From a172596adced04436fbdf603c04473dfdbfcd140 Mon Sep 17 00:00:00 2001 From: nicole mazzuca Date: Tue, 19 Apr 2022 15:55:16 -0700 Subject: [PATCH 1/4] switch to acr for alpine --- azure-pipelines/vcpkg-alpine/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines/vcpkg-alpine/Dockerfile b/azure-pipelines/vcpkg-alpine/Dockerfile index e3c7d3717b..7f304d8831 100644 --- a/azure-pipelines/vcpkg-alpine/Dockerfile +++ b/azure-pipelines/vcpkg-alpine/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11 +FROM vcpkgdockercontainers.azurecr.io/vcpkg/alpine:3.11 RUN apk add alpine-sdk cmake ninja git curl tar gzip zip From 786af19ca42f1609a9f42292d7ac64980660c7d9 Mon Sep 17 00:00:00 2001 From: nicole mazzuca Date: Wed, 20 Apr 2022 11:33:07 -0700 Subject: [PATCH 2/4] add auth --- azure-pipelines/signing.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/azure-pipelines/signing.yml b/azure-pipelines/signing.yml index f9d308a645..d8b0004551 100644 --- a/azure-pipelines/signing.yml +++ b/azure-pipelines/signing.yml @@ -30,6 +30,11 @@ variables: - group: vcpkg-dependency-source-blobs - name: FMT_TARBALL_URL value: "$(fmt-tarball-url)" + - group: vcpkgdockercontainers-secrets + - name: AZURE_CONTAINER_REGISTRY_USERNAME + value: "$(vcpkgdockercontainers-pull-username)" + - name: AZURE_CONTAINER_REGISTRY_PASSWORD + value: "$(vcpkgdockercontainers-pull-password)" # If the user didn't override the signing type, then only real-sign on main. - ${{ if ne(parameters.SignTypeOverride, 'default') }}: - name: SignType @@ -243,6 +248,7 @@ jobs: inputs: failOnStderr: true script: | + docker login vcpkgdockercontainers.azurecr.io -u $AZURE_CONTAINER_REGISTRY_USERNAME -p $AZURE_CONTAINER_REGISTRY_PASSWORD docker build --build-arg "VCPKG_FMT_URL=$FMT_TARBALL_URL" -t vcpkg-muslc-image -f azure-pipelines/vcpkg-alpine/Dockerfile . docker create -ti --name vcpkg-muslc-container vcpkg-muslc-image sh docker cp vcpkg-muslc-container:/build/vcpkg "$(Build.ArtifactStagingDirectory)/vcpkg-muslc" From fd4aa0ea2f6c88892b14fabcd8c38ccbafd8688c Mon Sep 17 00:00:00 2001 From: nicole mazzuca Date: Wed, 20 Apr 2022 13:23:48 -0700 Subject: [PATCH 3/4] does this work? --- azure-pipelines/signing.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/azure-pipelines/signing.yml b/azure-pipelines/signing.yml index d8b0004551..0024b33b6b 100644 --- a/azure-pipelines/signing.yml +++ b/azure-pipelines/signing.yml @@ -248,7 +248,7 @@ jobs: inputs: failOnStderr: true script: | - docker login vcpkgdockercontainers.azurecr.io -u $AZURE_CONTAINER_REGISTRY_USERNAME -p $AZURE_CONTAINER_REGISTRY_PASSWORD + docker login vcpkgdockercontainers.azurecr.io -u $(AZURE_CONTAINER_REGISTRY_USERNAME) -p $(AZURE_CONTAINER_REGISTRY_PASSWORD) docker build --build-arg "VCPKG_FMT_URL=$FMT_TARBALL_URL" -t vcpkg-muslc-image -f azure-pipelines/vcpkg-alpine/Dockerfile . docker create -ti --name vcpkg-muslc-container vcpkg-muslc-image sh docker cp vcpkg-muslc-container:/build/vcpkg "$(Build.ArtifactStagingDirectory)/vcpkg-muslc" From f8bba29d55da608d18b66623fb1f9234ed3faf36 Mon Sep 17 00:00:00 2001 From: nicole mazzuca Date: Wed, 20 Apr 2022 13:42:54 -0700 Subject: [PATCH 4/4] don't fail on stderr "--password is insecure" - this is generally true in interactive situations, but in situations like this, --password is fine (nobody has access to the history) --- azure-pipelines/signing.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/azure-pipelines/signing.yml b/azure-pipelines/signing.yml index 0024b33b6b..d46d085832 100644 --- a/azure-pipelines/signing.yml +++ b/azure-pipelines/signing.yml @@ -246,14 +246,14 @@ jobs: - task: CmdLine@2 displayName: "Build vcpkg in Alpine" inputs: - failOnStderr: true + failOnStderr: false script: | - docker login vcpkgdockercontainers.azurecr.io -u $(AZURE_CONTAINER_REGISTRY_USERNAME) -p $(AZURE_CONTAINER_REGISTRY_PASSWORD) - docker build --build-arg "VCPKG_FMT_URL=$FMT_TARBALL_URL" -t vcpkg-muslc-image -f azure-pipelines/vcpkg-alpine/Dockerfile . - docker create -ti --name vcpkg-muslc-container vcpkg-muslc-image sh - docker cp vcpkg-muslc-container:/build/vcpkg "$(Build.ArtifactStagingDirectory)/vcpkg-muslc" - docker container rm vcpkg-muslc-container - docker image rm vcpkg-muslc-image + docker login vcpkgdockercontainers.azurecr.io -u $(AZURE_CONTAINER_REGISTRY_USERNAME) -p $(AZURE_CONTAINER_REGISTRY_PASSWORD) || exit 1 + docker build --build-arg "VCPKG_FMT_URL=$FMT_TARBALL_URL" -t vcpkg-muslc-image -f azure-pipelines/vcpkg-alpine/Dockerfile . || exit 1 + docker create -ti --name vcpkg-muslc-container vcpkg-muslc-image sh || exit 1 + docker cp vcpkg-muslc-container:/build/vcpkg "$(Build.ArtifactStagingDirectory)/vcpkg-muslc" || exit 1 + docker container rm vcpkg-muslc-container || exit 1 + docker image rm vcpkg-muslc-image || exit 1 - task: PublishBuildArtifacts@1 displayName: "Publish Unsigned muslc Binary" inputs: