mirror of
https://github.com/linuxkit/linuxkit.git
synced 2025-12-25 04:04:13 +00:00
4fba9d8545
Firstly add option to disable content trust, for the use of e.g. projects which are pushing to the linuxkitprojects org (which has no trust setup) rather than the main linuxkit org. Secondly, when trust _is_ enabled then enable it globally, in particular it is now active for the `docker build` and hence containers referenced in Dockerfiles via "FROM" will be checked. Signed-off-by: Ian Campbell <ian.campbell@docker.com>
48 lines
1.1 KiB
Makefile
48 lines
1.1 KiB
Makefile
.PHONY: image tag show-tag
|
|
default: push
|
|
|
|
ORG?=linuxkit
|
|
ifeq ($(HASH),)
|
|
HASH_COMMIT?=HEAD # Setting this is only really useful with the show-tag target
|
|
HASH?=$(shell git ls-tree --full-tree $(HASH_COMMIT) -- $(CURDIR) | awk '{print $$3}')
|
|
|
|
ifneq ($(HASH_COMMIT),HEAD) # Others can't be dirty by definition
|
|
DIRTY=$(shell git update-index -q --refresh && git diff-index --quiet HEAD -- $(CURDIR) || echo "-dirty")
|
|
endif
|
|
endif
|
|
|
|
TAG=$(ORG)/$(IMAGE):$(HASH)$(DIRTY)
|
|
|
|
BASE_DEPS=Dockerfile Makefile
|
|
|
|
# Get a release tag, if present
|
|
RELEASE=$(shell git tag -l --points-at HEAD)
|
|
|
|
ifdef NETWORK
|
|
NET_OPT=
|
|
else
|
|
NET_OPT=--network=none
|
|
endif
|
|
|
|
ifeq ($(DOCKER_CONTENT_TRUST),)
|
|
ifndef NOTRUST
|
|
export DOCKER_CONTENT_TRUST=1
|
|
endif
|
|
endif
|
|
|
|
show-tag:
|
|
@echo $(TAG)
|
|
|
|
tag: $(BASE_DEPS) $(DEPS)
|
|
docker pull $(TAG) || docker build $(NET_OPT) -t $(TAG) .
|
|
|
|
push: tag
|
|
ifneq ($(DIRTY),)
|
|
$(error Your repository is not clean. Will not push package image.)
|
|
endif
|
|
docker pull $(TAG) || docker push $(TAG)
|
|
ifneq ($(RELEASE),)
|
|
docker tag $(TAG) $(ORG)/$(IMAGE):$(RELEASE)
|
|
docker push $(ORG)/$(IMAGE):$(RELEASE)
|
|
endif
|