-
Notifications
You must be signed in to change notification settings - Fork 15
/
Makefile
60 lines (47 loc) · 1.64 KB
/
Makefile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# Replace this with your image name, i.e. ghcr.io/<your-username>/demo-repo-python:latest
IMAGE_NAME?=ghcr.io/stacklok/demo-repo-python:latest
# Lowercase the image name to handle mixed-case GitHub org/repo names
IMAGE_NAME := $(shell echo $(IMAGE_NAME) | tr '[:upper:]' '[:lower:]')
# Replace this with your GitHub username and PAT.
# This is used to authenticate with GitHub Container Registry (GHCR)
# and push the image to your repository.
# The PAT should have read/write access for packages.
CR_USERNAME?=stacklok
CR_PAT?=ghp_1234567890abcdefghij1234567890abcdefghij
.PHONY: login
login:
@echo "Logging in to GitHub Container Registry"
@echo "${CR_PAT}" | docker login ghcr.io -u $(CR_USERNAME) --password-stdin
.PHONY: build-image
build-image:
@echo "Building a safe image..."
docker build -t $(IMAGE_NAME) .
.PHONY: build-malicious-image
build-malicious-image:
@echo "Building a malicious image..."
@echo "# Maliciously altered on $$(date)" >> app.py
docker build -t $(IMAGE_NAME) .
.PHONY: push-image
push-image:
@echo "Pushing image..."
docker push $(IMAGE_NAME)
.PHONY: keygen
keygen:
@cosign generate-key-pair
.PHONY: sign-keypair
sign-keypair:
@cosign sign $(IMAGE_NAME) --key cosign.key
.PHONY: sign-oidc
sign-oidc:
@cosign sign $(IMAGE_NAME)
.PHONY: build-binary
build-binary:
@echo "Building a safe binary..."
@echo "Not implemented yet"
# TODO: Implement this when we need it for the Python example
.PHONY: build-malicious-binary
build-malicious-binary:
@echo "Building a malicious binary..."
@echo "# Maliciously altered on $$(date)" >> app.py
@echo "Not implemented yet"
# TODO: Implement this when we need it for the Python example