Comments (6)
FooBarWidget
commented on May 30, 2024
We've received some requests but I haven't given it a lot of attention so far because our current build process works, and because the inability to delete trusted builds makes me a bit wary of playing with them to see how they work.
The biggest issue I have right now with trusted builds is whether they can support our strict versioning and tagging policy. Each release has its own version and tag. "latest" always refers to the latest version. We discourage people from using ":latest" though. Can trusted builds handle our versioning/tagging policy?
from baseimage-docker.
gissehel
commented on May 30, 2024
Disclaimer: I'm not that much used to create trusted builds repo, as I just started to play with them recently.
If you can't delete builds, you can delete repositories (even for trusted builds), So I think it's ok to have a sandbox repository to test that.
Creating a trusted build from phusion/baseimage-docker doesn't require to change anything in the files: just to create the docker trusted build repo by provinding few informations:
- branch name
- github repo
- tag (default: latest)
- Dockerfile location inside github repo
- whether or not a commit on github build automatically a new docker index trusted build.
But indeed, I didn't find an official way to tag each build with a new version. There is a way to trigger a build by posting on a specific url using a simple token as authentication, but it doesn't seems that url accept a tag name (while this would be the best way to provide it I suppose).
There would be a way to do it from script, because you can update the "global tag" used for your repo on a page, so you could change the tag name with a curl call, and then trigger manually a build with another curl call. putting thoses curl calls in the Make would make it work somehow, but you would be requested credentials anyway in order to login on the index web site anyway.
So it's possible in a way, but not elegant.
from baseimage-docker.
FooBarWidget
commented on May 30, 2024
If I have to jump through those hoops, it makes me wonder what the added value of trusted builds is. In theory, people would have the guarantee that we didn't add anything to the images that aren't in the public sources, but that just means the trust is simply shifted from us to Docker inc. What prevents them from adding something to the images that we didn't authorize? You can argue that their name is at stake, but so is ours. People are already trusting that our sources don't contain malware.
from baseimage-docker.
homme
commented on May 30, 2024
Can trusted builds handle our versioning/tagging policy?
As an update to this conversation, the Docker Registry has recently implemented the ability to link trusted builds to either particular github branches or tags. This means no hoops to jump through: just point the registry to your branch/tag and automatically have it rebuild the image when you update the repository code.
from baseimage-docker.
angelrr7702
commented on May 30, 2024
Hi , I done writing a trusted builds for the this baseimage
https://registry.hub.docker.com/u/angelrr7702/docker-baseimage/
https://github.com/QuantumObject/docker-baseimage
At the moment I remove ssh and vim at it ... I keep a copy of the original license of phusion/baseimage/ and for documentation I make reference to the original:
https://github.com/phusion/baseimage-docker
from baseimage-docker.
Theaxiom
commented on May 30, 2024
Trusted builds have been replaced with automated builds: https://docs.docker.com/docker-hub/builds/#add-and-run-a-new-build
from baseimage-docker.
Related Issues (20)
- You should probably simply the docs to show the memcached example very early on HOT 3
- We now have a Discord server!
- Changelog for `focal-1.1.0` HOT 3
- hi. rocky8 or centos8 not support? HOT 3
- Change container builder from Docker to Buildah/Podman HOT 5
- There is a missing tag for focal-1.1.0 HOT 5
- pull error HOT 3
- Is the version of 0.10.2 alreadly outdated..? HOT 2
- apt does not work HOT 7
- syslog-ng warning HOT 2
- User inside the container HOT 9
- Timezone change HOT 2
- The docker pull command on the hub.docker.com page doesn't work HOT 1
- Security vulnerabilities HOT 6
- Docker Hub and Free Team Organisations HOT 1
- Base on Ubuntu 22.04 LTS? HOT 1
- Where did the MASTER tag go?
- package architecture (amd64) does not match system (arm64) on Macbook M2 HOT 1
- how to enable sshd in baseimage? HOT 2
- Status of jammy-1.0.2 build HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from baseimage-docker.