From 63e26db3761177e98718e33d0ead320033882a98 Mon Sep 17 00:00:00 2001
From: Jack Rubacha <rubacha.jack03@gmail.com>
Date: Fri, 15 Mar 2024 23:57:46 -0400
Subject: [PATCH] try secrets

---
 .github/workflows/build_image.yml | 11 +++++++++++
 odysseus/Dockerfile               |  2 ++
 odysseus/compose.yml              |  3 ++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build_image.yml b/.github/workflows/build_image.yml
index f6b43fe9..a2a34bd0 100644
--- a/.github/workflows/build_image.yml
+++ b/.github/workflows/build_image.yml
@@ -38,6 +38,17 @@ jobs:
         uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          
+      - name: Encrypt and inject passwords
+        shell: bash
+        with:
+            context: ./odysseus
+        env:
+            - ODY_AP_ROOT_PASSWORD: ${{ secrets.ODY_AP_ROOT_PASSWORD }}
+            - ODY_TPU_ROOT_PASSWORD: ${{ secrets.ODY_TPU_ROOT_PASSWORD }}
+            - ODY_IROH_ROOT_PASSWORD: ${{ secrets.ODY_IROH_ROOT_PASSWORD }}
+            - MASTER_PASSWORD: ${{ secrets.ODY_MASTER_PASSWORD }}
+        run:  for i in ODY_AP_ROOT_PASSWORD  ODY_TPU_ROOT_PASSWORD ODY_IROH_ROOT_PASSWORD; do echo "$i=${!i}" >> PASSWORDS.env; done && gpg --symmetric --passphrase "$MASTER_PASSWORD" --cipher-algo AES256 PASSWORDS.env
       # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
       # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
       # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
diff --git a/odysseus/Dockerfile b/odysseus/Dockerfile
index 23f1868c..09c0f88e 100644
--- a/odysseus/Dockerfile
+++ b/odysseus/Dockerfile
@@ -44,4 +44,6 @@ WORKDIR /home/odysseus/outputs/
 COPY ./docker_scripts /home/odysseus/scripts
 RUN echo "source /home/odysseus/scripts/setup_env.sh" >> ~/.bashrc
 
+COPY ./PASSWORDS.env.gpg /home/odysseus/
+
 ENTRYPOINT "/bin/bash"
diff --git a/odysseus/compose.yml b/odysseus/compose.yml
index 5b3b46cf..aa961332 100644
--- a/odysseus/compose.yml
+++ b/odysseus/compose.yml
@@ -2,9 +2,11 @@ version: "3.8"
 services:
     odysseus:
         build: .
+        image: ghcr.io/northeastern-electric-racing/odysseus:52-root-secrets
         command: /bin/bash
         privileged: true
         tty: true
+        stdin_open: true
         # for fakeroot failure
         ulimits:
           nofile:
@@ -23,4 +25,3 @@ volumes:
         labels:
             com.northeastern_electric_racing.description: "Shared output between buildroot runs"
 
-