Previously we were tagging for all registries as we built
the images and then pushing all registries blindly.
Now if an image hasn't changed it wouldn't tag with the other
registry tags, and then the push would fail as the gcr/quay
tags didn't exist.
Rather than taking care to tag in the case where the image
hasn't changed, instead change the pushall script to
only assume that `bitnami/minideb` tags are correct, and
tag the other registries based on that one before pushing.
This ensures that the tags will always exist, and also makes
sure we are pushing the same image to each registry (excluding
race conditions.)
Tweak the tests so that they use default-mysql-server
on newer dists as it replaced the mysql-server package.
Also add explicit import of the buster signing key
as the Travis agent doesn't have it available.
Thanks to Filippo Giunchedi (@filippog) for the initial
work on this.
* Decode key value
The docker content trust repository key is base64-encoded, so let's decode it before dumping it to a file
* decode option is `-d` in Linux
We found this issue in the travis build:
```
refusing to load key from /tmp/tmp.7IS3P9lCpg/key: private key file /tmp/tmp.7IS3P9lCpg/key must not be readable or writable by others
```
Making the file readable by the running user should fix the proble
The code tries to avoid the contents to be printed in the output in case the shell tracing is enabled at some point, but that implementation also makes the `tmpdir` variable not to be accessible in that context.
If master builds successfully then push the results
to dockerhub.
We assume that the dockerhub username and password will
be in the environment. This will use travis env vars so
that the secrets aren't available to forks.
The on: branch: master means that other branches wouldn't
push to dockerhub.
Carlos Rodríguez Hernández