The Automated Image Build Service automates the rebuilding of your image whenever an updated Red Hat package is available. It also scans your image (after a successful build) for any security vulnerabilities that may be present prior to publishing your image to the Container Catalog. The build service clones your Github/Gitlab repository onto a build server, and uses the Dockerfile to build your image. It is a requirement from Red Hat to properly maintain your image by keeping up to date with the latest security updates. By not using the automated build service, you are opting into manually maintaining and rebuilding your image every time an update is released.
Configuration is very easy and straightforward. Follow the steps below:
In the Project Page you created you will notice a left hand box, click on Build Service:
Click on the Configure Build Service tab.
Fill in the git repo and the Dockerfile name if it has a name other than “Dockerfile”.
If your repository is public, then all that is needed is the git source URL (HTTPS link). If your repository is private, then you must configure the build service with the SSH link and a private SSH key. The git repository needs the public SSH key associated with the private key in order to successfully clone. It is recommended to create a new public and private SSH key just for the project. Never use your own personal private key.
SSH key files must be stored in the PEM format, using the RSA algorithm. When configuring the build service, make sure to include the “-----BEGIN RSA PRIVATE KEY-----” and “-----END RSA PRIVATE KEY-----” blocks surrounding your private SSH key.
Click Submit at the end of the page.
Click Start New Build button at the top of the page.
Enter a tag number in the field provided
Tag version numbers follow the convention of using a dash "-" and then a number in order to accommodate Red Hat package updates that are independent of the partner application.
For example, if the initial image published is 1.0-1, the partner version is the 1.0 and the Red Hat build is -1.
If for some reason there is a security vulnerability or other Red Hat package update for that image, the Build Service will rebuild the image with a 1.0-2 tag to indicate a second Red Hat build of the same partner software version.
Once submitted, the new build will be added and scanned.
The Build Service must first be completed before it can begin the scanning process for certification. If your Build Service fails or does not complete, make sure the details you entered under the Configure Build Service tab is correct and confirm that your Dockerfile conforms to the examples provided in this link.
If you are not using the Build Service, you will need to manually upload your image from the UPLOAD YOUR IMAGE tab on the Projects page.
Cut and paste the following line to your terminal.
# docker login -u unused scan.connect.redhat.com
When prompted for the password copy and paste the Registry Key located on the Upload Your Image tab in the project.