From 556434d9ebfc5636af09beb4d820a70975747c0e Mon Sep 17 00:00:00 2001 From: tommyd450 Date: Thu, 9 Nov 2023 14:36:14 +0000 Subject: [PATCH 1/2] :open_file_folder: update Red Hat specific files --- Dockerfile | 6 +++--- redhat/overlays/Dockerfile | 30 ++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 3 deletions(-) create mode 100644 redhat/overlays/Dockerfile diff --git a/Dockerfile b/Dockerfile index c937a930af4..e0fc7f004ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,10 +5,10 @@ WORKDIR /cosign COPY . . USER root RUN git config --global --add safe.directory /cosign -RUN GOFLAGS="" make cosign +RUN make cosign # Install Cosign -FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:0dfa71a7ec2caf445e7ac6b7422ae67f3518960bd6dbf62a7b77fa7a6cfc02b1 +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:b40f52aa68b29634ff45429ee804afbaa61b33de29ae775568933c71610f07a4 LABEL description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." LABEL io.k8s.description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." @@ -27,4 +27,4 @@ RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME} WORKDIR ${HOME} # Makes sure the container stays running -CMD ["tail", "-f", "/dev/null"] +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file diff --git a/redhat/overlays/Dockerfile b/redhat/overlays/Dockerfile new file mode 100644 index 00000000000..e0fc7f004ae --- /dev/null +++ b/redhat/overlays/Dockerfile @@ -0,0 +1,30 @@ +# Build stage +FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder AS build-env + +WORKDIR /cosign +COPY . . +USER root +RUN git config --global --add safe.directory /cosign +RUN make cosign + +# Install Cosign +FROM registry.access.redhat.com/ubi9/ubi-minimal@sha256:b40f52aa68b29634ff45429ee804afbaa61b33de29ae775568933c71610f07a4 + +LABEL description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." +LABEL io.k8s.description="Cosign is a container signing tool that leverages simple, secure, and auditable signatures based on simple primitives and best practices." +LABEL io.k8s.display-name="Cosign container image for Red Hat Trusted Signer" +LABEL io.openshift.tags="cosign trusted-signer" +LABEL summary="Provides the cosign CLI binary for signing and verifying container images." +LABEL com.redhat.component="cosign" + +COPY --from=build-env /cosign/cosign /usr/local/bin/cosign +RUN chown root:0 /usr/local/bin/cosign && chmod g+wx /usr/local/bin/cosign + +#Configure home directory +ENV HOME=/home +RUN chgrp -R 0 /${HOME} && chmod -R g=u /${HOME} + +WORKDIR ${HOME} + +# Makes sure the container stays running +CMD ["tail", "-f", "/dev/null"] \ No newline at end of file From 96b9300f2b8f677a66afc9b9828f1273296775b9 Mon Sep 17 00:00:00 2001 From: tommyd450 Date: Thu, 9 Nov 2023 14:36:14 +0000 Subject: [PATCH 2/2] :robot: triggering CI on branch 'redhat-v2.2.0' after synching from upstream/v2.2.0 --- ci | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ci b/ci index 82594f063ed..b4776f1039f 100644 --- a/ci +++ b/ci @@ -1 +1 @@ -Thu Oct 12 16:59:24 EDT 2023 +Thu 9 Nov 14:36:14 GMT 2023