjorn.neergaard@docker.com> Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
This is a PoC for building RHEL packages assuming that a RHEL username/password is available in the environment.
This is mostly intended for internal use by Docker, as it is assumed that the main utility is performing builds with a 'real RHEL' for enterprise customers.
However, when a unencumbered RHEL-equivalent distribution (e.g. Rocky) is supported, it will make sense to generalize the 'rhel' infrastructure in this repo.