chore(ci): move certificates logic into containers (#309)

We create the certificates and all the required files inside a container mounting these files in a volume that later can be used everywhere to get the certification files. Closes #308 Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
2026-01-11 21:23:12 +01:00 · 2025-05-09 15:52:46 +02:00 · 2025-05-09 15:52:46 +02:00 · c24d7aed3e
commit c24d7aed3e
parent f198b44dc0
1 changed files with 9 additions and 10 deletions
--- a/Taskfile.yml
+++ b/Taskfile.yml
@ -146,7 +146,8 @@ tasks:
    cmds:
      - > 
          mkdir -p certs &&
-          pushd certs &&
+          docker volume create certs &&
          docker run -v certs:/certs -w /certs --name certs --entrypoint=/bin/bash ubuntu -c 'apt update && apt install openssl -y &&
          openssl genrsa -out ca-key.pem 4096 &&
          openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
              -subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" &&
@ -155,14 +156,12 @@ tasks:
          echo subjectAltName = DNS:{{ .REGISTRY_NAME }},IP:127.0.0.1 >> extfile.cnf &&
          echo extendedKeyUsage = serverAuth >> extfile.cnf &&
          openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-              -CAcreateserial -out server-cert.pem -extfile extfile.cnf &&
+              -CAcreateserial -out server-cert.pem -extfile extfile.cnf'
-          popd
+          docker cp certs:/certs/ca.pem certs/ca.pem &&
          docker rm certs
    status:
-        - test -f certs/ca-key.pem
+      - docker volume inspect certs
-        - test -f certs/ca.pem
+      - test -f certs/ca.pem
        - test -f certs/server-key.pem
        - test -f certs/server.csr
        - test -f certs/server-cert.pem
  start-build-network:
    desc: Create a docker network for image building used by the dagger engine and the registry
@ -186,7 +185,7 @@ tasks:
        docker run -d --name {{ .REGISTRY_NAME }}
        -p {{ .REGISTRY_PORT }}:5000
        --network {{ .REGISTRY_NETWORK }}
-        -v $(pwd)/certs:/certs
+        -v certs:/certs
        -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem
        registry:${REGISTRY_VERSION}
    status:
@ -208,7 +207,7 @@ tasks:
      - >
        docker run -d -v /var/lib/dagger --name "{{ .DAGGER_ENGINE_CONTAINER_NAME }}"
        --network={{ .REGISTRY_NETWORK }}
-        -v $(pwd)/certs/ca.pem:/usr/local/share/ca-certificates/ca.crt
+        -v certs:/usr/local/share/ca-certificates/
        --privileged {{ .DAGGER_ENGINE_IMAGE }}
    status:
      - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .DAGGER_ENGINE_CONTAINER_NAME }}" 2> /dev/null )" == 'true' \]