Certified Technology Portal

My account

My account

Documentation

How To Update Your Image

Overview

Partners can use the partner build service for building their application containers for certification.  This prevents the partner from needing to maintain a RHEL container build host. Build-service can build containers from git repositories which internet-accessible publicly or privately with an ssh key. To enable, navigate to your container project and click on 'build service.'

Auto-Publish

This setting is located in 'project settings' in container certification projects.  When this is toggled 'on', containers which pass certification will be automatically published in the Red Hat Container Catalog.

Auto-Rebuild

Auto-rebuild is a build service feature which will automatically build and publish a new container in response to known vulnerabilities.  Auto-rebuild requires auto-publish and will enable it for you.

How does auto-rebuild generate new container tags?  Refer to the table to see what auto-rebuild will tag your containers with one the first and second rebuilds given the original tag in the far left column.

User provided Tag Build Service Generated Tag (n+1) Build Service Generated Tag (n+2)
mycontainer:v2 mycontainer:v2-1 mycontainer:v2-2
mycontainer:v2.1 mycontainer:v2.1-1 mycontainer:v2.1-2
mycontainer:v2.1-1 mycontainer:v2.1-1-1 mycontainer:v2.1-1-2

 

Pulling images for testing

It is possible to pull images to test them before publishing.  

1. Using the steps on the 'upload your image' tab in the certification area of the container zone, log into your project repository with docker.

2. Locate your 'pid' (project identifier) in the 'docker tag' command on the 'upload your image' instructions'.  It is a string of random alphanumeric characters either starting with 'p' or 'ospid'.

3. run 'docker pull scan.connect.redhat.com/[pid]/partner-build-service:[tag]

 

Configuration

The partner build service allows a partner to build and rebuild their containers for certification and publishing in RHCC without having their own environment.

 

 

1. From container project home, click partner build service on the left nav menu

 

2. main partner build service screen: you can start a new build, refresh, click into a build to see details, or configure the service.

 

 

 

3.  configure build service screen:

 

 

 

1. Start a new build

 

 

 

 

 

2. Turn the build service on or off 

 

 

 

3. Enable automatic rebuilds of this repository in response to security errata.

 

4. Required.  URL of git repo to build container from.  Can be either an HTTP or SSH git url (but see #4)

 

 

 

5. Optional and usually blank.  if the Dockerfile is named something other than the default 'Dockerfile', enter it here.

 

 

 

 

6. Optional.  The private SSH key which gives access to a private repo.  Only valid when an SSH url is given for #2.

 

 

 

 

7. Optional, usually blank. If the docker build context root is not the root of the git repo, enter the path to it here.

 

 

 

8. Required, default is master.  If you want to build a git branch other than master, specify the branch name here.

 

4. build detail screen

 

 

5. Build Log Screen

 

 

--- old content ---

Here is a step by step guide on both processes (pages 14-19): https://github.com/RHC4TP/documentation/blob/master/Container%20Zone%20-OpenShift/How%20to%20Guide-Container%20Zone-preliminary%20release-20180827.pdf

Automated Build Process:

Your container project status already reflects the need to rebuild. You can find additional details by looking at the “Container Certification API” tab in your project.

Further instructions on setting up the Build Service: https://connect.redhat.com/zones/containers/partner-build-service

Manually Updating Your Image

  1. Ensure your dockerfile installs and applies fixes to critical/important vulnerabilities. This is typically accomplished with the following command within the Dockerfile: yum -y update-minimal --security --sec-    setopt=tsflags=nodocs
  2. Build a new image
  3. Select the target project in Red Hat Connect (login required)
  4. Go to the “Upload Your Image” tab and see details on how to upload a new, updated image for certification scan
  5. Once the scan is completed successfully, click the publish button for this updated image

If you have any questions or comments, you can reach us at connect@redhat.com.

 

Do you have any questions about certification? We're here to help.