From ccb07b42c09a4950e87874605f2944209e4fc319 Mon Sep 17 00:00:00 2001 From: Leonard Jonathan Oh Date: Sat, 11 Mar 2023 23:04:16 +0000 Subject: [PATCH] Enhancement: Add validation for `sops` --- generate/templates/Dockerfile.ps1 | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- .../Dockerfile | 7 +++++-- 14 files changed, 70 insertions(+), 28 deletions(-) diff --git a/generate/templates/Dockerfile.ps1 b/generate/templates/Dockerfile.ps1 index 6f76ece..d8e47ff 100755 --- a/generate/templates/Dockerfile.ps1 +++ b/generate/templates/Dockerfile.ps1 @@ -80,8 +80,11 @@ RUN apk add --no-cache curl \ 'sops' { @" -# Note: `sops` does not provide binaries for other arch other than `linux/i386` and `linux/amd64`. So `sops` might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 7ce6b29..de5b488 100644 --- a/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.14.10-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 78c8430..29e25d6 100644 --- a/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.15.12-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 984597f..3c09e66 100644 --- a/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.16.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index ab12361..1a2916c 100644 --- a/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.17.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.18.20-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.18.20-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index efd4d3c..e75aa9d 100644 --- a/variants/v1.18.20-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.18.20-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.19.16-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.19.16-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 8a61612..0934542 100644 --- a/variants/v1.19.16-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.19.16-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.20.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.20.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 79bcc3d..8aff143 100644 --- a/variants/v1.20.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.20.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.21.14-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.21.14-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index bf0d6dd..cb3b2ff 100644 --- a/variants/v1.21.14-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.21.14-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.22.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.22.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 3363321..a4e7cfc 100644 --- a/variants/v1.22.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.22.17-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.23.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.23.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index 8a52800..e6734a4 100644 --- a/variants/v1.23.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.23.15-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.24.9-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.24.9-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index aaf5290..90e653e 100644 --- a/variants/v1.24.9-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.24.9-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.25.5-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.25.5-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index a3da664..a2f8f1c 100644 --- a/variants/v1.25.5-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.25.5-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg diff --git a/variants/v1.26.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile b/variants/v1.26.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile index b70f509..0326d71 100644 --- a/variants/v1.26.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile +++ b/variants/v1.26.0-envsubst-git-jq-kustomize-sops-ssh-alpine-3.8/Dockerfile @@ -44,8 +44,11 @@ RUN apk add --no-cache curl \ && chmod +x /usr/local/bin/kustomize \ && apk del curl -# Note: sops does not provide binaries for other arch other than linux/i386 and linux/amd64. So sops might not work on other architectures. -RUN wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops && chmod +x /usr/local/bin/sops +RUN set -eux; \ + wget -qO- https://github.com/mozilla/sops/releases/download/v3.7.1/sops-v3.7.1.linux > /usr/local/bin/sops; \ + chmod +x /usr/local/bin/sops; \ + sha256sum /usr/local/bin/sops | grep '^185348fd77fc160d5bdf3cd20ecbc796163504fd3df196d7cb29000773657b74 '; \ + sops --version RUN apk add --no-cache gnupg