adding in docker content trust signing (#404)

joshuafernandes · web-flow · commit 32a04d42f056 · 2021-12-08T10:56:52.000+10:00
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -190,6 +190,13 @@ jobs:
           name: Publish Docker
           command: |
             docker login --username "${DOCKER_USER_RW}" --password "${DOCKER_PASSWORD_RW}"
+
+            # dct signing setup
+            mkdir -p $HOME/.docker/trust/private
+            echo $DCT_KEY | base64 --decode > $HOME/.docker/trust/private/$DCT_HASH.key
+            chmod 600 $HOME/.docker/trust/private/$DCT_HASH.key
+            docker trust key load $HOME/.docker/trust/private/$DCT_HASH.key --name opsquorum
+
             ./gradlew --no-daemon --parallel "-Pbranch=${CIRCLE_BRANCH}" dockerUpload
       - notify
       
@@ -263,4 +270,5 @@ workflows:
             - acceptanceTests
             - buildDocker
           context:
-            - dockerhub-quorumengineering-rw        
+            - dockerhub-quorumengineering-rw
+            - dockerhub-opsquorum-dct
diff --git a/build.gradle b/build.gradle
@@ -529,7 +529,7 @@ task dockerUpload(type: Exec) {
   dependsOn distDocker
   def imageName = "consensys/" + repositoryName
   def image = project.hasProperty('release.releaseVersion') ? "${imageName}:" + project.property('release.releaseVersion') : "${imageName}:${project.version}"
-  def cmd = "docker push '${image}'"
+  def cmd = "docker trust sign '${image}' && docker push '${image}'"
 
   def deprecatedQuorumImageName = "consensys/quorum-" + repositoryName
   def deprecatedQuorumImage = project.hasProperty('release.releaseVersion') ? "${deprecatedQuorumImageName}:" + project.property('release.releaseVersion') : "${deprecatedQuorumImageName}:${project.version}"
