chore(ci): move certificates logic into containers

sxd · sxd · commit d76e4b93b777 · 2025-05-05T17:02:36.000+02:00
We create the certificates and all the required files inside a container mounting these files in a volume that later can be used everywhere to get the certification files. Closes #308 Signed-off-by: Jonathan Gonzalez V. <jonathan.gonzalez@enterprisedb.com>
diff --git a/Taskfile.yml b/Taskfile.yml
@@ -134,8 +134,8 @@ tasks:
     run: once
     cmds:
       - > 
-          mkdir -p certs &&
-          pushd certs &&
+          docker volume create certs && 
+          docker run -v certs:/certs -w /certs --rm --entrypoint=/bin/bash ubuntu -c 'apt update && apt install openssl -y && 
           openssl genrsa -out ca-key.pem 4096 &&
           openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem \
               -subj "/O=CloudNativePG/OU=Barman Cloud Plugin Testing" &&
@@ -144,14 +144,7 @@ tasks:
           echo subjectAltName = DNS:{{ .REGISTRY_NAME }},IP:127.0.0.1 >> extfile.cnf &&
           echo extendedKeyUsage = serverAuth >> extfile.cnf &&
           openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-              -CAcreateserial -out server-cert.pem -extfile extfile.cnf &&
-          popd
-    status:
-        - test -f certs/ca-key.pem
-        - test -f certs/ca.pem
-        - test -f certs/server-key.pem
-        - test -f certs/server.csr
-        - test -f certs/server-cert.pem
+              -CAcreateserial -out server-cert.pem -extfile extfile.cnf'
 
   start-build-network:
     desc: Create a docker network for image building used by the dagger engine and the registry
@@ -175,7 +168,7 @@ tasks:
         docker run -d --name {{ .REGISTRY_NAME }}
         -p {{ .REGISTRY_PORT }}:5000
         --network {{ .REGISTRY_NETWORK }}
-        -v $(pwd)/certs:/certs
+        -v certs:/certs
         -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server-cert.pem -e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem
         registry:${REGISTRY_VERSION}
     status:
@@ -197,7 +190,7 @@ tasks:
       - >
         docker run -d -v /var/lib/dagger --name "{{ .DAGGER_ENGINE_CONTAINER_NAME }}"
         --network={{ .REGISTRY_NETWORK }}
-        -v $(pwd)/certs/ca.pem:/usr/local/share/ca-certificates/ca.crt
+        -v certs:/usr/local/share/ca-certificates/
         --privileged {{ .DAGGER_ENGINE_IMAGE }}
     status:
       - \[ "$(docker inspect -f {{`'{{.State.Running}}'`}} "{{ .DAGGER_ENGINE_CONTAINER_NAME }}" 2> /dev/null )" == 'true' \]
@@ -313,10 +306,12 @@ tasks:
     env:
       _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-container://{{ .DAGGER_ENGINE_CONTAINER_NAME }}
     cmds:
+      - docker create --name certs -v certs:/certs busybox
+      - docker cp certs:/certs/ca.pem ca.pem
       - >
         GITHUB_REF= dagger call -m  dagger/e2e/ run-ephemeral
         --source .
-        --ca certs/ca.pem
+        --ca ca.pem
         --registry {{.REGISTRY_NAME}}:{{.REGISTRY_PORT}}
         --go-version {{ .GOLANG_IMAGE_VERSION }}
 
