Fix docker image upload (#63)

* Fix docker image upload

The previous way of uploading images to dockerhub exposed our password.
Prevent this from happening by using a separate script instead of calling
skopeo directly.

Co-authored-by: Zhenya Vinogradov <zhenyavinogradov@gmail.com>

.buildkite/pipeline.yml

@@ -25,12 +25,12 @@ steps:
     branches: master
   - command:
       - nix-build docker
-      - nix run -f ci.nix pkgs.skopeo -c skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:latest"
+      - nix run -f ci.nix pkgs.skopeo -c ./scripts/upload-docker-image.sh "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:latest"
     label: Push to dockerhub
     branches: master
   - command:
       - nix-build docker
-      - nix run -f ci.nix pkgs.skopeo -c skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:${BUILDKITE_BRANCH}"
+      - nix run -f ci.nix pkgs.skopeo -c ./scripts/upload-docker-image.sh "docker-archive:$(readlink result)" "docker://docker.io/serokell/xrefcheck:${BUILDKITE_BRANCH}"
     label: Push release to dockerhub
     if: |
       build.branch =~ /^v[0-9]+.*/

scripts/upload-docker-image.sh

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+# SPDX-FileCopyrightText: 2021 Serokell <https://serokell.io>
+#
+# SPDX-License-Identifier: MPL-2.0
+
+skopeo --insecure-policy copy --dest-creds "serokell:${DOCKERHUB_PASSWORD}" "$1" "$2"