From dc61186b30c6198fa7f95007b584897a8534aef1 Mon Sep 17 00:00:00 2001 From: David Young Date: Wed, 1 Jul 2020 10:56:41 +1000 Subject: [PATCH 1/2] Restrict sensitive RedHat variables to RedHat containers --- .../repos/test-linux-package-from-feed-in-dists.sh | 8 +++++++- BuildAssets/test-linux-package-in-dists.sh | 8 +++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh b/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh index 29bafd37ea..91ff707b91 100755 --- a/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh +++ b/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh @@ -23,6 +23,12 @@ SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" for DOCKER_IMAGE in $(cat "$LPF_PATH/test-env-docker-images.conf" | grep -o '^[^#]*' | tr -d '\r') do + if [[ "$DOCKER_IMAGE" == *RHEL* ]]; then + RHEL_OPTS='--env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD' + else + RHEL_OPTS='' + fi + echo "== Testing in '$DOCKER_IMAGE' ==" docker pull "$DOCKER_IMAGE" >/dev/null || exit docker run --rm \ @@ -31,6 +37,6 @@ do --volume "$(realpath "$LPF_PATH"):/opt/linux-package-feeds" \ --env PUBLISH_LINUX_EXTERNAL \ --env OCTOPUS_CLI_SERVER --env OCTOPUS_CLI_API_KEY --env OCTOPUS_SPACE --env OCTOPUS_EXPECT_ENV \ - --env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD \ + $RHEL_OPTS \ "$DOCKER_IMAGE" bash -c 'cd /working && bash /test-linux-package-from-feed.sh' || exit done diff --git a/BuildAssets/test-linux-package-in-dists.sh b/BuildAssets/test-linux-package-in-dists.sh index 7eacd35e8a..ad57d3a069 100755 --- a/BuildAssets/test-linux-package-in-dists.sh +++ b/BuildAssets/test-linux-package-in-dists.sh @@ -23,6 +23,12 @@ SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" for DOCKER_IMAGE in $(cat "$LPF_PATH/test-env-docker-images.conf" | grep -o '^[^#]*' | tr -d '\r') do + if [[ "$DOCKER_IMAGE" == *RHEL* ]]; then + RHEL_OPTS='--env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD' + else + RHEL_OPTS='' + fi + echo "== Testing in '$DOCKER_IMAGE' ==" docker pull "$DOCKER_IMAGE" >/dev/null || exit docker run --rm \ @@ -30,6 +36,6 @@ do --volume "$(pwd):/working" --volume "$SCRIPT_DIR/test-linux-package.sh:/test-linux-package.sh" \ --volume "$(realpath "$LPF_PATH"):/opt/linux-package-feeds" \ --env OCTOPUS_CLI_SERVER --env OCTOPUS_CLI_API_KEY --env OCTOPUS_SPACE --env OCTOPUS_EXPECT_ENV \ - --env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD \ + $RHEL_OPTS \ "$DOCKER_IMAGE" bash -c 'cd /working && bash /test-linux-package.sh' || exit done From a02493169876895d6a55febc4cf4593e7edb0c2f Mon Sep 17 00:00:00 2001 From: David Young Date: Wed, 1 Jul 2020 11:23:00 +1000 Subject: [PATCH 2/2] Restrict sensitive RedHat variables to RedHat containers --- BuildAssets/repos/test-linux-package-from-feed-in-dists.sh | 2 +- BuildAssets/test-linux-package-in-dists.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh b/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh index 91ff707b91..5d9e1ebdcb 100755 --- a/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh +++ b/BuildAssets/repos/test-linux-package-from-feed-in-dists.sh @@ -23,7 +23,7 @@ SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" for DOCKER_IMAGE in $(cat "$LPF_PATH/test-env-docker-images.conf" | grep -o '^[^#]*' | tr -d '\r') do - if [[ "$DOCKER_IMAGE" == *RHEL* ]]; then + if [[ "$DOCKER_IMAGE" == *rhel* ]]; then RHEL_OPTS='--env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD' else RHEL_OPTS='' diff --git a/BuildAssets/test-linux-package-in-dists.sh b/BuildAssets/test-linux-package-in-dists.sh index ad57d3a069..bc17475255 100755 --- a/BuildAssets/test-linux-package-in-dists.sh +++ b/BuildAssets/test-linux-package-in-dists.sh @@ -23,7 +23,7 @@ SCRIPT_DIR="$(dirname "$(realpath "${BASH_SOURCE[0]}")")" for DOCKER_IMAGE in $(cat "$LPF_PATH/test-env-docker-images.conf" | grep -o '^[^#]*' | tr -d '\r') do - if [[ "$DOCKER_IMAGE" == *RHEL* ]]; then + if [[ "$DOCKER_IMAGE" == *rhel* ]]; then RHEL_OPTS='--env REDHAT_SUBSCRIPTION_USERNAME --env REDHAT_SUBSCRIPTION_PASSWORD' else RHEL_OPTS=''