Create common script to download LetsEncrypt CA in pipeline environments
This commit is contained in:
parent
8f0d37213b
commit
94abda3f1a
|
@ -0,0 +1,26 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
DESTDIR=/usr/local/share/ca-certificates
|
||||
UPDATE_CERTS_CMD=update-ca-certificates
|
||||
CERTS="$(cat <<EOF
|
||||
https://letsencrypt.org/certs/isrgrootx1.pem
|
||||
https://letsencrypt.org/certs/isrg-root-x2.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-r3.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
||||
EOF
|
||||
)"
|
||||
|
||||
cd "$DESTDIR"
|
||||
|
||||
for cert in $CERTS; do
|
||||
echo "Downloading '$cert'..."
|
||||
filename=$(basename "$cert")
|
||||
wget -O "$filename" "$cert"
|
||||
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||
done
|
||||
|
||||
$UPDATE_CERTS_CMD
|
|
@ -9,18 +9,8 @@ ARG TAMARIN_VERSION=develop
|
|||
|
||||
RUN apk add --no-cache git docker python3 bash openssl
|
||||
|
||||
ADD https://letsencrypt.org/certs/isrgrootx1.pem.txt /usr/local/share/ca-certificates/isrgrootx1.pem
|
||||
ADD https://letsencrypt.org/certs/isrg-root-x2.pem /usr/local/share/ca-certificates/isrg-root-x2.pem
|
||||
ADD https://letsencrypt.org/certs/trustid-x3-root.pem.txt /usr/local/share/ca-certificates/trustid-x3-root.pem
|
||||
ADD https://letsencrypt.org/certs/letsencryptauthorityx3.pem /usr/local/share/ca-certificates/letsencryptauthorityx3.pem
|
||||
|
||||
RUN cd /usr/local/share/ca-certificates \
|
||||
&& openssl x509 -in isrgrootx1.pem -inform PEM -out isrgrootx1.crt \
|
||||
&& openssl x509 -in trustid-x3-root.pem -inform PEM -out trustid-x3-root.crt \
|
||||
&& openssl x509 -in letsencryptauthorityx3.pem -inform PEM -out letsencryptauthorityx3.crt \
|
||||
&& openssl x509 -in isrg-root-x2.pem -inform PEM -out isrg-root-x2.crt
|
||||
|
||||
RUN update-ca-certificates
|
||||
COPY add-letsencrypt-ca.sh /usr/local/bin/add-letsencrypt-ca
|
||||
RUN chmod +x /usr/local/bin/add-letsencrypt-ca && /usr/local/bin/add-letsencrypt-ca
|
||||
|
||||
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
||||
&& cd /tamarin\
|
||||
|
|
|
@ -122,6 +122,9 @@ def buildDockerImage() {
|
|||
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
||||
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
||||
|
||||
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||
|
||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||
return docker.build("tamarin:${imageTag}", ".")
|
||||
|
|
Loading…
Reference in New Issue