From c8521390668a101daee86bef18662fb3ea975de2 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 13:00:57 +0000 Subject: [PATCH 01/12] login to docker --- .evergreen.yml | 8 +++++ .../bin/docker-credential-from-env | 32 +++++++++++++++++++ .evergreen/docker-config/config.json | 6 ++++ .evergreen/evergreen.yml.in | 8 +++++ .evergreen/setup-env.sh | 3 ++ 5 files changed, 57 insertions(+) create mode 100755 .evergreen/docker-config/bin/docker-credential-from-env create mode 100644 .evergreen/docker-config/config.json diff --git a/.evergreen.yml b/.evergreen.yml index 2fc826de80..ce4fc3ef81 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -6907,6 +6907,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e { @@ -6930,6 +6932,8 @@ functions: NODE_JS_VERSION: ${node_js_version} TEST_MONGOSH_EXECUTABLE: ${test_mongosh_executable|} KERBEROS_JUMPHOST_DOCKERFILE: ${kerberos_jumphost_dockerfile|} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e { @@ -7329,6 +7333,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e set -x @@ -7343,6 +7349,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e set -x diff --git a/.evergreen/docker-config/bin/docker-credential-from-env b/.evergreen/docker-config/bin/docker-credential-from-env new file mode 100755 index 0000000000..7af2b9a472 --- /dev/null +++ b/.evergreen/docker-config/bin/docker-credential-from-env @@ -0,0 +1,32 @@ +#!/bin/bash + +set -euo pipefail + +DOCKER_HUB_URL="https://index.docker.io/v1/" + +STDIN=$(cat) + +ACTION="$1" + +case "$ACTION" in + get) + SERVER_URL="$STDIN" + + if [[ "$SERVER_URL" == "$DOCKER_HUB_URL" ]]; then + if [[ -z "${DOCKERHUB_USERNAME:-}" || -z "${DOCKERHUB_PASSWORD:-}" ]]; then + echo "Error: DOCKERHUB_USERNAME or DOCKERHUB_PASSWORD environment variables are not set." >&2 + exit 1 + fi + + echo "{\"Username\": \"$DOCKERHUB_USERNAME\", \"Secret\": \"$DOCKERHUB_PASSWORD\"}" + else + echo "Error: No credentials available for $SERVER_URL" >&2 + exit 1 + fi + ;; + + *) + echo "Unsupported action: $ACTION" >&2 + exit 1 + ;; +esac \ No newline at end of file diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json new file mode 100644 index 0000000000..353cd057bc --- /dev/null +++ b/.evergreen/docker-config/config.json @@ -0,0 +1,6 @@ +{ + "auths": { + "https://index.docker.io/v1/": {} + }, + "credsStore": "from-env" +} diff --git a/.evergreen/evergreen.yml.in b/.evergreen/evergreen.yml.in index a3c4138a94..4c757c9e7a 100644 --- a/.evergreen/evergreen.yml.in +++ b/.evergreen/evergreen.yml.in @@ -383,6 +383,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e { @@ -406,6 +408,8 @@ functions: NODE_JS_VERSION: ${node_js_version} TEST_MONGOSH_EXECUTABLE: ${test_mongosh_executable|} KERBEROS_JUMPHOST_DOCKERFILE: ${kerberos_jumphost_dockerfile|} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e { @@ -741,6 +745,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e set -x @@ -755,6 +761,8 @@ functions: shell: bash env: NODE_JS_VERSION: ${node_js_version} + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} script: | set -e set -x diff --git a/.evergreen/setup-env.sh b/.evergreen/setup-env.sh index 8b9a38ad95..37311eb259 100755 --- a/.evergreen/setup-env.sh +++ b/.evergreen/setup-env.sh @@ -75,6 +75,9 @@ if [ "$OS" == "Windows_NT" ]; then export npm_config_logs_dir="$(cygpath -w "$npm_config_logs_dir")" fi +export DOCKER_FILE="$BASEDIR/docker-config/config.json" +export PATH="BASEDIR/docker-config/bin:$PATH" + echo "Running on:" uname -a From 9a5a916a8c0e1374e5c9c1bff722f48aaf79d99c Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 15:35:38 +0000 Subject: [PATCH 02/12] incorrect env var.. --- .evergreen/setup-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/setup-env.sh b/.evergreen/setup-env.sh index 37311eb259..7f20a9199a 100755 --- a/.evergreen/setup-env.sh +++ b/.evergreen/setup-env.sh @@ -75,7 +75,7 @@ if [ "$OS" == "Windows_NT" ]; then export npm_config_logs_dir="$(cygpath -w "$npm_config_logs_dir")" fi -export DOCKER_FILE="$BASEDIR/docker-config/config.json" +export DOCKER_CONFIG="$BASEDIR/docker-config/config.json" export PATH="BASEDIR/docker-config/bin:$PATH" echo "Running