support other alternative registry and public key
-
Pipeline may use base images from registry1.dso.mil, or an alternative source registry. I.e. Mario base image on a Zelda child image.
-
Pipeline tries to use the COSIGN_PUBLIC_KEY to verify a base image's signature and if that fails the COSIGN_PUBLIC_KEY_ALT. The COSIGN_PUBLIC_KEY_ALT is set to the different domains COSIGN_PUBLIC_KEY.
-
"OCI registry" REST calls where harbor-specific calls fail w/ proxy
Zelda - pipelines build from base images in the same domain:
- These pipelines were run in the order listed showing this pipeline is safe if the parent image hasn't run already with the latest vat-backend release that returns the keywords label as a list instead of a string.
- https://code-ib-zelda.staging.dso.mil/dsop/ironbank-pipelines/pipeline-runner-alpine-dev/-/pipelines/85762
- https://code-ib-zelda.staging.dso.mil/dsop/ironbank-pipelines/pipeline-runner-alpine/-/pipelines/85767
- https://code-ib-zelda.staging.dso.mil/dsop/opensource/alpinelinux/alpine/-/pipelines/85768
Yoshi - Pipelines building from base image in repo1:
- https://code-ib-yoshi.il5.dso.mil/dsop/pops/registry1-passthrough-test/-/pipelines/1896 (First time using registry1 image as a base image.)
Extra information:
- Vat will only import a base image's vat response if it is newer than the currently existing VAT response for the image: https://code-ib-yoshi.il5.dso.mil/dsop/pops/registry1-passthrough-test/-/jobs/13291
Edited by Jeffrey Wuebbles