diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 2cd29236..04cf6a18 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -37,7 +37,9 @@ jobs: # Build base dockerfile - name: Build the base.Dockerfile - run: docker build -t base_cloudshell -f linux/base.Dockerfile . + run: | + echo "https://pypi.org/simple/" > pip_index_url.txt + docker build -t base_cloudshell -f linux/base.Dockerfile --secret id=pip_index_url,src=pip_index_url.txt . - name: Create temporary trivy directories run: | diff --git a/linux/base.Dockerfile b/linux/base.Dockerfile index 984f711c..71f82326 100644 --- a/linux/base.Dockerfile +++ b/linux/base.Dockerfile @@ -158,18 +158,18 @@ ENV LANG="en_US.utf8" # # BEGIN: Install Ansible in isolated Virtual Environment COPY ./linux/ansible/ansible* /usr/local/bin/ -RUN chmod 755 /usr/local/bin/ansible* \ +RUN --mount=type=secret,id=pip_index_url,target=/run/secrets/pip_index_url \ + chmod 755 /usr/local/bin/ansible* \ && cd /opt \ && virtualenv -p python3 ansible \ - && /bin/bash -c "source ansible/bin/activate && pip3 list --format=freeze | cut -d '=' -f1 | xargs -n1 pip3 install -U && pip3 install ansible && pip3 install pywinrm\>\=0\.2\.2 && deactivate" \ + && /bin/bash -c "source ansible/bin/activate && pip3 list --format=freeze | cut -d '=' -f1 | xargs -n1 pip3 install -U --index-url $(cat /run/secrets/pip_index_url) && pip3 install --index-url $(cat /run/secrets/pip_index_url) ansible && pip3 install --index-url $(cat /run/secrets/pip_index_url) pywinrm\>\=0\.2\.2 && deactivate" \ && rm -rf ~/.local/share/virtualenv/ \ && rm -rf ~/.cache/pip/ \ && ansible-galaxy collection install azure.azcollection --force -p /usr/share/ansible/collections \ # Temp: Proper fix is to use regular python for Ansible. && mkdir -p /usr/share/ansible/collections/ansible_collections/azure/azcollection/ \ && wget -nv -q -O /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt https://raw.githubusercontent.com/ansible-collections/azure/dev/requirements.txt \ - && /opt/ansible/bin/python -m pip install -r /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt - + && /opt/ansible/bin/python -m pip install --index-url $(cat /run/secrets/pip_index_url) -r /usr/share/ansible/collections/ansible_collections/azure/azcollection/requirements.txt # Install latest version of Istio RUN export TMP_DIR=$(mktemp -d) \ @@ -233,4 +233,4 @@ RUN curl -fsSL https://aka.ms/install-azd.sh | bash && \ tar -xf rootlesskit-x86_64.tar.gz && \ cp rootlesskit rootlesskit-docker-proxy /usr/bin/ && \ popd && \ - rm -rf $TMP_DIR + rm -rf $TMP_DIR \ No newline at end of file