Registering the Hyper Protect Secure Build base image

You have to download the Hyper Protect Secure Build base image, and then register the base image into the remote registry such as docker.io or icr.io.

Note:

  • The following context uses Docker Hub for demonstration. You can use the equivalent values or settings if you choose to use IBM Cloud Container Registry. For more information, see Getting started with IBM Cloud Container Registry.
  • Check that you have installed the GPG command line tool on the management server. For more information, see GNU Privacy Guard.
  • Check that you enable Docker Content Trust (DCT) for your remote docker registry server. For more information, see Content trust in Docker.
    export DOCKER_CONTENT_TRUST=1
    

Complete the following steps:

  1. Install the Hyper Protect Secure Build Server base image to your management server.

    a. Log in to the remote docker repository.

    b. Install the base image by using the docker load commands.

     docker load < <destination-folder-hpsbBase>/images/hyper-protect-secure-build.tar.gz
    

    c. Run the docker images command to check whether the base image is loaded into the local registry successfully.

    REPOSITORY                    TAG     IMAGE ID       CREATED            SIZE
    secure-docker-build        1.3.0.16   c628c5f2f96a   3 days ago         2.69GB
    
  2. Create the repository in your namespace for the base image on the Docker Hub. For example, docker_base_user/secure-docker-build. Note that the repository name must match the image name.

  3. Use the docker tag command to tag the base image with the same ID used by the CLI tool. For example, 1.3.0.16 is the tag ID of the CLI tool that you can get by running the docker images command. Run the following commands to tag the base image.

    docker tag secure-docker-build:1.3.0.16 docker_base_user/secure-docker-build:1.3.0.16
    
  4. Run the docker images command to check whether the tag for the base image is as expected.

    REPOSITORY                                     TAG      IMAGE ID       CREATED       SIZE
    ...
    secure-docker-build                          1.3.0.16    c628c5f2f96a   3 days ago     2.69GB
    docker_base_user/secure-docker-build         1.3.0.16    c628c5f2f96a   3 days ago     2.69GB
    ...
    
  5. Push the base image to your remote docker repository. Note that if the remote registry server is IBM Cloud Container Registry (icr.io), do not sign the image.

    docker login
    docker push docker_base_user/secure-docker-build:1.3.0.16
    
  6. Write down the following information to be used when building your app with the Secure Build container.

    • Your Docker Hub ID account used to register the base image. For example, docker_base_user
    • Your Docker Hub ID password. For example, passw0rd
    • Your remote registry value used to register the base image. For example, docker_base_user/secure-docker-build