Merge pull request #9620 from dependabot/jamiemagee/enable-docker-con…

…tent-trust Enable Docker content trust
dependabot · Apr 29, 2024 · 195c36b · 195c36b
2 parents c844f2b + 7739f24
commit 195c36b
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/script/_common b/script/_common
@@ -41,6 +41,10 @@ function docker_build() {
     export DEPENDABOT_USER_GID=1000
   fi
 
+  # Only check Docker Content Trust for the updater-core image
+  # shellcheck disable=SC2034 # Used implicitly in docker build
+  DOCKER_CONTENT_TRUST=1
+
   # shellcheck disable=SC2086  # as $DOCKER_BUILD_ARGS relies on word-splitting
   docker build \
     $DOCKER_BUILD_ARGS \
@@ -53,6 +57,9 @@ function docker_build() {
     -f Dockerfile.updater-core \
     .
 
+  # We don't sign the updater image with Notary, so disable Docker Content Trust for remaining builds
+  unset DOCKER_CONTENT_TRUST
+
   export UPDATER_IMAGE_NAME="$UPDATER_IMAGE$TAG"
 
   # shellcheck disable=SC2086  # as $DOCKER_BUILD_ARGS relies on word-splitting