Skip to content

Commit

Permalink
Enhancement: Bump sops to 3.9.0
Browse files Browse the repository at this point in the history
  • Loading branch information
@leojonathanoh
leojonathanoh committed Jul 20, 2024
1 parent f49b74e commit 744c69a
Show file tree
Hide file tree
Showing 20 changed files with 704 additions and 56 deletions.
25 changes: 25 additions & 0 deletions generate/functions/Checksums.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Global cache for checksums
function Set-Checksums($k, $url) {
$global:CHECKSUMS = if (Get-Variable -Scope Global -Name CHECKSUMS -ErrorAction SilentlyContinue) { $global:CHECKSUMS } else { @{} }
$global:CHECKSUMS[$k] = if ($global:CHECKSUMS[$k]) { $global:CHECKSUMS[$k] } else {
$r = Invoke-WebRequest $url
$c = if ($r.headers['Content-Type'] -eq 'text/plain') { $r.Content } else { [System.Text.Encoding]::UTF8.GetString($r.Content) }
$c -split "`n"
}
}
function Get-ChecksumsFile ($k, $keyword) {
$file = $global:CHECKSUMS[$k] | ? { $_ -match $keyword } | % { $_ -split "\s" } | Select-Object -Last 1 | % { $_.TrimStart('*') }
if ($file) {
$file
}else {
"No file among $k checksums matching regex: $keyword" | Write-Warning
}
}
function Get-ChecksumsSha ($k, $keyword) {
$sha = $global:CHECKSUMS[$k] | ? { $_ -match $keyword } | % { $_ -split "\s" } | Select-Object -First 1
if ($sha) {
$sha
}else {
"No sha among $k checksums matching regex: $keyword" | Write-Warning
}
}
173 changes: 173 additions & 0 deletions generate/functions/Generate-DownloadBinary.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
# Version 0.1.0
function Generate-DownloadBinary ($o) {
Set-StrictMode -Version Latest

$checksumsKey = "$( $o['binary'] )-$( $o['version'] )"
$files = [ordered]@{}
if ($o['checksumsUrl']) {
Set-Checksums $checksumsKey $o['checksumsUrl']
}else {
$release = Invoke-RestMethod "https://api.github.com/repos/$( $o['repository'] )/releases/tags/$( $o['version'] )"
$releaseAssetsFiles = $release.assets | ? { $_.name -match [regex]::Escape($o['binary']) -and $_.name -notmatch '\.sha\d+$' }
foreach ($f in $releaseAssetsFiles ) {
$sha = & {
$shaF = $release.assets | ? { $_.name -eq "$( $f.name ).sha256" -or $_ -eq "$( $f.name ).sha512" }
$r = Invoke-WebRequest $shaF.browser_download_url
$c = if ($r.headers['Content-Type'] -eq 'text/plain') { $r.Content } else { [System.Text.Encoding]::UTF8.GetString($r.Content) }
$c = $c.Trim() -replace '^([a-fA-F0-9]+) .+', '$1' # The checksum is the first column
$c
}
$files[$f.name] = $sha
}
}
$shellVariable = "$( $o['binary'].ToUpper() -replace '[^A-Za-z0-9_]', '_' )_VERSION"
@"
# Install $( $o['binary'] )
RUN set -eux; \
$shellVariable=$( $o['version'] ); \
case "`$( uname -m )" in \
"@

$o['architectures'] = if ($o.Contains('architectures')) { $o['architectures'] } else { 'linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64,linux/ppc64le,linux/riscv64,linux/s390x' }
foreach ($a in ($o['architectures'] -split ',') ) {
$split = $a -split '/'
$os = $split[0] # E.g. 'linux'
$arch = $split[1] # E.g. 'amd64'
$archv = if ($split.Count -gt 2) { $split[2] } else { '' } # E.g. 'v6' or ''
switch ($a) {
"$os/386" {
$hardware = 'x86'
$regex = "$os[-_.](i?$arch|x86(_64)?)[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|(i?$arch|x86(_64)?)[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/amd64" {
$hardware = 'x86_64'
$regex = "$os[-_.]($arch|x86(_64)?)[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|($arch|x86(_64)?)[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/arm/v6" {
$hardware = 'armhf'
$regex = "$os[-_.]($arch|arm)[-_.]?($archv)?$( [regex]::Escape($o['archiveformat']) )$|($arch|arm)[-_.]?($archv)?.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/arm/v7" {
$hardware = 'armv7l'
$regex = "$os[-_.]($arch|arm)[-_.]?($archv)?$( [regex]::Escape($o['archiveformat']) )$|($arch|arm)[-_.]?($archv)?.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/arm64" {
$hardware = 'aarch64'
$regex = "$os[-_.]($arch|aarch64)[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|($arch|aarch64)[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/ppc64le" {
$hardware = 'ppc64le'
$regex = "$os[-_.]$arch[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|$arch[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/riscv64" {
$hardware = 'riscv64'
$regex = "$os[-_.]$arch[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|$arch[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
"$os/s390x" {
$hardware = 's390x'
$regex = "$os[-_.]$arch[-_.]?$archv$( [regex]::Escape($o['archiveformat']) )$|$arch[-_.]?$archv.*?[-_.]$os.*?$( [regex]::Escape($o['archiveformat']) )$"
}
default {
throw "Unsupported architecture: $a"
}
}

$file = $sha = $url = ''
if ($o['checksumsUrl']) {
$file = Get-ChecksumsFile $checksumsKey $regex
$sha = Get-ChecksumsSha $checksumsKey $regex
$url = Split-Path $o['checksumsUrl'] -Parent
} else {
$file = $files.Keys | ? { $_ -match $regex } | Select-Object -First 1
if ($file) {
$url = "https://github.com/$( $o['repository'] )/releases/download/$( $o['version'] )"
$sha = $files[$file]
}else {
throw "No file matched regex: $regex"
}
}
if ($file -and $sha) {
@"
'$hardware') \
URL="$url/$file"; \
SHA256=$sha; \
;; \
"@
}
}

@"
*) \
echo "Architecture not supported"; \
exit 1; \
;; \
esac; \
"@

@"
FILE=$( $o['binary'] )$( $o['archiveformat'] ); \
wget -q "`$URL" -O "`$FILE"; \
echo "`$SHA256 `$FILE" | sha256sum -c -; \
"@

if ($o['archiveformat'] -match '\.tar\.gz|\.tgz') {
if ($o['archivefiles'].Count -gt 0) {
@"
tar -xvf "`$FILE" --no-same-owner --no-same-permissions -- $( $o['archivefiles'] -join ' ' ); \
rm -f "`$FILE"; \
"@
}else {
@"
tar -xvf "`$FILE" --no-same-owner --no-same-permissions; \
rm -f "`$FILE"; \
"@
}
}elseif ($o['archiveformat'] -match '\.bz2') {
@"
bzip2 -d "`$FILE"; \
"@
}elseif ($o['archiveformat'] -match '\.gz') {
@"
gzip -d "`$FILE"; \
"@
}elseif ($o['archiveformat'] -match '\.zip') {
@"
unzip "`$FILE" $( $o['binary'] ); \
"@
}

$destination = if ($o.Contains('destination')) { $o['destination'] } else { "/usr/local/bin/$( $o['binary'] )" }
$destinationDir = Split-Path $destination -Parent
@"
mkdir -pv $destinationDir; \
mv -v $( $o['binary'] ) $destination; \
chmod +x $destination; \
$( $o['testCommand'] ); \
"@

if ($o.Contains('archivefiles')) {
if ($license = $o['archivefiles'] | ? { $_ -match 'LICENSE' }) {
@"
mkdir -p /licenses; \
mv -v $license /licenses/$license; \
"@
}
}

@"
:
"@
}
18 changes: 13 additions & 5 deletions generate/templates/Dockerfile.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,13 +75,21 @@ RUN apk add --no-cache curl \
}

'sops' {
$SOPS_VERSION = 'v3.9.0'
Generate-DownloadBinary @{
binary = 'sops'
version = $SOPS_VERSION
checksumsUrl = "https://github.com/getsops/sops/releases/download/$SOPS_VERSION/sops-$SOPS_VERSION.checksums.txt"
archiveformat = ''
testCommand = 'sops --version'
}

@"
RUN set -eux; \
wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
chmod +x /usr/local/bin/sops; \
sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
sops --version
# RUN set -eux; \
# wget -qO- https://github.com/mozilla/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 > /usr/local/bin/sops; \
# chmod +x /usr/local/bin/sops; \
# sha256sum /usr/local/bin/sops | grep '^0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82 '; \
# sops --version
RUN apk add --no-cache gnupg
Expand Down
32 changes: 29 additions & 3 deletions variants/1.14.10-envsubst-git-jq-kustomize-sops-ssh-yq/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,37 @@ RUN apk add --no-cache curl \
&& chmod +x /usr/local/bin/kustomize \
&& apk del curl

# Install sops
RUN set -eux; \
wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
SOPS_VERSION=v3.9.0; \
case "$( uname -m )" in \
'x86_64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64"; \
SHA256=0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82; \
;; \
'aarch64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.arm64"; \
SHA256=596f26de6d4f7d1cc44f9e27bfea3192ef77f810f31f3f4132a417860ab91ebc; \
;; \
*) \
echo "Architecture not supported"; \
exit 1; \
;; \
esac; \
FILE=sops; \
wget -q "$URL" -O "$FILE"; \
echo "$SHA256 $FILE" | sha256sum -c -; \
mkdir -pv /usr/local/bin; \
mv -v sops /usr/local/bin/sops; \
chmod +x /usr/local/bin/sops; \
sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
sops --version
sops --version; \
:

# RUN set -eux; \
# wget -qO- https://github.com/mozilla/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 > /usr/local/bin/sops; \
# chmod +x /usr/local/bin/sops; \
# sha256sum /usr/local/bin/sops | grep '^0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82 '; \
# sops --version

RUN apk add --no-cache gnupg

Expand Down
32 changes: 29 additions & 3 deletions variants/1.15.12-envsubst-git-jq-kustomize-sops-ssh-yq/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,37 @@ RUN apk add --no-cache curl \
&& chmod +x /usr/local/bin/kustomize \
&& apk del curl

# Install sops
RUN set -eux; \
wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
SOPS_VERSION=v3.9.0; \
case "$( uname -m )" in \
'x86_64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64"; \
SHA256=0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82; \
;; \
'aarch64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.arm64"; \
SHA256=596f26de6d4f7d1cc44f9e27bfea3192ef77f810f31f3f4132a417860ab91ebc; \
;; \
*) \
echo "Architecture not supported"; \
exit 1; \
;; \
esac; \
FILE=sops; \
wget -q "$URL" -O "$FILE"; \
echo "$SHA256 $FILE" | sha256sum -c -; \
mkdir -pv /usr/local/bin; \
mv -v sops /usr/local/bin/sops; \
chmod +x /usr/local/bin/sops; \
sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
sops --version
sops --version; \
:

# RUN set -eux; \
# wget -qO- https://github.com/mozilla/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 > /usr/local/bin/sops; \
# chmod +x /usr/local/bin/sops; \
# sha256sum /usr/local/bin/sops | grep '^0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82 '; \
# sops --version

RUN apk add --no-cache gnupg

Expand Down
32 changes: 29 additions & 3 deletions variants/1.16.15-envsubst-git-jq-kustomize-sops-ssh-yq/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,37 @@ RUN apk add --no-cache curl \
&& chmod +x /usr/local/bin/kustomize \
&& apk del curl

# Install sops
RUN set -eux; \
wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
SOPS_VERSION=v3.9.0; \
case "$( uname -m )" in \
'x86_64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64"; \
SHA256=0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82; \
;; \
'aarch64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.arm64"; \
SHA256=596f26de6d4f7d1cc44f9e27bfea3192ef77f810f31f3f4132a417860ab91ebc; \
;; \
*) \
echo "Architecture not supported"; \
exit 1; \
;; \
esac; \
FILE=sops; \
wget -q "$URL" -O "$FILE"; \
echo "$SHA256 $FILE" | sha256sum -c -; \
mkdir -pv /usr/local/bin; \
mv -v sops /usr/local/bin/sops; \
chmod +x /usr/local/bin/sops; \
sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
sops --version
sops --version; \
:

# RUN set -eux; \
# wget -qO- https://github.com/mozilla/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 > /usr/local/bin/sops; \
# chmod +x /usr/local/bin/sops; \
# sha256sum /usr/local/bin/sops | grep '^0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82 '; \
# sops --version

RUN apk add --no-cache gnupg

Expand Down
32 changes: 29 additions & 3 deletions variants/1.17.17-envsubst-git-jq-kustomize-sops-ssh-yq/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,11 +41,37 @@ RUN apk add --no-cache curl \
&& chmod +x /usr/local/bin/kustomize \
&& apk del curl

# Install sops
RUN set -eux; \
wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \
SOPS_VERSION=v3.9.0; \
case "$( uname -m )" in \
'x86_64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64"; \
SHA256=0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82; \
;; \
'aarch64') \
URL="https://github.com/getsops/sops/releases/download/v3.9.0/sops-v3.9.0.linux.arm64"; \
SHA256=596f26de6d4f7d1cc44f9e27bfea3192ef77f810f31f3f4132a417860ab91ebc; \
;; \
*) \
echo "Architecture not supported"; \
exit 1; \
;; \
esac; \
FILE=sops; \
wget -q "$URL" -O "$FILE"; \
echo "$SHA256 $FILE" | sha256sum -c -; \
mkdir -pv /usr/local/bin; \
mv -v sops /usr/local/bin/sops; \
chmod +x /usr/local/bin/sops; \
sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \
sops --version
sops --version; \
:

# RUN set -eux; \
# wget -qO- https://github.com/mozilla/sops/releases/download/v3.9.0/sops-v3.9.0.linux.amd64 > /usr/local/bin/sops; \
# chmod +x /usr/local/bin/sops; \
# sha256sum /usr/local/bin/sops | grep '^0d65660fbe785647ff4f1764d7f69edf598f79d6d79ebbef4a501909b6ff6b82 '; \
# sops --version

RUN apk add --no-cache gnupg

Expand Down
Loading

0 comments on commit 744c69a

Please sign in to comment.