compliance-trestle icon indicating copy to clipboard operation
compliance-trestle copied to clipboard

Published 20 hours ago verified publisher icon oscal-compass

Automate container build for trestle

Open enikonovad opened this issue 3 years ago • 3 comments

Issue description / feature objectives

Currently Trestle ~~docker~~ oci image is manually build after each release, however ideally it should be a part of the release pipeline. As of now Trestle image is only used by us in CI/CD pipeline, however it should be exposed to the public users as well.

Caveats / Assumptions

A proper account to keep Trestle ~~docker~~ container images needs to be set.

Completion Criteria

An updated docker image is tagged and pushed to ~~DockerHub~~ quay.io

@butler54 additional notes

Based on set of discussions with @jpower432 we think there are a few objectives here

  1. Understand the base image requirements for current containerized users of trestle (e.g. is the python UBI container + trestle a good baseline)

  2. For the container images this can become an anchor for dependency analysis and signing - especially as python cannot easily be signed

  3. Build a CLI wrapping script. OCI images are typically treated as 'one' dependency. Making it easier to ship into air gapped environments.

enikonovad avatar Jan 06 '22 23:01 enikonovad