chore(dogfood): add fish and helix ppa packages to dogfood (#12568)

aslilac · web-flow · commit 301c60d8243f · 2024-03-12T13:58:40.000-06:00
diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
@@ -96,73 +96,74 @@ COPY files /
 ARG DEBIAN_FRONTEND="noninteractive"
 
 RUN apt-get update --quiet && apt-get install --yes \
+	ansible \
 	apt-transport-https \
 	apt-utils \
+	asciinema \
 	bash \
 	bash-completion \
 	bats \
 	bind9-dnsutils \
 	build-essential \
 	ca-certificates \
+	cargo \
 	cmake \
+	containerd.io \
 	crypto-policies \
 	curl \
+	docker-ce \
+	docker-ce-cli \
+	docker-compose-plugin \
 	fd-find \
 	file \
+	fish \
+	gettext-base \
 	git \
 	gnupg \
+	google-cloud-sdk \
+	google-cloud-sdk-datastore-emulator \
 	graphviz \
+	helix \
 	htop \
 	httpie \
 	inetutils-tools \
 	iproute2 \
 	iputils-ping \
 	iputils-tracepath \
 	jq \
+	kubectl \
 	language-pack-en \
 	less \
+	libssl-dev \
 	lsb-release \
 	man \
 	meld \
+	ncdu \
+	neovim \
 	net-tools \
 	openjdk-11-jdk-headless \
 	openssh-server \
 	openssl \
-	libssl-dev \
+	packer \
 	pkg-config \
+	postgresql-13 \
 	python3 \
 	python3-pip \
 	rsync \
+	screen \
 	shellcheck \
 	strace \
 	sudo \
 	tcptraceroute \
 	termshark \
 	traceroute \
+	unzip \
 	vim \
 	wget \
 	xauth \
 	zip \
-	ncdu \
-	cargo \
-	asciinema \
 	zsh \
-	ansible \
-	neovim \
-	google-cloud-sdk \
-	google-cloud-sdk-datastore-emulator \
-	kubectl \
-	postgresql-13 \
-	containerd.io \
-	docker-ce \
-	docker-ce-cli \
-	docker-compose-plugin \
-	packer \
-	fish \
-	unzip \
-	zstd \
-	screen \
-	gettext-base && \
+	zstd && \
 	# Delete package cache to avoid consuming space in layer
 	apt-get clean && \
 	# Configure FIPS-compliant policies
diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa
@@ -8,6 +8,21 @@ Package: ansible-base
 Pin: origin ppa.launchpad.net
 Pin-Priority: 500
 
+# Fish
+Package: fish
+Pin: origin ppa.launchpad.net
+Pin-Priority: 500
+
+# Git
+Package: git
+Pin: origin ppa.launchpad.net
+Pin-Priority: 500
+
+# Helix
+Package: helix
+Pin: origin ppa.launchpad.net
+Pin-Priority: 500
+
 # Neovim
 Package: neovim
 Pin: origin ppa.launchpad.net
@@ -17,8 +32,3 @@ Pin-Priority: 500
 Package: neovim-runtime
 Pin: origin ppa.launchpad.net
 Pin-Priority: 500
-
-# Git
-Package: git
-Pin: origin ppa.launchpad.net
-Pin-Priority: 500
diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list
@@ -1,3 +1,9 @@
 deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu jammy main
-deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main
+
+deb [signed-by=/usr/share/keyrings/fish-shell.gpg] https://ppa.launchpadcontent.net/fish-shell/release-3/ubuntu/ jammy main
+
 deb [signed-by=/usr/share/keyrings/git-core.gpg] https://ppa.launchpadcontent.net/git-core/ppa/ubuntu jammy main
+
+deb [signed-by=/usr/share/keyrings/helix.gpg] https://ppa.launchpadcontent.net/maveonair/helix-editor/ubuntu/ jammy main
+
+deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu jammy main
diff --git a/dogfood/files/usr/share/keyrings/fish-shell.gpg b/dogfood/files/usr/share/keyrings/fish-shell.gpg
diff --git a/dogfood/files/usr/share/keyrings/helix.gpg b/dogfood/files/usr/share/keyrings/helix.gpg
diff --git a/dogfood/update-keys.sh b/dogfood/update-keys.sh
@@ -16,51 +16,61 @@ gpg_flags=(
 )
 
 pushd "$PROJECT_ROOT/dogfood/files/usr/share/keyrings"
+
+# Ansible PPA signing key
+curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" |
+	gpg "${gpg_flags[@]}" --output="ansible.gpg"
+
 # Upstream Docker signing key
 curl "${curl_flags[@]}" "https://download.docker.com/linux/ubuntu/gpg" |
 	gpg "${gpg_flags[@]}" --output="docker.gpg"
 
-# Google Cloud signing key
-curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" |
-	gpg "${gpg_flags[@]}" --output="google-cloud.gpg"
+# Fish signing key
+curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x59fda1ce1b84b3fad89366c027557f056dc33ca5" |
+	gpg "${gpg_flags[@]}" --output="fish-shell.gpg"
+
+# Git-Core signing key
+curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" |
+	gpg "${gpg_flags[@]}" --output="git-core.gpg"
+
+# GitHub CLI signing key
+curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" |
+	gpg "${gpg_flags[@]}" --output="github-cli.gpg"
 
 # Google Linux Software repository signing key (Chrome)
 curl "${curl_flags[@]}" "https://dl.google.com/linux/linux_signing_key.pub" |
 	gpg "${gpg_flags[@]}" --output="google-chrome.gpg"
 
+# Google Cloud signing key
+curl "${curl_flags[@]}" "https://packages.cloud.google.com/apt/doc/apt-key.gpg" |
+	gpg "${gpg_flags[@]}" --output="google-cloud.gpg"
+
+# Hashicorp signing key
+curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" |
+	gpg "${gpg_flags[@]}" --output="hashicorp.gpg"
+
+# Helix signing key
+curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x27642b9fd7f1a161fc2524e3355a4fa515d7c855" |
+	gpg "${gpg_flags[@]}" --output="helix.gpg"
+
 # Microsoft repository signing key (Edge)
 curl "${curl_flags[@]}" "https://packages.microsoft.com/keys/microsoft.asc" |
 	gpg "${gpg_flags[@]}" --output="microsoft.gpg"
 
-# Upstream PostgreSQL signing key
-curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" |
-	gpg "${gpg_flags[@]}" --output="postgresql.gpg"
+# Neovim signing key
+curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" |
+	gpg "${gpg_flags[@]}" --output="neovim.gpg"
 
 # NodeSource signing key
 curl "${curl_flags[@]}" "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" |
 	gpg "${gpg_flags[@]}" --output="nodesource.gpg"
 
+# Upstream PostgreSQL signing key
+curl "${curl_flags[@]}" "https://www.postgresql.org/media/keys/ACCC4CF8.asc" |
+	gpg "${gpg_flags[@]}" --output="postgresql.gpg"
+
 # Yarnpkg signing key
 curl "${curl_flags[@]}" "https://dl.yarnpkg.com/debian/pubkey.gpg" |
 	gpg "${gpg_flags[@]}" --output="yarnpkg.gpg"
 
-# Ansible PPA signing key
-curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x6125e2a8c77f2818fb7bd15b93c4a3fd7bb9c367" |
-	gpg "${gpg_flags[@]}" --output="ansible.gpg"
-
-# Neovim signing key
-curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x9dbb0be9366964f134855e2255f96fcf8231b6dd" |
-	gpg "${gpg_flags[@]}" --output="neovim.gpg"
-
-# Hashicorp signing key
-curl "${curl_flags[@]}" "https://apt.releases.hashicorp.com/gpg" |
-	gpg "${gpg_flags[@]}" --output="hashicorp.gpg"
-
-# GitHub CLI signing key
-curl "${curl_flags[@]}" "https://cli.github.com/packages/githubcli-archive-keyring.gpg" |
-	gpg "${gpg_flags[@]}" --output="github-cli.gpg"
-
-# Git-Core signing key
-curl "${curl_flags[@]}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xE1DD270288B4E6030699E45FA1715D88E1DF1F24" |
-	gpg "${gpg_flags[@]}" --output="git-core.gpg"
 popd
