diff options
| -rw-r--r-- | building/README.md | 20 | ||||
| -rwxr-xr-x | building/build-and-publish-container-image.sh (renamed from building/build-and-publish.sh) | 11 |
2 files changed, 15 insertions, 16 deletions
diff --git a/building/README.md b/building/README.md index 3b6876e2d9..44efb65199 100644 --- a/building/README.md +++ b/building/README.md @@ -22,20 +22,24 @@ docker: sigstore-staging: file://${repo}/building/sigstore ``` -Build and publish the container image. Tag it with the github hash of the current commit +Build and publish the container image. Tag it with the github hash of the current commit. +This also adds the container GPG signatures to the sigstore and commits that to git. +The single sigstore addition (signed) commit can be pushed directly to the main branch without PR. ``` -git checkout -b update-build-container - -./build-and-publish.sh (linux|android) - -git push # And create a PR +./build-and-publish-container-image.sh (linux|android) +git push # Pushes the new sigstore entry ``` +When satisfied with how the new image works, the `building/{linux,android}-container-image.txt` +files can be updated to point to the new image. The tag name of the new image is in the +commit message for the signed commit where the build server added the sigstore files. +This update is usually done in a separate PR by a developer + ## Building and publishing a development image container image These instructions describe how to set up a development machine to build, sign and publish container -images. The purpose of this is mainly to verify the `build-and-publish.sh` script as well as the -built images. +images. The purpose of this is mainly to verify the `build-and-publish-container-image.sh` +script as well as the built images. Set the following environment variables to override the default values: - `REGISTRY_HOST` diff --git a/building/build-and-publish.sh b/building/build-and-publish-container-image.sh index d1d2dc275c..7220d71f30 100755 --- a/building/build-and-publish.sh +++ b/building/build-and-publish-container-image.sh @@ -23,13 +23,11 @@ case ${1-:""} in container_name="mullvadvpn-app-build" containerfile_path="$SCRIPT_DIR/Dockerfile" container_context_dir="$REPO_DIR" - container_image_name_file_path="$SCRIPT_DIR/linux-container-image.txt" ;; android) container_name="mullvadvpn-app-build-android" containerfile_path="$REPO_DIR/android/docker/Dockerfile" container_context_dir="$REPO_DIR/android/docker/" - container_image_name_file_path="$SCRIPT_DIR/android-container-image.txt" ;; *) log_error "Invalid platform. Specify 'linux' or 'android' as first argument" @@ -80,12 +78,9 @@ fi cp "$tmp_signature_dir/signature-2" "$signature_dir/" -log_info "Storing container image name to $container_image_name_file_path" -echo "$full_container_name:$tag" > "$container_image_name_file_path" - -log_header "Commiting signatures and new container image name to git" -git add "$container_image_name_file_path" "$signature_dir" -GPG_TTY=$(tty) git commit -S -m "Updating build container for $1 to $tag" +log_header "Commiting container sigstore signatures" +git add "$signature_dir" +GPG_TTY=$(tty) git commit -S -m "Add container signature for $container_name:$tag" log_success "***********************" log_success "" |