on:" From 0a7a842c8fa06ab48b55a60ce0df333e15de7c2a Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 16:32:15 +0000 Subject: [PATCH 03/12] typo --- .evergreen/setup-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/setup-env.sh b/.evergreen/setup-env.sh index 7f20a9199a..544f85d304 100755 --- a/.evergreen/setup-env.sh +++ b/.evergreen/setup-env.sh @@ -76,7 +76,7 @@ if [ "$OS" == "Windows_NT" ]; then fi export DOCKER_CONFIG="$BASEDIR/docker-config/config.json" -export PATH="BASEDIR/docker-config/bin:$PATH" +export PATH="$BASEDIR/docker-config/bin:$PATH" echo "Running on:" uname -a From c16a1b0baee1e49d090db20812024ca8f9914494 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 17:09:02 +0000 Subject: [PATCH 04/12] the folder, not the file --- .evergreen/setup-env.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.evergreen/setup-env.sh b/.evergreen/setup-env.sh index 544f85d304..3d286a2139 100755 --- a/.evergreen/setup-env.sh +++ b/.evergreen/setup-env.sh @@ -75,7 +75,7 @@ if [ "$OS" == "Windows_NT" ]; then export npm_config_logs_dir="$(cygpath -w "$npm_config_logs_dir")" fi -export DOCKER_CONFIG="$BASEDIR/docker-config/config.json" +export DOCKER_CONFIG="$BASEDIR/docker-config" export PATH="$BASEDIR/docker-config/bin:$PATH" echo "Running on:" From a8b40a0240d41a7ac7b165f2fc3c4b0ba112652e Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 18:52:41 +0000 Subject: [PATCH 05/12] missed some --- .evergreen/evergreen.yml.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.evergreen/evergreen.yml.in b/.evergreen/evergreen.yml.in index 4c757c9e7a..73c0062a12 100644 --- a/.evergreen/evergreen.yml.in +++ b/.evergreen/evergreen.yml.in @@ -639,6 +639,8 @@ functions: DISTRO_ID_OVERRIDE: ${distro_id} PACKAGE_VARIANT: ${package_variant} ARTIFACT_URL_EXTRA_TAG: unsigned + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} sign_artifact: - command: expansions.write type: setup From 9b2035857e0d43dc4f96ae2a4376e27665624050 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Fri, 22 Nov 2024 20:54:30 +0000 Subject: [PATCH 06/12] remember to update evergreen --- .evergreen.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.evergreen.yml b/.evergreen.yml index ce4fc3ef81..eba55e2d91 100644 --- a/.evergreen.yml +++ b/.evergreen.yml @@ -7227,6 +7227,8 @@ functions: DISTRO_ID_OVERRIDE: ${distro_id} PACKAGE_VARIANT: ${package_variant} ARTIFACT_URL_EXTRA_TAG: unsigned + DOCKERHUB_USERNAME: ${dockerhub_username} + DOCKERHUB_PASSWORD: ${dockerhub_password} sign_artifact: - command: expansions.write type: setup From 3ace8174543936fb1f036a96b2ce05e960c99fd2 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Sun, 24 Nov 2024 12:21:45 +0000 Subject: [PATCH 07/12] switch to using a credential helper rather than a credential store --- .evergreen/docker-config/bin/docker-credential-from-env | 6 +++++- .evergreen/docker-config/config.json | 9 ++++----- 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/.evergreen/docker-config/bin/docker-credential-from-env b/.evergreen/docker-config/bin/docker-credential-from-env index 7af2b9a472..5cbeba1665 100755 --- a/.evergreen/docker-config/bin/docker-credential-from-env +++ b/.evergreen/docker-config/bin/docker-credential-from-env @@ -2,7 +2,11 @@ set -euo pipefail -DOCKER_HUB_URL="https://index.docker.io/v1/" +# index +#DOCKER_HUB_URL="https://index.docker.io/v1/" + +# registry (maybe?) +DOCKER_HUB_URL="registry.hub.docker.com" STDIN=$(cat) diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json index 353cd057bc..26d69620f3 100644 --- a/.evergreen/docker-config/config.json +++ b/.evergreen/docker-config/config.json @@ -1,6 +1,5 @@ { - "auths": { - "https://index.docker.io/v1/": {} - }, - "credsStore": "from-env" -} + "credHelpers": { + "registry.hub.docker.com": "from-env" + } +} \ No newline at end of file From b96be95c595214fa8113e6a3f363000c8baa4c18 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Sun, 24 Nov 2024 17:26:15 +0000 Subject: [PATCH 08/12] no idea what to use as the default --- .evergreen/docker-config/config.json | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json index 26d69620f3..f8814aa00a 