Skip to content

Commit

Permalink
Enable users to be able to provide their own config.toml
Browse files Browse the repository at this point in the history
This removes the default configuration (which also removes a default
user and password from being injected into all images), instead
deferring to the config.toml which is present in the source repository.

Signed-off-by: arewm <[email protected]>
  • Loading branch information
arewm committed Jul 17, 2024
1 parent a326151 commit 9a09a89
Showing 1 changed file with 10 additions and 7 deletions.
17 changes: 10 additions & 7 deletions task/build-vm-image/0.1/build-vm-image.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,10 @@ spec:
default: bib.yaml
type: string
description: The config file specifying what to build and the builder to build it with
- name: CONFIG_TOML_FILE
default: "config.toml"
type: string
description: The name of the config.toml file within the source repository's root
- default: etc-pki-entitlement
description: Name of secret which contains the entitlement certificates
name: ENTITLEMENT_SECRET
Expand All @@ -45,6 +49,8 @@ spec:
value: $(params.OUTPUT_IMAGE)
- name: BIB_CONFIG_FILE
value: $(params.BIB_CONFIG_FILE)
- name: CONFIG_TOML_FILE
value: $(params.CONFIG_TOML_FILE)
- name: IMAGE_TYPE
value: $(params.IMAGE_TYPE)
- name: ENTITLEMENT_SECRET
Expand Down Expand Up @@ -148,6 +154,9 @@ spec:
echo "$BUILD_DIR"
ssh -v $SSH_ARGS "$SSH_HOST" mkdir -p "$BUILD_DIR/workspaces" "$BUILD_DIR/scripts" "$BUILD_DIR/tmp" "$BUILD_DIR/tekton-results" "$BUILD_DIR/entitlement"
# ensure that a config toml file is present in case one is not provided
touch /var/workdir/source/$CONFIG_TOML_FILE
rsync -ra "/var/workdir/source/$CONFIG_TOML_FILE" "$SSH_HOST:$BUILD_DIR/config.toml"
rsync -ra "$HOME/.docker/" "$SSH_HOST:$BUILD_DIR/.docker/"
rsync -ra /entitlement/ "$SSH_HOST:$BUILD_DIR/entitlement/"
Expand Down Expand Up @@ -175,12 +184,6 @@ spec:
# this quoted heredoc prevents expansions and command substitutions. the env vars are evaluated on the remote vm
cat >>scripts/script-build.sh <<'REMOTESSHEOF'
echo >config.toml <<EOF
[[blueprint.customizations.user]]
name = "user"
password = "pass"
groups = ["wheel"]
EOF
mkdir output
echo "PULLING BUILDER IMAGE"
Expand All @@ -193,7 +196,7 @@ spec:
echo -e "IMAGE_TYPE_ARGUMENT = $IMAGE_TYPE_ARGUMENT"
time sudo podman run --authfile=$BUILD_DIR/.docker/config.json --rm -it --privileged --pull=newer --security-opt label=type:unconfined_t \
-v $(pwd)/config.toml:/config.toml -v $(pwd)/output:/output \
-v $BUILD_DIR/config.toml:/config.toml -v $(pwd)/output:/output \
-v /var/lib/containers/storage:/var/lib/containers/storage \
-v $BUILD_DIR/entitlement:/etc/pki/entitlement:Z \
$BOOTC_BUILDER_IMAGE $IMAGE_TYPE_ARGUMENT --local $TAGGED_AS
Expand Down

0 comments on commit 9a09a89

Please sign in to comment.