-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci/patch images #209
ci/patch images #209
Conversation
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Co-authored-by: Ramiro Algozino <[email protected]>
Co-authored-by: Ramiro Algozino <[email protected]>
Co-authored-by: Ramiro Algozino <[email protected]>
Co-authored-by: Ramiro Algozino <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 😊
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The PR code-wise looks good to me.
I don't have enough context to say if this is the right way to solve the problem though. I'd leave the final approve to @nutellinoit
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We are also syncing multi-arch images, for example https://github.com/sighupio/fury-distribution-container-image-sync/blob/main/modules/monitoring/images.yml#L256
How did you achieve that?
BTW, we need to fix a call to discuss this change
Unfortunately, at the moment, Copa does not support out-of-the-box and seamless patching of multi-architecture images.
Yes, we definitely need to schedule a call as there are a few matters we need to discuss. |
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Signed-off-by: r3drun3 <[email protected]>
Warning Given the recent amendments made to SSC, this PR might be deprecated. |
Reason for the Pull Request
Implementing a pipeline for automatic hardening, signing, and attestation of Fury images.
What it adds
A straightforward Python utility to compile a json file with the list of images requiring patching and a GitHub Action for patching.
Additional Notes
To function properly, the pipeline requires the following secrets to be configured within the repository: