fix: use random workdir to allow parallel and prevent tainted runs

2022-08-31 18:55:27 +02:00 · 2022-08-31 18:55:27 +02:00 · 60e3a56d4c
commit 60e3a56d4c
parent 41db265f93
1 changed files with 4 additions and 4 deletions
--- a/8
+++ b/8
@ -23,16 +23,16 @@ aports_update: aports

 # Mounts release into /work of the builder container to build all
 build: packages distfiles aports_update work
-	mkdir -p /tmp/_alpine-work
+	WORKDIR=$$(mktemp -d) && \
 	podman run -ti --rm \
 		-v ${PWD}/distfiles:/var/cache/distfiles \
 		-v ${PWD}/packages:/home/alpine/packages \
-		-v /tmp/_alpine-work:/home/alpine/work \
+		-v $$WORKDIR:/home/alpine/work \
 		-v ${PWD}/$(RELEASE)/:/home/alpine/src:ro \
 		-v ${HOME}/.gitconfig/:/home/alpine/.gitconfig:ro \
 		-v ${HOME}/.abuild/:/home/alpine/.abuild:ro \
-		public.ecr.aws/zero-downtime/alpine-builder:${BUILDER} $(PKG)
-	doas rm -rf /tmp/_alpine-work
+		public.ecr.aws/zero-downtime/alpine-builder:${BUILDER} $(PKG) && \
+	doas rm -rf $$WORKDIR

 download:
 	aws s3 sync s3://zero-downtime-web/cdn/alpine/$(RELEASE)/kubezero/x86_64/ packages/work/x86_64/ --exclude APKINDEX.tar.gz