100644 --- a/.evergreen/docker-config/config.json +++ b/.evergreen/docker-config/config.json @@ -1,5 +1,9 @@ { "credHelpers": { - "registry.hub.docker.com": "from-env" + "registry.hub.docker.com": "from-env", + "docker.io": "from-env", + "docker.io/library": "from-env", + "index.docker.io/v1": "from-env", + "index.docker.io": "from-env" } } \ No newline at end of file From 128d1a51c17541fbfa914eb4160531fa0412c2b8 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Sun, 24 Nov 2024 21:40:14 +0000 Subject: [PATCH 09/12] Revert "no idea what to use as the default" This reverts commit b96be95c595214fa8113e6a3f363000c8baa4c18. --- .evergreen/docker-config/config.json | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json index f8814aa00a..26d69620f3 100644 --- a/.evergreen/docker-config/config.json +++ b/.evergreen/docker-config/config.json @@ -1,9 +1,5 @@ { "credHelpers": { - "registry.hub.docker.com": "from-env", - "docker.io": "from-env", - "docker.io/library": "from-env", - "index.docker.io/v1": "from-env", - "index.docker.io": "from-env" + "registry.hub.docker.com": "from-env" } } \ No newline at end of file From ad052e811f324c97e07c0ca91ced0aef1cef69d6 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Sun, 24 Nov 2024 21:40:23 +0000 Subject: [PATCH 10/12] Revert "switch to using a credential helper rather than a credential store" This reverts commit 3ace8174543936fb1f036a96b2ce05e960c99fd2. --- .evergreen/docker-config/bin/docker-credential-from-env | 6 +----- .evergreen/docker-config/config.json | 9 +++++---- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/.evergreen/docker-config/bin/docker-credential-from-env b/.evergreen/docker-config/bin/docker-credential-from-env index 5cbeba1665..7af2b9a472 100755 --- a/.evergreen/docker-config/bin/docker-credential-from-env +++ b/.evergreen/docker-config/bin/docker-credential-from-env @@ -2,11 +2,7 @@ set -euo pipefail -# index -#DOCKER_HUB_URL="https://index.docker.io/v1/" - -# registry (maybe?) -DOCKER_HUB_URL="registry.hub.docker.com" +DOCKER_HUB_URL="https://index.docker.io/v1/" STDIN=$(cat) diff --git a/.evergreen/docker-config/config.json b/.evergreen/docker-config/config.json index 26d69620f3..353cd057bc 100644 --- a/.evergreen/docker-config/config.json +++ b/.evergreen/docker-config/config.json @@ -1,5 +1,6 @@ { - "credHelpers": { - "registry.hub.docker.com": "from-env" - } -} \ No newline at end of file + "auths": { + "https://index.docker.io/v1/": {} + }, + "credsStore": "from-env" +} From 6c0fb2e6492e9e8429bc12d4299133642594dacc Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Sun, 24 Nov 2024 21:41:25 +0000 Subject: [PATCH 11/12] just remove the env var --- scripts/docker/build.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/docker/build.sh b/scripts/docker/build.sh index 0b4cbb865a..591f388648 100755 --- a/scripts/docker/build.sh +++ b/scripts/docker/build.sh @@ -6,6 +6,11 @@ cd "$(dirname "$0")" # Used for verifying that we actually have a working csfle shared library [ -x node_modules/mongodb-crypt-library-version ] || ((cd ../.. && npm ci) && cp -r ../../node_modules node_modules) +# we don't have credentials for registry.suse.com and docker now requires them due to our config +if [[ "$1" == suse* ]] + unset DOCKER_CONFIG +fi + if [ x"$ARTIFACT_URL" = x"" ]; then SHA=`git rev-parse origin/main` VERSION=`git show ${SHA}:../../lerna.json | grep version | cut -d ":" -f 2 | cut -d '"' -f 2` From aaa77b0ce9e6d5de977966c7fc604d377e7c94a4 Mon Sep 17 00:00:00 2001 From: Le Roux Bodenstein Date: Mon, 25 Nov 2024 10:24:30 +0000 Subject: [PATCH 12/12] bash syntax --- scripts/docker/build.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/docker/build.sh b/scripts/docker/build.sh index 591f388648..15b359c9ab 100755 --- a/scripts/docker/build.sh +++ b/scripts/docker/build.sh @@ -7,7 +7,7 @@ cd "$(dirname "$0")" [ -x node_modules/mongodb-crypt-library-version ] || ((cd ../.. && npm ci) && cp -r ../../node_modules node_modules) # we don't have credentials for registry.suse.com and docker now requires them due to our config -if [[ "$1" == suse* ]] +if [[ "$1" == suse* ]]; then unset DOCKER_CONFIG fi