1.9 KiB
1.9 KiB
Tiara's OCI Images
Tiara's workflow for actively managing OCI (Docker) image ownership - factory for building, publishing and archiving OCI images with a verifiable chain of trust
Usage (Producing)
Usage (Producing)
Configure environment
$> sh ./configure
Build Images
make <group>-<program><programversion>-<platform>
make all-<group>-<program>-<platform>
make all-<group>-<platform>
make <group>-<platform>
make all-<platform>
$> make build-python39-ubuntu
$> make _all-build-python-ubuntu
$> make _all-build-ubuntu
$> make build-ubuntu
$> make _all-ubuntu
Archive Images
Generate a GZip-compressed tarball archive of an image under
dist/.
$> make build-python39-ubuntu ARCHIVE=1
Output path can be adjusted via $ARCHIVE_DIST_PATH.
$> make build-python39-ubuntu ARCHIVE=1 ARCHIVE_DIST_PATH=dist2
Sign compressed archived, requires GPG_SIGNER_FINGERPRINT
$> make build-python39-ubuntu ARCHIVE=1 SIGN_ARCHIVE=1
Publish Images
Push image to a Docker registry.
Login to Docker registry, prior to executing.
$> make build-python39-ubuntu PUBLISH=1
By default, will publish to docker.io/byteb4rb1e. Can be modified through
DOCKER_REGISTRY and DOCKER_REPO_SLUG.
$> make _all-ubuntu \
PUBLISH=1 \
DOCKER_REGISTRY=contoso.com \
DOCKER_REPO_SLUG=not-byteb4rb1e
Scan Images
Scan image with AquaSecurity Trivy Scanner for vulnerabilities and publish
reports under test-reports/.
$> make _all-ubuntu SCAN=1
Sign scan
$> make _all-ubuntu SCAN=1 SIGN_SCAN=1
Mix & Match
Define specific sequences of what to make.
$> make build-node23-ubuntu build-python313-ubuntu SCAN=1 ARCHIVE=1 PUBLISH=1
Parallelize
Run independent image builds and other jobs in parallel.
make _all-ubuntu -j8