This issues aims at updating our knowledge, and if possible the practises, on how to build and test Docker Images.
The main challenges are the following:
- Provide a reproducible process, so any contributors can build and test images on their own environement
- Provide a secured environement to leverage the "supply chain" attacks, for:
- Building and testing Docker images without putting the underlying infrastructure at risk
- Pushing the freshly built Docker Images to their target registries for consumption, without putting credentials or organizational trust at risk