dash/contrib/containers
pasta e10c5c9579
Merge #6160: feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible
9178e8a75f feat: add smob and provenance in release for dockerhub; use jammy; apt remove as possible (pasta)

Pull request description:

  ## Issue being fixed or feature implemented
  Docker provenance refers to the origin and history of Docker images, including how they were built, modified, and by whom. An SBOM (Software Bill of Materials) is a detailed list of all components in a software application, providing transparency about libraries, dependencies, and versions used, which is crucial for security and compliance.

  ## What was done?
  Add SBOM and provenance to docker build; this may allow some level of validation that GitHub actions is actually doing what it says it is.

  See this for more information https://docs.docker.com/build/ci/github-actions/attestations/

  ## How Has This Been Tested?
  Building with buildx with sbom and provenance flags locally

  ## Breaking Changes
  None

  ## Checklist:
    _Go over all the following points, and put an `x` in all the boxes that apply._
  - [x] I have performed a self-review of my own code
  - [ ] I have commented my code, particularly in hard-to-understand areas
  - [ ] I have added or updated relevant unit/integration/functional/e2e tests
  - [ ] I have made corresponding changes to the documentation
  - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_

ACKs for top commit:
  UdjinM6:
    utACK 9178e8a75f

Tree-SHA512: 6e3f35a0b30f002e2d5d80d6dd18ee554a1c15c62c1d4cbe1185f38977f55a199998515cf5bb9a027670f068f3d56ef33faa062d8c4122a886375d00afe6bf2f
2024-08-01 09:28:46 -05:00
..
ci Merge #21354: build, doc: Drop no longer required packages from macOS cross-compiling dependencies 2024-04-11 02:25:07 +07:00
deploy Merge #6160: feat: add sbom and provenance in release for dockerhub; use jammy; apt remove as possible 2024-08-01 09:28:46 -05:00
develop cleanup: drop Gitian mentioning from Dockerfile 2023-12-06 12:40:58 -06:00
guix feat: Set client version for non-release binaries and version in guix based on git tags (#5653) 2024-01-11 21:43:42 -06:00
README.md

Containers

This directory contains configuration files for containerization utilities.

Currently two Docker containers exist, ci defines how Dash's GitLab CI container is built and the dev builds on top of the ci to provide a containerized development environment that is as close as possible to CI for contributors! See also Dash on Docker Hub i.e. for the dashd container.

Usage Guide

We utilise edrevo's dockerfile-plus, a syntax extension that leverages Docker BuildKit to reduce the amount of repetitive code.

As BuildKit is opt-in within many currently supported versions of Docker (as of this writing), you need to set the following environment variables before continuing. While not needed after the initial docker-compose build (barring updates to the Dockerfile), we recommend placing this in your ~/.bash_profile/~/.zshrc or equivalent

export DOCKER_BUILDKIT=1
export COMPOSE_DOCKER_CLI_BUILD=1

After that, it's simply a matter of building and running your own development container. You can use extensions for your IDE like Visual Studio Code's Remote Containers to run terminal commands from inside the terminal and build Dash Core.

cd contrib/containers/develop
docker-compose build
docker-compose run container