From a2ddbe17f43a9719c32b803b7023df369e2d99f2 Mon Sep 17 00:00:00 2001
From: Wouter Deconinck <wdconinc@gmail.com>
Date: Sun, 24 Nov 2024 18:35:07 +0000
Subject: [PATCH] feat: refer to id/secret variables in mirrors.yaml.in

---
 .gitlab-ci.yml                |  6 +++++-
 containers/jug/dev.Dockerfile | 14 +++++++++++++-
 mirrors.yaml.in               | 16 ++++++++--------
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 870020c63..b76fe082a 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -2,7 +2,7 @@ image: alpine
 
 variables:
   ## External images
-  DOCKER_IMAGE: docker.io/docker:27.2.0
+  DOCKER_IMAGE: docker.io/docker:27.3.1
   SINGULARITY_IMAGE: quay.io/singularity/singularity:v3.11.5
 
   ## Default versions are specified in packages.yaml but can be overridden
@@ -448,6 +448,10 @@ eic:
                    --build-arg jobs=${JOBS}
                    --build-context spack-environment=spack-environment
                    --secret id=mirrors,src=mirrors.yaml
+                   --secret type=env,id=CI_REGISTRY_USER,env=CI_REGISTRY_USER
+                   --secret type=env,id=CI_REGISTRY_PASSWORD,env=CI_REGISTRY_PASSWORD
+                   --secret type=env,id=GITHUB_REGISTRY_USER,env=GITHUB_REGISTRY_USER
+                   --secret type=env,id=GITHUB_REGISTRY_TOKEN,env=GITHUB_REGISTRY_TOKEN
                    --provenance false
                    containers/jug
                    2>&1 | tee build.log
diff --git a/containers/jug/dev.Dockerfile b/containers/jug/dev.Dockerfile
index 4b2c241be..72c155617 100644
--- a/containers/jug/dev.Dockerfile
+++ b/containers/jug/dev.Dockerfile
@@ -1,4 +1,4 @@
-#syntax=docker/dockerfile:1.8
+#syntax=docker/dockerfile:1.10
 #check
 ARG DOCKER_REGISTRY="eicweb/"
 ARG BUILDER_IMAGE="debian_stable_base"
@@ -63,6 +63,10 @@ ARG TARGETPLATFORM
 RUN --mount=type=cache,target=/ccache,id=${TARGETPLATFORM}              \
     --mount=type=cache,target=/var/cache/spack                          \
     --mount=type=secret,id=mirrors,target=/opt/spack/etc/spack/mirrors.yaml \
+    --mount=type=secret,id=CI_REGISTRY_USER,env=CI_REGISTRY_USER        \
+    --mount=type=secret,id=CI_REGISTRY_PASSWORD,env=CI_REGISTRY_PASSWORD \
+    --mount=type=secret,id=GITHUB_REGISTRY_USER,env=GITHUB_REGISTRY_USER \
+    --mount=type=secret,id=GITHUB_REGISTRY_TOKEN,env=GITHUB_REGISTRY_TOKEN \
     <<EOF
 set -e
 export CCACHE_DIR=/ccache
@@ -104,6 +108,10 @@ ARG TARGETPLATFORM
 # Installation (default environment, from buildcache)
 RUN --mount=type=cache,target=/var/cache/spack                          \
     --mount=type=secret,id=mirrors,target=/opt/spack/etc/spack/mirrors.yaml \
+    --mount=type=secret,id=CI_REGISTRY_USER,env=CI_REGISTRY_USER        \
+    --mount=type=secret,id=CI_REGISTRY_PASSWORD,env=CI_REGISTRY_PASSWORD \
+    --mount=type=secret,id=GITHUB_REGISTRY_USER,env=GITHUB_REGISTRY_USER \
+    --mount=type=secret,id=GITHUB_REGISTRY_TOKEN,env=GITHUB_REGISTRY_TOKEN \
     <<EOF
 make --jobs ${jobs} --keep-going --directory /opt/spack-environment \
   SPACK_ENV=${SPACK_ENV} SPACK_INSTALL_FLAGS="--use-buildcache only"
@@ -181,6 +189,10 @@ ARG TARGETPLATFORM
 RUN --mount=type=cache,target=/ccache,id=${TARGETPLATFORM}              \
     --mount=type=cache,target=/var/cache/spack                          \
     --mount=type=secret,id=mirrors,target=/opt/spack/etc/spack/mirrors.yaml \
+    --mount=type=secret,id=CI_REGISTRY_USER,env=CI_REGISTRY_USER        \
+    --mount=type=secret,id=CI_REGISTRY_PASSWORD,env=CI_REGISTRY_PASSWORD \
+    --mount=type=secret,id=GITHUB_REGISTRY_USER,env=GITHUB_REGISTRY_USER \
+    --mount=type=secret,id=GITHUB_REGISTRY_TOKEN,env=GITHUB_REGISTRY_TOKEN \
     <<EOF
 set -e
 export CCACHE_DIR=/ccache
diff --git a/mirrors.yaml.in b/mirrors.yaml.in
index 6c0fdc5c7..8b6af3912 100644
--- a/mirrors.yaml.in
+++ b/mirrors.yaml.in
@@ -5,21 +5,21 @@ mirrors:
     signed: false
     fetch:
       access_pair:
-      - ${CI_REGISTRY_USER}
-      - ${CI_REGISTRY_PASSWORD}
+        id_variable: CI_REGISTRY_USER
+        secret_variable: CI_REGISTRY_PASSWORD
     push:
       access_pair:
-      - ${CI_REGISTRY_USER}
-      - ${CI_REGISTRY_PASSWORD}
+        id_variable: CI_REGISTRY_USER
+        secret_variable: CI_REGISTRY_PASSWORD
   ghcr:
     autopush: true
     url: oci://ghcr.io/eic/spack-${SPACK_VERSION}
     signed: false
     fetch:
       access_pair:
-      - ${GITHUB_REGISTRY_USER}
-      - ${GITHUB_REGISTRY_TOKEN}
+        id_variable: GITHUB_REGISTRY_USER
+        secret_variable: GITHUB_REGISTRY_TOKEN
     push:
       access_pair:
-      - ${GITHUB_REGISTRY_USER}
-      - ${GITHUB_REGISTRY_TOKEN}
+        id_variable: GITHUB_REGISTRY_USER
+        secret_variable: GITHUB_REGISTRY_TOKEN
-- 
GitLab