Skip to content

Commit

Permalink
Enable Docker content trust
Browse files Browse the repository at this point in the history
  • Loading branch information
@JamieMagee @raj-meka
JamieMagee authored and raj-meka committed Apr 29, 2024
1 parent bba4e1d commit 37bedcf
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions script/_common
View file
Expand Up @@ -41,6 +41,10 @@ function docker_build() {
export DEPENDABOT_USER_GID=1000
fi

# Only check Docker Content Trust for the updater-core image
# shellcheck disable=SC2034 # Used implicitly in docker build
DOCKER_CONTENT_TRUST=1

# shellcheck disable=SC2086 # as $DOCKER_BUILD_ARGS relies on word-splitting
docker build \
$DOCKER_BUILD_ARGS \
Expand All @@ -53,6 +57,9 @@ function docker_build() {
-f Dockerfile.updater-core \
.

# We don't sign the updater image with Notary, so disable Docker Content Trust for remaining builds
unset DOCKER_CONTENT_TRUST

export UPDATER_IMAGE_NAME="$UPDATER_IMAGE$TAG"

# shellcheck disable=SC2086 # as $DOCKER_BUILD_ARGS relies on word-splitting
Expand Down

0 comments on commit 37bedcf

Please sign in to comment.