Registering the Hyper Protect Secure Build base image
You have to download the Hyper Protect Secure Build base image, and then register the base image into the remote registry such as docker.io or icr.io.
Note:
- The following context uses Docker Hub for demonstration. You can use the equivalent values or settings if you choose to use IBM Cloud Container Registry. For more information, see Getting started with IBM Cloud Container Registry.
- Check that you have installed the GPG command line tool on the management server. For more information, see GNU Privacy Guard.
- Check that you enable Docker Content Trust (DCT) for your remote docker registry server. For more information, see Content trust in Docker.
export DOCKER_CONTENT_TRUST=1
Complete the following steps:
-
Install the Hyper Protect Secure Build Server base image to your management server.
a. Log in to the remote docker repository.
- For Docker Hub, run the
docker login
command. For more information, see Docker Login command. - For IBM Cloud Container Registry, run
docker login -u iamapikey -p <iam_api_key> <region>.icr.io
command. For more information, see Using Docker to authenticate with an API key.
b. Install the base image by using the
docker load
commands.docker load < <destination-folder-hpsbBase>/images/hyper-protect-secure-build.tar.gz
c. Run the
docker images
command to check whether the base image is loaded into the local registry successfully.REPOSITORY TAG IMAGE ID CREATED SIZE secure-docker-build 1.3.0.16 c628c5f2f96a 3 days ago 2.69GB
- For Docker Hub, run the
-
Create the repository in your namespace for the base image on the Docker Hub. For example,
docker_base_user/secure-docker-build
. Note that the repository name must match the image name. -
Use the
docker tag
command to tag the base image with the same ID used by the CLI tool. For example,1.3.0.16
is the tag ID of the CLI tool that you can get by running thedocker images
command. Run the following commands to tag the base image.docker tag secure-docker-build:1.3.0.16 docker_base_user/secure-docker-build:1.3.0.16
-
Run the
docker images
command to check whether the tag for the base image is as expected.REPOSITORY TAG IMAGE ID CREATED SIZE ... secure-docker-build 1.3.0.16 c628c5f2f96a 3 days ago 2.69GB docker_base_user/secure-docker-build 1.3.0.16 c628c5f2f96a 3 days ago 2.69GB ...
-
Push the base image to your remote docker repository. Note that if the remote registry server is IBM Cloud Container Registry (icr.io), do not sign the image.
docker login docker push docker_base_user/secure-docker-build:1.3.0.16
-
Write down the following information to be used when building your app with the Secure Build container.
- Your Docker Hub ID account used to register the base image. For example,
docker_base_user
- Your Docker Hub ID password. For example,
passw0rd
- Your remote registry value used to register the base image. For example,
docker_base_user/secure-docker-build
- Your Docker Hub ID account used to register the base image. For example,