In this section, we are going to explore the proposal by siamaksade in Red Hat’s Blog: Keep Your Applications Secure With Automatic Rebuilds and in his GitHub repository quay-mirror-pipeline.
|
Note
|
For this section, I have heavily used the utils provided by lbohnsac in his GitHub repository quay-api. |
The idea is to create a mirror repository in your Quay organization that syncs repository tags every day and generates push notifications to Openshift Pipelines that will build a new image and push it to the final repository. Therefore, these will be the repositories:
-
ubi8/ubi: This is the upstream images repository. -
alopezme/ubi8-mirror: This repository is located in my Quay instance/org and simply mirrors upstream images and generates notifications every time a new image is stored. -
alopezme/kustomize: This repository contains the final built image with thekustomizebinary.
First, create a new repository that will mirror the content of the RH official registry:
Create a Robot Account with the following access to both repositories:
Set up notifications on push:
