DentonGentry
commented
1 year ago The tradeoff is in incorporating and trusting another party in the build process.
Open gmemstr opened 1 year ago
DentonGentry
commented
1 year ago The tradeoff is in incorporating and trusting another party in the build process.
gmemstr
commented
1 year ago To clarify, the third party in this case is Red Hat :)
Currently the CI/CD process builds the container image, then loads it into Docker and uses Docker to push it. I've had fairly good luck with using https://github.com/containers/skopeo to push the Nix-built container image directly. It's a minor "optimization" (if you could call it that) but might be worth looking at.
Here's a rough example of where I'm using it for a personal repository: https://git.gmem.ca/arch/dref/src/branch/trunk/.gitea/workflows/test-build.yml#L36-L72