Skip to content
Snippets Groups Projects
Commit 7bcfd4b3 authored by Graeme Gillies's avatar Graeme Gillies
Browse files

fix: goreleaser fips mode docker login cred passing 

Part of https://gitlab.com/gitlab-com/gl-infra/gitlab-dedicated/team/-/issues/1312

Unfortunately due to the way permissons and volumes work in our CI Setup, it's best
if we use `docker login` inside the goreleaser container, and to do that we need to
pass a json file in a specific structure they require into the container.

As described at https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41227#note_52029664
we have to pass this file somewhere under `/builds`. However, it can't be in the current working directory,
otherwise goreleaser complains about Git being in a dirty state (extra files not in Git)
https://goreleaser.com/errors/dirty/.
parent e9d95159
No related branches found
No related tags found
No related merge requests found
Pipeline #15446233 passed
Stage: validate
Hide whitespace changes
Inline Side-by-side
Showing
with 14 additions and 7 deletions
goreleaser.yml
+ 14
7
View file @ 7bcfd4b3
@@ -69,9 +69,6 @@ goreleaser-fips:
services:
- docker:dind
variables:
DOCKER_REGISTRY: $CI_REGISTRY
DOCKER_USERNAME: $CI_REGISTRY_USER
DOCKER_PASSWORD: $CI_REGISTRY_PASSWORD
GIT_DEPTH: 0
 
rules:
@@ -85,16 +82,26 @@ goreleaser-fips:
----------------------------------------------------------
Running go-releaser in fips mode
EOD
echo "$CI_REGISTRY_PASSWORD" | docker login "$CI_REGISTRY" -u "$CI_REGISTRY_USER" --password-stdin
mkdir -p /builds/shared
cat > /builds/shared/docker-creds.json <<-EOF
{
"registries": [
{
"user": "$CI_REGISTRY_USER",
"pass": "$CI_REGISTRY_PASSWORD",
"registry": "$CI_REGISTRY"
}
]
}
EOF
docker run --rm --privileged \
-v $PWD:$PWD \
-w $PWD \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $HOME/.docker/config.json:/root/.docker/config.json \
-e DOCKER_USERNAME -e DOCKER_PASSWORD -e DOCKER_REGISTRY \
-v /builds/shared/docker-creds.json:/docker-creds.json \
-e GITLAB_TOKEN -e CI_REGISTRY_IMAGE \
-e CI_SERVER_URL \
-e GL_ASDF_GORELEASER_VERSION \
-e DOCKER_CREDS_FILE=/docker-creds.json \
${GORELEASER_DOCKER_EXTRA_ARGS:-} \
goreleaser/goreleaser-cross:v${GL_ASDF_GOLANG_VERSION}-v${GL_ASDF_GORELEASER_VERSION} release --rm-dist ${GORELEASER_EXTRA_ARGS:-}
after_script: |
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment