diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml index 6cc1a8b2..8fc7797b 100644 --- a/.github/workflows/build_image.yml +++ b/.github/workflows/build_image.yml @@ -6,7 +6,6 @@ on: push: paths: - 'odysseus/Dockerfile' - - 'odysseus/compose.yml' # Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. env: @@ -47,7 +46,7 @@ jobs: ODY_TPU_ROOT_PASSWORD: ${{ secrets.ODY_TPU_ROOT_PASSWORD }} ODY_IROH_ROOT_PASSWORD: ${{ secrets.ODY_IROH_ROOT_PASSWORD }} MASTER_PASSWORD: ${{ secrets.ODY_MASTER_PASSWORD }} - run: for i in ODY_AP_ROOT_PASSWORD ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD; do echo "$i=${!i}" >> PASSWORDS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --cipher-algo AES256 PASSWORDS.env + run: for i in ODY_AP_ROOT_PASSWORD ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD; do echo "$i=${!i}" >> SECRETS.env; done && gpg --batch --symmetric --passphrase "$MASTER_PASSWORD" --cipher-algo AES256 SECRETS.env # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. diff --git a/odysseus/Dockerfile b/odysseus/Dockerfile index 09c0f88e..5ed38e7a 100644 --- a/odysseus/Dockerfile +++ b/odysseus/Dockerfile @@ -37,13 +37,14 @@ RUN apt-get install -y \ # add all buildroot files there WORKDIR /home/odysseus/build -RUN git clone https://gitlab.com/buildroot.org/buildroot.git && cd ./buildroot && git checkout 96d0d677790e659b822761b50561b0316b4abf43 +RUN git clone https://gitlab.com/buildroot.org/buildroot.git && cd ./buildroot && git checkout 2024.02 WORKDIR /home/odysseus/outputs/ COPY ./docker_scripts /home/odysseus/scripts RUN echo "source /home/odysseus/scripts/setup_env.sh" >> ~/.bashrc -COPY ./PASSWORDS.env.gpg /home/odysseus/ +# install password using wildcard so failures arent deadly +COPY ./SECRETS.env.* /home/odysseus/ ENTRYPOINT "/bin/bash" diff --git a/odysseus/compose.yml b/odysseus/compose.yml index c76cd5ab..4ccccc50 100644 --- a/odysseus/compose.yml +++ b/odysseus/compose.yml @@ -19,6 +19,9 @@ services: environment: - BR2_DL_DIR=/home/odysseus/shared_data/dl - BR2_CCACHE_DIR=/home/odysseus/shared_data/ccache + - ODY_TPU_ROOT_PASSWORD=password + - ODY_IROH_ROOT_PASSWORD=password + - ODY_AP_ROOT_PASSWORD=password volumes: shared_data: diff --git a/odysseus/docker_scripts/load-secrets.sh b/odysseus/docker_scripts/load-secrets.sh new file mode 100755 index 00000000..cd93ca3c --- /dev/null +++ b/odysseus/docker_scripts/load-secrets.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +eval "$(gpg -d --cipher-algo AES256 /home/odysseus/PASSWORDS.env.gpg)" diff --git a/odysseus/docker_scripts/setup_env.sh b/odysseus/docker_scripts/setup_env.sh index 50f69422..57294d88 100755 --- a/odysseus/docker_scripts/setup_env.sh +++ b/odysseus/docker_scripts/setup_env.sh @@ -1,9 +1,7 @@ #!/bin/bash alias make-current="/home/odysseus/scripts/make-current.sh" - -# for password exposure to defconfigs -set -o allexport && source /run/secrets/ody_passwords && set +o allexport +alias load-secrets="/home/odysseus/scripts/load-secrets.sh" # for each defconfig make output subdirectory make -C /home/odysseus/build/buildroot O=/home/odysseus/outputs/tpu BR2_EXTERNAL=/home/odysseus/build/odysseus_tree raspberrypi4_64_tpu_defconfig