diff options
| author | Albin <albin@mullvad.net> | 2022-12-01 15:50:55 +0100 |
|---|---|---|
| committer | Albin <albin@mullvad.net> | 2022-12-01 15:58:46 +0100 |
| commit | e2fb90a7b99cb4c39cc29a0a2ac9e3c0988a6fce (patch) | |
| tree | ff31694d9818cbdd78dfdae6f410d4265860621b | |
| parent | 32738ecae0f4cc2683698ecaf551583d8aef189d (diff) | |
| download | mullvadvpn-e2fb90a7b99cb4c39cc29a0a2ac9e3c0988a6fce.tar.xz mullvadvpn-e2fb90a7b99cb4c39cc29a0a2ac9e3c0988a6fce.zip | |
Allow overriding env vars in image build script
| -rw-r--r-- | building/README.md | 23 | ||||
| -rwxr-xr-x | building/build-and-publish.sh | 6 |
2 files changed, 25 insertions, 4 deletions
diff --git a/building/README.md b/building/README.md index c85776d368..3b6876e2d9 100644 --- a/building/README.md +++ b/building/README.md @@ -2,7 +2,7 @@ Substitute `${repo}` with the actual absolute path to this repository -## Building and publishing a container image +## Building and publishing a production container image These instructions describe how to set up the trusted machine that builds, signs and publishes the container images to ghcr.io. @@ -31,6 +31,27 @@ git checkout -b update-build-container git push # And create a PR ``` +## Building and publishing a development image container image + +These instructions describe how to set up a development machine to build, sign and publish container +images. The purpose of this is mainly to verify the `build-and-publish.sh` script as well as the +built images. + +Set the following environment variables to override the default values: +- `REGISTRY_HOST` +- `REGISTRY_ORG` +- `CONTAINER_SIGNING_KEY_FINGERPRINT` + +Configure podman to store signatures when building and pushing images (substitute `${testorg}`). `~/.config/containers/registries.d/$testorg.yaml`: + +```yml +docker: + ghcr.io/$testorg: + sigstore-staging: file://${repo}/building/sigstore +``` + +In order to verify the signature of the development images, you'll also need to follow the [pull and +verification steps](#pulling-verifying-and-using-build-images) with some slight adjustments. ## Pulling, verifying and using build images diff --git a/building/build-and-publish.sh b/building/build-and-publish.sh index 5d56e9c4c2..d1d2dc275c 100755 --- a/building/build-and-publish.sh +++ b/building/build-and-publish.sh @@ -6,9 +6,9 @@ set -eu -CONTAINER_SIGNING_KEY_FINGERPRINT=1E551687D67F5FD820BEF2C4D7C17F87A0D3D215 -REGISTRY_HOST="ghcr.io" -REGISTRY_ORG="mullvad" +CONTAINER_SIGNING_KEY_FINGERPRINT=${CONTAINER_SIGNING_KEY_FINGERPRINT:-"1E551687D67F5FD820BEF2C4D7C17F87A0D3D215"} +REGISTRY_HOST=${REGISTRY_HOST:-"ghcr.io"} +REGISTRY_ORG=${REGISTRY_ORG:-"mullvad"} SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" REPO_DIR="$( cd "$SCRIPT_DIR/.." && pwd )" |