From 60e3a56d4cfed2cb3d09289e56d4c41244b1a7a3 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Wed, 31 Aug 2022 18:55:27 +0200
Subject: [PATCH] fix: use random workdir to allow parallel and prevent tainted
 runs

---
 Makefile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Makefile b/Makefile
index 8312cb0..9435b15 100644
--- a/Makefile
+++ b/Makefile
@@ -23,16 +23,16 @@ aports_update: aports
 
 # Mounts release into /work of the builder container to build all
 build: packages distfiles aports_update work
-	mkdir -p /tmp/_alpine-work
+	WORKDIR=$$(mktemp -d) && \
 	podman run -ti --rm \
 		-v ${PWD}/distfiles:/var/cache/distfiles \
 		-v ${PWD}/packages:/home/alpine/packages \
-		-v /tmp/_alpine-work:/home/alpine/work \
+		-v $$WORKDIR:/home/alpine/work \
 		-v ${PWD}/$(RELEASE)/:/home/alpine/src:ro \
 		-v ${HOME}/.gitconfig/:/home/alpine/.gitconfig:ro \
 		-v ${HOME}/.abuild/:/home/alpine/.abuild:ro \
-		public.ecr.aws/zero-downtime/alpine-builder:${BUILDER} $(PKG)
-	doas rm -rf /tmp/_alpine-work
+		public.ecr.aws/zero-downtime/alpine-builder:${BUILDER} $(PKG) && \
+	doas rm -rf $$WORKDIR
 
 download:
 	aws s3 sync s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ packages/work/x86_64/ --exclude APKINDEX.tar.gz