1f2f0260c1
OpenSSL 1.0.2 has reached its end-of-life and it will no longer recieve security fixes. So we're changing our tagging scheme.
51 lines
1.3 KiB
Bash
Executable file
51 lines
1.3 KiB
Bash
Executable file
#!/bin/bash
|
|
#
|
|
# This script is responsible for calling `docker build` on behalf of GitHub. But
|
|
# what it _really_ does is translate `DOCKER_TAG` into the builds args `TARGET`
|
|
# and `OPENSSL_VERSION`.
|
|
|
|
# Abort if anything goes wrong.
|
|
set -euo pipefail
|
|
|
|
# Default to using OpenSSL 1.1 now, because 1.0 has stopped receiving security
|
|
# updates. 1.1 is incompatible with the crates postgres 0.15 and openssl 0.9,
|
|
# so we do offer the option of falling back to 1.0.
|
|
OPENSSL_VERSION=1.1.1f
|
|
|
|
# Pick an appropriate Docker tag
|
|
case "$DOCKER_TAG" in
|
|
*-openssl11)
|
|
DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl11/}"
|
|
;;
|
|
*-openssl10)
|
|
DOCKER_TAG_WITHOUT_OPENSSL="${DOCKER_TAG/-openssl10/}"
|
|
OPENSSL_VERSION=1.0.2u
|
|
;;
|
|
*)
|
|
DOCKER_TAG_WITHOUT_OPENSSL="$DOCKER_TAG"
|
|
;;
|
|
esac
|
|
|
|
# Decide what Rust toolchain to use.
|
|
case "$DOCKER_TAG_WITHOUT_OPENSSL" in
|
|
# Always map the Docker tags `latest` and `experimental` to stable Rust.
|
|
latest)
|
|
TOOLCHAIN=stable
|
|
;;
|
|
# Strip `experimental-` from other `experimental-*` tags.
|
|
experimental-*)
|
|
TOOLCHAIN="${DOCKER_TAG_WITHOUT_OPENSSL/experimental-/}"
|
|
;;
|
|
# Pass all other tags through.
|
|
*)
|
|
TOOLCHAIN="$DOCKER_TAG_WITHOUT_OPENSSL"
|
|
;;
|
|
esac
|
|
|
|
# Run the build.
|
|
docker build \
|
|
--build-arg TOOLCHAIN="$TOOLCHAIN" \
|
|
--build-arg OPENSSL_VERSION="$OPENSSL_VERSION" \
|
|
-t "$IMAGE_NAME" \
|
|
.
|