oci-images/README.md

# Tiara's OCI Images

Tiara's workflow for actively managing OCI (Docker) image ownership - factory
for building, publishing and archiving OCI images with a verifiable chain of
trust

# Usage (Producing)

* [Docker Hub](https://hub.docker.com/repositories/byteb4rb1e)
* [Downloads](https://bitbucket.org/byteb4rb1e/oci-images/downloads/)

# Usage (Producing)

## Configure environment

```
$> sh ./configure
```

## Build Images

```
make <group>-<program><programversion>-<platform>
make all-<group>-<program>-<platform>
make all-<group>-<platform>
make <group>-<platform>
make all-<platform>
```

```
$> make build-python39-ubuntu
$> make _all-build-python-ubuntu
$> make _all-build-ubuntu
$> make build-ubuntu
$> make _all-ubuntu
```

## Archive Images

Generate a GZip-compressed tarball archive of an image under
`dist/`.

```
$> make build-python39-ubuntu ARCHIVE=1
```

Output path can be adjusted via `$ARCHIVE_DIST_PATH`.

```
$> make build-python39-ubuntu ARCHIVE=1 ARCHIVE_DIST_PATH=dist2
```

Sign compressed archived, requires `GPG_SIGNER_FINGERPRINT`

```
$> make build-python39-ubuntu ARCHIVE=1 SIGN_ARCHIVE=1
```


## Publish Images

Push image to a Docker registry. 

> Login to Docker registry, prior to executing.

```
$> make build-python39-ubuntu PUBLISH=1
```

By default, will publish to `docker.io/byteb4rb1e`. Can be modified through
`DOCKER_REGISTRY` and `DOCKER_REPO_SLUG`.

```
$> make _all-ubuntu \
    PUBLISH=1 \
    DOCKER_REGISTRY=contoso.com \
    DOCKER_REPO_SLUG=not-byteb4rb1e
```

## Scan Images

Scan image with AquaSecurity Trivy Scanner for vulnerabilities and publish
reports under `test-reports/`.

```
$> make _all-ubuntu SCAN=1 
```

Sign scan

```
$> make _all-ubuntu SCAN=1 SIGN_SCAN=1
```

## Mix & Match

Define specific sequences of what to make.

```
$> make build-node23-ubuntu build-python313-ubuntu SCAN=1 ARCHIVE=1 PUBLISH=1
```

## Parallelize

Run independent image builds and other jobs in parallel.

```
make _all-ubuntu -j8
```