zuul/zuul-jobs
Code Issues Proposed changes

Revert "Use --password-stdin for upload-container-image"

Browse Source 
This reverts commit 345c839db64f6ee1566fda07b6a706ee8ff7f0d9.

This is simpler, and we don't have to worry about the tempfile write
accidentally exposing secrets.  This is similar to the way we log in
in the promote job.

Change-Id: I2a0f34e0ea3abe88fe9f26d12298baf68f1a6b2d
This commit is contained in:
James E. Blair 2023-03-20 20:04:21 -07:00
parent 0c3b87f20e
commit cc0c655e5f
1 changed files with 2 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
roles/upload-container-image/tasks/push.yaml
View File

@ -1,22 +1,6 @@
- name: Create tempfile for password
tempfile:
state: file
register: _password_tmp
- name: Populate tempfile
copy:
content: "{{ container_registry_credentials[zj_image.registry].password }}"
dest: "{{ _password_tmp.path }}"
mode: 0600
- name: Log in to registry - name: Log in to registry
block: command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} -p {{ container_registry_credentials[zj_image.registry].password }} {{ zj_image.registry }}"
- name: Log in to registry no_log: true
shell: "cat {{ _password_tmp.path }} | {{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} --password-stdin {{ zj_image.registry }}"
always:
- name: Remove password from disk
command: "shred {{ _password_tmp.path }}"
- name: Publish images - name: Publish images
block: block: