zuul/zuul-jobs
Code Issues Proposed changes

Merge "Install ca-certificates in the buildx image"

Browse Source
This commit is contained in:
corvus.admin
2025-02-12 17:01:03 +00:00
committed by Gerrit Code Review
parent d35a1cf07b 74215c43e7
commit f8ef1a6866
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
roles/build-container-image/tasks/setup-buildx.yaml
View File

@@ -2,6 +2,10 @@
command: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes command: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
when: ansible_architecture == 'x86_64' when: ansible_architecture == 'x86_64'
# TODO(clarkb) Use buildkitd.toml configuration to add certifications. That
# may allow us to drop the ca-certificates install and update-ca-certificates
# step below. More info here:
# https://docs.docker.com/reference/cli/docker/buildx/create/#buildkitd-config
- name: Create builder - name: Create builder
command: "docker buildx create --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %}" command: "docker buildx create --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %}"
when: inventory_hostname == ansible_play_hosts[0] when: inventory_hostname == ansible_play_hosts[0]
@@ -37,6 +41,10 @@
mode: preserve mode: preserve
when: buildset_registry is defined and buildset_registry.cert when: buildset_registry is defined and buildset_registry.cert
- name: Install CA certs in worker container
command: "docker exec buildx_buildkit_{{ inventory_hostname | replace('-', '_') }} apk add --no-cache ca-certificates"
when: buildset_registry is defined and buildset_registry.cert
- name: Copy buildset registry TLS cert into worker container - name: Copy buildset registry TLS cert into worker container
command: "docker cp {{ buildkit_cert_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/usr/local/share/ca-certificates" command: "docker cp {{ buildkit_cert_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/usr/local/share/ca-certificates"
when: buildset_registry is defined and buildset_registry.cert when: buildset_registry is defined and buildset_registry.cert

8
roles/build-docker-image/tasks/setup-buildx.yaml
View File

@@ -4,6 +4,10 @@
DOCKER_CLI_EXPERIMENTAL: enabled DOCKER_CLI_EXPERIMENTAL: enabled
when: ansible_architecture == 'x86_64' when: ansible_architecture == 'x86_64'
# TODO(clarkb) Use buildkitd.toml configuration to add certifications. That
# may allow us to drop the ca-certificates install and update-ca-certificates
# step below. More info here:
# https://docs.docker.com/reference/cli/docker/buildx/create/#buildkitd-config
- name: Create builder - name: Create builder
command: "docker buildx create --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %}" command: "docker buildx create --name mybuilder --node {{ inventory_hostname | replace('-', '_') }} --driver-opt network=host{% if buildset_registry is defined %} --config /etc/buildkit/buildkitd.toml {% endif %}"
environment: environment:
@@ -47,6 +51,10 @@
mode: preserve mode: preserve
when: buildset_registry is defined and buildset_registry.cert when: buildset_registry is defined and buildset_registry.cert
- name: Install CA certs in worker container
command: "docker exec buildx_buildkit_{{ inventory_hostname | replace('-', '_') }} apk add --no-cache ca-certificates"
when: buildset_registry is defined and buildset_registry.cert
- name: Copy buildset registry TLS cert into worker container - name: Copy buildset registry TLS cert into worker container
command: "docker cp {{ buildkit_cert_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/usr/local/share/ca-certificates" command: "docker cp {{ buildkit_cert_tmp.path }} buildx_buildkit_{{ inventory_hostname | replace('-', '_') }}:/usr/local/share/ca-certificates"
when: buildset_registry is defined and buildset_registry.cert when: buildset_registry is defined and buildset_registry.cert