ci-automation/release: Set up rclone config for mapping into container

The wrong variable was used to set up the mapping of the rclone config
into the rclone container and it wasn't set up in the right function.
Move it into the right function and use the right variable name but also
don't rely on /proc/PID/fd/FD to be mappable into the container but
instead use a regular temp file.

Signed-off-by: Kai Lueke <kailuke@microsoft.com>

ci-automation/release.sh

@@ -91,8 +91,6 @@ function _inside_mantle() {
     secret_to_file gcp_json_key_path "${GCP_JSON_KEY}"
     google_release_credentials_file=""
     secret_to_file google_release_credentials_file "${GOOGLE_RELEASE_CREDENTIALS}"
-    rclone_configuration_file=""
-    secret_to_file rclone_configuration_file "${RCLONE_CONFIGURATION_FILE}"
 
     for platform in aws azure; do
       for arch in amd64 arm64; do
@@ -164,13 +162,21 @@ function copy_from_bincache_to_bucket() {
     local arch="${2}"
     local version="${3}"
 
+    rclone_configuration_file="$(mktemp)"
+    chmod 600 "${rclone_configuration_file}"
+
+    (
+    trap "rm -f ${rclone_configuration_file}" EXIT
+    echo "${RCLONE_CONFIGURATION_FILE}" | base64 --decode > "${rclone_configuration_file}"
+
     echo "Copying the images from bincache to CloudFlare bucket"
     docker run --rm \
-      -v "${RCLONE_CONFIGURATION_FILE}:/opt/rclone.conf:ro" \
+      -v "${rclone_configuration_file}:/opt/rclone.conf:ro" \
       docker.io/rclone/rclone:1.71.1 \
         --config "/opt/rclone.conf" \
         sync \
         --http-url "https://${BUILDCACHE_SERVER}/images/${arch}/${version}" :http: "r2:flatcar/${channel}/${arch}-usr/${version}"
+    )
     # Note: There is no "current" symlink and when switching the release to current we
     # could at a later stage (when the update payloads are selected in Nebraska) either
     # use folder copies where we delete the old "current" folder first, or we could