Skip to content

Migrate to hardening_manifest.yaml

Ghost User requested to merge hardening_manifest into development

Please review the contents of the new hardening_manifest.yaml file.

The image_name, image_tag, image_parent_name, image_parent_tag, and container_owner fields in the greylist will no longer be used. The greylist will be updated in a future MR.

image_name and image_tag have been replaced with the new name and tags fields in hardening_manifest.yaml.

🎉 It is now possible for the pipeline to build different tags on each branch. This allows us to rebuild the master branch while you work on an update with a new tag in development or feature branches.

image_parent_name and image_parent_tag have been replaced by BASE_IMAGE and BASE_TAG in the args: section of hardening_manifest.yaml. You can also add custom args like MY_VERSION that referenced as ARG MY_VERSION in your Dockerfile.

Please review the following:

  • Tags
    • The most specific tag should be at the top of the tags list. For example, v1.2.3 comes before v1.2.
    • The first tag will be shown on https://ironbank.dsop.io
    • Additional tags may be added if desired and will be published to https://registry1.dsop.io
  • Labels
    • org.opencontainers.image.title: Required. Human-readable title of the image
    • org.opencontainers.image.description: Required. Human-readable description of the software packaged in the image
    • org.opencontainers.image.licenses: Required. License(s) under which contained software is distributed. Please use the SPDX identfier if using a standard open source license.
    • org.opencontainers.image.url: URL to find more information on the image
    • org.opencontainers.image.vendor: Required. Name of the distributing entity, organization or individual
    • org.opencontainers.image.version: Required. Human readable version of the image. This is typically identical to the first tag.
    • mil.dso.ironbank.image.keywords: Keywords to help with search (ex. "cicd,gitops,golang")
    • mil.dso.ironbank.image.type: This value can be "opensource" or "commercial"
    • mil.dso.ironbank.product.name: Product the image belongs to for grouping multiple images. If you have multiple images that you would like grouped together on https://ironbank.dsop.io, use the same product name on them all.
  • Maintainers
    • Please add any additional external vendor contacts or CHT internal members to this list if they maintain this container.
    • Add any Iron Bank team members who maintain this container with cht_member: true set
    • The current container_owner has already been added to the maintainers: section of hardening_manifest.yaml.
    • Can include POCs in technical and/or support roles. For containers which require licenses or subscriptions, it is encouraged to include a point of contact who can provide assistance in this regard, in addition to a technical POC.

The pipeline will not run successfully for this MR until all of the required fields are added.

Merge request reports