Commit 9477b123 authored by Sheogorath's avatar Sheogorath 🎓

Add info about image digest to allow end-to-end verification

Currently the image is pushed to but since container images are
not signed, there is no gurantee that the correct image is provided by

This patch provides the image's SHA256 digest as part of the build
process so it's possible to verify that the correct image is up and

This is a first, basic setup to allow better audits of the images. In
future container images should get signed, but this requires some
additional work.
parent 2dd2beab
Pipeline #1694 passed with stages
in 6 minutes and 46 seconds
......@@ -18,8 +18,11 @@ build:
stage: build
- podman build --pull --build-arg VERSION -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
- echo "Image \"$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG\" Digest:"
- podman images --format "{{ .Digest }}" "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
stage: test
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment