Conversation
| done \ | ||
| && git clone https://github.com/nodejs/release-keys.git \ | ||
| && release-keys/cli.sh import \ | ||
| && rm -Rf release-keys \ |
There was a problem hiding this comment.
Seems like the clear for the CLI should be called at the end with the other cleanup and remove the repo at that point
There was a problem hiding this comment.
and maybe remove bash (apk del bash) at the end ?
| gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ | ||
| gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ | ||
| done \ | ||
| && git clone https://github.com/nodejs/release-keys.git \ |
There was a problem hiding this comment.
Could probably skip the git dep, and maybe curl https://github.com/nodejs/release-keys/archive/refs/heads/master.zip to keep a smaller footprint than all the repo history (even though it's small now)
There was a problem hiding this comment.
hardcoding master seems inconvenient, what about just git clone --depth 1?
There was a problem hiding this comment.
I found it somehow odd to not pin the commit here or validate the downloaded artefact afterwards, maybe it would make sense to create a releases in https://github.com/nodejs/release-keys? While those are only keys, we are executing a random bash script here.
| FROM alpine:3.11 | ||
|
|
||
| ENV NODE_VERSION 16.3.0 | ||
| ENV NODE_VERSION 16.4.0 |
There was a problem hiding this comment.
this change should not be included in this PR
There was a problem hiding this comment.
Is there a way to re-generate those files from the template without updating the version? I tested ./update.sh -b, but that just fails.
There was a problem hiding this comment.
I'd just revert the changes manually, I don't think our script supports "generate from template, but keep current version"
|
Thanks @johanneswuerbach ! I'm going to close this from the comments by the Docker Official images folks that this approach isn't what they're looking for upstream. I've opened #1510 to just try a new keyserver address instead |
4 participants
Description
Use release keys from git instead of maintaining a hardcoded list fetched from a key servers, related to #1500
Motivation and Context
Testing Details
Example Output(if appropriate)
Types of changes
Checklist