How to copy file to container

We have some GitHub Actions to check radare2 builds and testing it in very old distributions. Due to the SSL/TLS deprecations it’s impossible to download anything from “https://” or “git@” by using programs provided by distributions. Thus, I need to copy the statically build curl to the Docker container for downloading the git HEAD and newer Python.
This is what we have currently:

jobs:
  build:
    name: debian-oldies-build
    strategy:
        matrix:
            container:
                - debian:wheezy
                - debian:jessie

    runs-on: ubuntu-latest
    container: ${{ matrix.container }}

    steps:
    - name: Fix containers (Wheezy)
      if: matrix.container == 'debian:wheezy'
      run: |
          sed -i '/deb http:\/\/deb.debian.org\/debian wheezy-updates main/d' /etc/apt/sources.list
          echo "deb http://archive.debian.org/debian wheezy main" > /etc/apt/sources.list
          echo "deb http://archive.debian.org/debian-security wheezy/updates main" >> /etc/apt/sources.list
          echo "Acquire::Check-Valid-Until no;" > /etc/apt/apt.conf.d/99no-check-valid-until
    - name: Install tools
      run: apt-get update && apt-get install --yes patch unzip git gcc make curl pkg-config libc6-i386 build-essential
    - name: Install Python source build dependcies
      run: apt-get install --yes checkinstall libbz2-dev libc6-dev libgdbm-dev libncursesw5-dev libreadline-gplv2-dev libssl-dev libsqlite3-dev tk-dev
    - name: Install Python from source
      run: |
        curl -o Python-3.6.9.tgz https://www.python.org/ftp/python/3.6.9/Python-3.6.9.tgz
        tar -zxvf Python-3.6.9.tgz
        cd Python-3.6.9/
        ./configure
        make install
    - name: Checkout r2
      run: |
        git clone https://github.com/${{ github.repository }}
        cd radare2
        git fetch origin ${{ github.ref }}
        git checkout -b local_branch FETCH_HEAD
    - name: Checkout our Testsuite Binaries
      run: git clone https://github.com/radareorg/radare2-testbins test/bins
    - name: Configure with ACR and build
      run: ./configure --prefix=/usr && make
      working-directory: radare2

In order to support Squeeze, Lenny, Etch we have to copy statically built curl into the container before any network operations. See, for example, my docker files for Debian Squeeze, Debian Lenny, and Debian Etch.

Is such a copy of curl, preferably from outside of the repository can be done in GitHub YAML? I can’t download the curl from that GitHub repository inside the container for the same reason.

That’s not possible with the container parameter for the job as far as I know, because with it all steps in the job run inside that container. Two workarounds I can think of:

  1. Run the job without container, instead turn what’s currently the job into a shell script. Then you can download the statically linked curl, build a container with a Dockerfile like the following, and run it:
FROM debian:wheezy
COPY static-curl /usr/bin/curl
COPY test-script.bash /
ENTRYPOINT ["/bin/bash", "/test-script.bash"]
  1. Build a container image that includes the static curl (and other dependencies, probably), and upload it to a public container registry. Then you can use that image with container:

I’d prefer the first option because it works without relying on an additional registry.

got it. Thanks for the good advice! I appreciate it.

1 Like