Uploading your container images

There are two ways to Upload your Image. Below you will find both examples.

Make sure to take a look at the Technical Prerequisites section to validate that your Dockerfile will pass our certification scan.

The Build Service

The Automated Image Build Service automates the rebuilding of your image whenever an updated Red Hat package is available. It also scans your image (after a successful build) for any security vulnerabilities that may be present prior to publishing your image to the Container Catalog. The build service clones your Github/Gitlab repository onto a build server, and uses the Dockerfile to build your image. It is a requirement from Red Hat to properly maintain your image by keeping up to date with the latest security updates. By not using the automated build service, you are opting into manually maintaining and rebuilding your image every time an update is released.‌

Configuration

Configuration is very easy and straightforward. Follow the steps below:‌

In the Project Page you created you will notice a left hand box, click on Build Service:‌

Click on the Configure Build Service tab.‌

Fill in the git repo and the Dockerfile name if it has a name other than “Dockerfile”.‌

If your repository is public, then all that is needed is the git source URL (HTTPS link). If your repository is private, then you must configure the build service with the SSH link and a private SSH key. The git repository needs the public SSH key associated with the private key in order to successfully clone. It is recommended to create a new public and private SSH key just for the project. Never use your own personal private key.

SSH key files must be stored in the PEM format, using the RSA algorithm. When configuring the build service, make sure to include the “-----BEGIN RSA PRIVATE KEY-----” and “-----END RSA PRIVATE KEY-----” blocks surrounding your private SSH key.‌

Click Submit at the end of the page.‌

Click Start New Build button at the top of the page.‌

Enter a tag number in the field provided

Image Tagging

Tag version numbers follow the convention of using a dash "-" and then a number in order to accommodate Red Hat package updates that are independent of the partner application.

For example, if the initial image published is 1.0-1, the partner version is the 1.0 and the Red Hat build is -1.

If for some reason there is a security vulnerability or other Red Hat package update for that image, the Build Service will rebuild the image with a 1.0-2 tag to indicate a second Red Hat build of the same partner software version.

Once submitted, the new build will be added and scanned.

The Build Service must first be completed before it can begin the scanning process for certification. If your Build Service fails or does not complete, make sure the details you entered under the Configure Build Service tab is correct and confirm that your Dockerfile conforms to the examples provided in this link.‌

Manually Upload Your Image

If you are not using the Build Service, you will need to manually upload your image from the UPLOAD YOUR IMAGE tab on the Projects page.‌

Cut and paste the following line to your terminal.

# docker login -u unused scan.connect.redhat.com

When prompted for the password copy and paste the Registry Key located on the Upload Your Image tab in the project.

This Registry Key is unique per project, please make sure you are using the correct password for the project you are working on.

Follow the step below Upload Your Image to manually upload your image

If you do not have a registry key populated or are having issues pushing your image please open a Support Ticket. Instructions on how to open a Support Ticket can be found in the Getting Help Section.