diff --git a/api/build.sh b/api/build.sh index c5610e233..0e82088fe 100644 --- a/api/build.sh +++ b/api/build.sh @@ -50,6 +50,9 @@ function build_api(){ docker tag ${DOCKER_REPO:-'local'}/chalice:${image_tag} ${DOCKER_REPO:-'local'}/chalice:${tag}latest docker push ${DOCKER_REPO:-'local'}/chalice:${tag}latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/chalice:${image_tag} + } echo "api docker build completed" } diff --git a/backend/build.sh b/backend/build.sh index 6ff4cd4ef..95a833139 100755 --- a/backend/build.sh +++ b/backend/build.sh @@ -27,6 +27,9 @@ function build_service() { [[ $PUSH_IMAGE -eq 1 ]] && { docker push ${DOCKER_REPO:-'local'}/$image:${image_tag} } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/$image:${image_tag} + } echo "Build completed for $image" return } diff --git a/ee/api/build_crons.sh b/ee/api/build_crons.sh index 2f9d84a81..4d246265a 100644 --- a/ee/api/build_crons.sh +++ b/ee/api/build_crons.sh @@ -36,6 +36,9 @@ function build_crons(){ docker tag ${DOCKER_REPO:-'local'}/crons:${git_sha1} ${DOCKER_REPO:-'local'}/crons:${tag}latest docker push ${DOCKER_REPO:-'local'}/crons:${tag}latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/crons:${image_tag} + } echo "completed crons build" } diff --git a/frontend/build.sh b/frontend/build.sh index 33b726c1a..55d295746 100644 --- a/frontend/build.sh +++ b/frontend/build.sh @@ -26,7 +26,10 @@ function build(){ [[ $PUSH_IMAGE -eq 1 ]] && { docker push ${DOCKER_REPO:-'local'}/frontend:${image_tag} } - echo "frotend build completed" + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/frontend:${image_tag} + } + echo "frontend build completed" } check_prereq diff --git a/peers/build.sh b/peers/build.sh index 25aa0d7ed..45cc97892 100644 --- a/peers/build.sh +++ b/peers/build.sh @@ -35,6 +35,9 @@ function build_api(){ docker tag ${DOCKER_REPO:-'local'}/peers:${image_tag} ${DOCKER_REPO:-'local'}/peers:latest docker push ${DOCKER_REPO:-'local'}/peers:latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/peers:${image_tag} + } echo "peer docker build complted" } diff --git a/scripts/helmcharts/build_deploy.sh b/scripts/helmcharts/build_deploy.sh index e5714a1b2..cc5acd020 100644 --- a/scripts/helmcharts/build_deploy.sh +++ b/scripts/helmcharts/build_deploy.sh @@ -8,6 +8,12 @@ set -e # Removing local alpine:latest image docker rmi alpine || true +# Signing image +# cosign sign --key awskms:///alias/openreplay-container-sign image_url:tag +export SIGN_IMAGE=1 +export PUSH_IMAGE=1 +export SIGN_KEY="awskms:///alias/openreplay-container-sign" + echo $DOCKER_REPO [[ -z DOCKER_REPO ]] && { echo Set DOCKER_REPO="your docker registry" @@ -15,15 +21,15 @@ echo $DOCKER_REPO } || { docker login $DOCKER_REPO cd ../../backend - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ cd ../utilities - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ cd ../peers - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ cd ../frontend - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ cd ../sourcemap-reader - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ cd ../api - PUSH_IMAGE=1 bash build.sh $@ + bash build.sh $@ } diff --git a/sourcemap-reader/build.sh b/sourcemap-reader/build.sh index 33d318cab..859347fd4 100644 --- a/sourcemap-reader/build.sh +++ b/sourcemap-reader/build.sh @@ -46,6 +46,9 @@ function build_api(){ docker tag ${DOCKER_REPO:-'local'}/${image_name}:${image_tag} ${DOCKER_REPO:-'local'}/${image_name}:${tag}latest docker push ${DOCKER_REPO:-'local'}/${image_name}:${tag}latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/$image_name:${image_tag} + } echo "${image_name} docker build completed" } diff --git a/utilities/build.sh b/utilities/build.sh index d1042375b..87ff7f3e6 100644 --- a/utilities/build.sh +++ b/utilities/build.sh @@ -36,6 +36,9 @@ function build_api(){ docker tag ${DOCKER_REPO:-'local'}/assist:${image_tag} ${DOCKER_REPO:-'local'}/assist:latest docker push ${DOCKER_REPO:-'local'}/assist:latest } + [[ $SIGN_IMAGE -eq 1 ]] && { + cosign sign --key $SIGN_KEY ${DOCKER_REPO:-'local'}/assist:${image_tag} + } echo "build completed for assist" }