Revert "Use --password-stdin for upload-container-image"

This reverts commit 345c839db6. This is simpler, and we don't have to worry about the tempfile write accidentally exposing secrets. This is similar to the way we log in in the promote job. Change-Id: I2a0f34e0ea3abe88fe9f26d12298baf68f1a6b2d
2023-03-20 20:04:21 -07:00 · 2023-03-20 20:04:21 -07:00 · cc0c655e5f
commit cc0c655e5f
parent 0c3b87f20e
1 changed files with 2 additions and 18 deletions
--- a/roles/upload-container-image/tasks/push.yaml
+++ b/roles/upload-container-image/tasks/push.yaml
@ -1,22 +1,6 @@
- name: Create tempfile for password
-  tempfile:
-    state: file
-  register: _password_tmp
-
- name: Populate tempfile
-  copy:
-    content: "{{ container_registry_credentials[zj_image.registry].password }}"
-    dest: "{{ _password_tmp.path }}"
-    mode: 0600
-
 - name: Log in to registry
-  block:
-    - name: Log in to registry
-      shell: "cat {{ _password_tmp.path }} | {{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} --password-stdin {{ zj_image.registry }}"
-
-  always:
-    - name: Remove password from disk
-      command: "shred {{ _password_tmp.path }}"
+  command: "{{ container_command }} login -u {{ container_registry_credentials[zj_image.registry].username }} -p {{ container_registry_credentials[zj_image.registry].password }} {{ zj_image.registry }}"
+  no_log: true

 - name: Publish images
  block: