Deprecated Yarn Installation - GPG error #603
Description
Which release, branch or hash of Docker SDK are you using?
1.72.0 (latest)
Which operating system (platform/version/architecture) are you using?
gitlab ci (linux)
What is the issue that you're experiencing?
On Friday 23rd Januar our tests in pipeline suddenly started failing (using docker/sdk) and displayed the following error
GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging yarn@dan.cx
What are the steps to reproduce the issue?
Currently the issue can't be reproduced anymore (out gitlab pipeline works again without having changed anything) so I assume the yarn team has updated the gpg key
What is the expected result of these steps in the absence of the issue?
I'd expect the docker/sdk to be more stable and not fail because of an outdated gpg key
What is the actual result?
It's quite unstable and uses a deprecated way of installing yarn (via debian image) and uses the deprecated apt-key command
What possible solutions and/or workarounds for the issue do you see?
First of all I'd question if yarn is really needed? (removing it also fixed our pipeline without seeming to break anything)
Ideally this is just legacy code and can simply be removed https://github.com/spryker/docker-sdk/blob/master/images/common/cli/Dockerfile#L31
If still in use, I'd suggest to install it the recommended way, making it not fail because of a gpg key https://yarnpkg.com/getting-started/install
Is there any other information that might be helpful?
no