diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml index 2318411745..8781726767 100644 --- a/.github/workflows/docker.yaml +++ b/.github/workflows/docker.yaml @@ -158,6 +158,7 @@ jobs: VERSION: ${{ (github.ref_type == 'tag' && github.ref_name) || needs.prepare.outputs.ref || 'dev' }} PHP_VERSION: ${{ needs.prepare.outputs.php_version }} BASE_FINGERPRINT: ${{ needs.prepare.outputs.base_fingerprint }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # Workaround for https://github.com/actions/runner/pull/2477#issuecomment-1501003600 name: Export metadata if: fromJson(needs.prepare.outputs.push) diff --git a/Dockerfile b/Dockerfile index 8252e40998..40bed13988 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,6 +66,7 @@ RUN apt-get update && \ apt-get -y --no-install-recommends install \ cmake \ git \ + jq \ libargon2-dev \ libbrotli-dev \ libcurl4-openssl-dev \ @@ -81,23 +82,25 @@ RUN apt-get update && \ # Install e-dant/watcher (necessary for file watching) WORKDIR /usr/local/src/watcher -RUN --mount=type=secret,id=github-token \ - if [ -f /run/secrets/github-token ] && [ -s /run/secrets/github-token ]; then \ - curl -s -H "Authorization: Bearer $(cat /run/secrets/github-token)" https://api.github.com/repos/e-dant/watcher/releases/latest; \ - else \ - curl -s https://api.github.com/repos/e-dant/watcher/releases/latest; \ - fi | \ - grep tarball_url | \ - awk '{ print $2 }' | \ - sed 's/,$//' | \ - sed 's/"//g' | \ - xargs curl -L | \ - tar xz --strip-components 1 && \ - # -Wno-error=use-after-free: GCC 12 on Bookworm i386 emits a spurious warning in libstdc++ basic_string.h - cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_FLAGS="-Wno-error=use-after-free" && \ - cmake --build build && \ - cmake --install build && \ - ldconfig +RUN --mount=type=secret,id=github-token <<'EOF' +set -e +api=https://api.github.com/repos/e-dant/watcher/releases/latest +if [ -s /run/secrets/github-token ]; then + tarball_url=$(curl -fsSL -H "Authorization: Bearer $(cat /run/secrets/github-token)" "${api}" | jq -r '.tarball_url // empty') +else + tarball_url=$(curl -fsSL "${api}" | jq -r '.tarball_url // empty') +fi +if [ -z "${tarball_url}" ]; then + echo "failed to resolve e-dant/watcher tarball URL (rate limited?)" >&2 + exit 1 +fi +curl -fsSL "${tarball_url}" | tar xz --strip-components 1 +# -Wno-error=use-after-free: GCC 12 on Bookworm i386 emits a spurious warning in libstdc++ basic_string.h +cmake -S . -B build -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_FLAGS="-Wno-error=use-after-free" +cmake --build build +cmake --install build +ldconfig +EOF WORKDIR /go/src/app diff --git a/alpine.Dockerfile b/alpine.Dockerfile index c5d0f64ecb..b9dbea5c15 100644 --- a/alpine.Dockerfile +++ b/alpine.Dockerfile @@ -74,6 +74,7 @@ RUN apk add --no-cache --virtual .build-deps \ # Needed for the custom Go build \ git \ gnu-libiconv-dev \ + jq \ libsodium-dev \ # Needed for the file watcher \ cmake \ @@ -88,21 +89,23 @@ RUN apk add --no-cache --virtual .build-deps \ # Install e-dant/watcher (necessary for file watching) WORKDIR /usr/local/src/watcher -RUN --mount=type=secret,id=github-token \ - if [ -f /run/secrets/github-token ] && [ -s /run/secrets/github-token ]; then \ - curl -s -H "Authorization: Bearer $(cat /run/secrets/github-token)" https://api.github.com/repos/e-dant/watcher/releases/latest; \ - else \ - curl -s https://api.github.com/repos/e-dant/watcher/releases/latest; \ - fi | \ - grep tarball_url | \ - awk '{ print $2 }' | \ - sed 's/,$//' | \ - sed 's/"//g' | \ - xargs curl -L | \ - tar xz --strip-components 1 && \ - cmake -S . -B build -DCMAKE_BUILD_TYPE=Release && \ - cmake --build build && \ - cmake --install build +RUN --mount=type=secret,id=github-token <<'EOF' +set -e +api=https://api.github.com/repos/e-dant/watcher/releases/latest +if [ -s /run/secrets/github-token ]; then + tarball_url=$(curl -fsSL -H "Authorization: Bearer $(cat /run/secrets/github-token)" "${api}" | jq -r '.tarball_url // empty') +else + tarball_url=$(curl -fsSL "${api}" | jq -r '.tarball_url // empty') +fi +if [ -z "${tarball_url}" ]; then + echo "failed to resolve e-dant/watcher tarball URL (rate limited?)" >&2 + exit 1 +fi +curl -fsSL "${tarball_url}" | tar xz --strip-components 1 +cmake -S . -B build -DCMAKE_BUILD_TYPE=Release +cmake --build build +cmake --install build +EOF WORKDIR /go/src/app