Resolve "No longer output tar from Build job" (!547) · Merge requests · Iron Bank / ironbank-pipeline · GitLab

UNCLASSIFIED - NO CUI

Iron Bank will be replacing the old container signing certificate with the new container signing certificate. No additional action is required. Users can find additional information regarding the certificate rotation and container signature verification here and here.

David Freeman requested to merge 273-output-tar into development Apr 19, 2021

Closes #273 (closed)
Tested on UBI and Distroless projects

UBI - Proxyv2-1.7
Distroless - Base

The main bit of work was

Removing the docker archive creation in build
Using a podman pull in the oscap jobs using the digest created by the push to staging
Creating the docker archive in the sign image job by using a skopeo copy by digest
Combining the documentation stage jobs into a single job to resolve inter-dependencies without creating a new stage

This code included other fixes as well

No longer add Content-Encoding in S3 upload as this messes up the signature on the all-in-one tar.gz file
Updates all references of IM_NAME to IMAGE_NAME. Outputs IMAGE_NAME in the build again for jobs that need this value but were not depending on hardening_manifest
Updates print statements in the twistlock.py to use the logging module

Edited Apr 21, 2021 by David Freeman

UNCLASSIFIED - NO CUI