Skip to content

Commit 070f968

Browse files
dhi: refresh customize & mirror (#24730)
## Description Refreshing and reducing left nav sprawl. - Removed management topic. It's not a standalone use-case. The use-case is managing mirrored and customized repos, so moved the info into those topics to reduce left nav sprawl. - For Mirror and Customize: - Moved Hub and CLI workflows to tabs. - Added Terraform tab showing how to manage mirrors and customizations using the [DHI Terraform provider](https://registry.terraform.io/providers/docker-hardened-images/dhi/latest/docs). The mirror topic includes provider setup (install + auth), and the customize topic links back to it. - Added additional related CLI commands in order to eventually remove the standalone CLI topic. - Added necessary token (PAT/OAT) support/scoping for mirroring and customization. - Moved the how to use an OAT with oras out of the mirror topic and into the use topic in the CI/CD section. OATs can't be used to mirror. Reframed the example to be about oras rather than OAT based on the requirement. Xref'd to the OAT topic for creation steps. - Moved webhook section in Mirror from Hub section to third-party mirror section. - In Mirror, changed wording from "mirror to hub" to "mirror to your organization" to be more specific. - Added warning for examples using credentials in CLI Previews - https://deploy-preview-24616--docsdocker.netlify.app/dhi/how-to/mirror/ - https://deploy-preview-24616--docsdocker.netlify.app/dhi/how-to/customize/ - https://deploy-preview-24616--docsdocker.netlify.app/dhi/how-to/use/#discover-attestations-with-oras ## Related issues or tickets ENGDOCS-3222 - topic refresh ENGDOCS-3224 - add token scopes ENGDOCS-3231 - add terraform ## Reviews <!-- Notes for reviewers here --> <!-- List applicable reviews (optionally @tag reviewers) --> - [ ] Editorial review - [ ] Technical review --------- Signed-off-by: Craig Osterhout <craig.osterhout@docker.com>
1 parent 41fb4e7 commit 070f968

7 files changed

Lines changed: 378 additions & 227 deletions

File tree

content/manuals/dhi/how-to/_index.md

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
title: How-tos
33
description: Step-by-step guidance for working with Docker Hardened Images, from discovery to governance.
44
weight: 20
5+
aliases:
6+
- /dhi/how-to/manage/
57
params:
68
grid_discover:
79
- title: Search and evaluate Docker Hardened Images
@@ -37,10 +39,6 @@ params:
3739
description: Learn how to use a Docker Hardened Image chart.
3840
icon: leaderboard
3941
link: /dhi/how-to/helm/
40-
- title: Manage Docker Hardened Images and charts
41-
description: Learn how to manage your mirrored and customized Docker Hardened Images in your organization.
42-
icon: reorder
43-
link: /dhi/how-to/manage/
4442
grid_verify:
4543
- title: Verify a Docker Hardened Image or chart
4644
description: Use Docker Scout or cosign to verify signed attestations like SBOMs, provenance, and vulnerability data for Docker Hardened Images and charts.

content/manuals/dhi/how-to/cli.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ docker dhi mirror start --org my-org \
7676
Mirror with dependencies:
7777

7878
```bash
79-
docker dhi mirror start --org my-org -r golang --dependencies
79+
docker dhi mirror start --org my-org -r dhi/golang,my-org/dhi-golang --dependencies
8080
```
8181

8282
List mirrored images in your organization:

content/manuals/dhi/how-to/customize.md

Lines changed: 127 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
title: Customize a Docker Hardened Image or chart
33
linkTitle: Customize an image or chart
44
weight: 25
5-
keywords: hardened images, DHI, customize, certificate, artifact, helm chart
5+
keywords: hardened images, DHI, customize, certificate, artifact, helm chart, terraform, infrastructure as code
66
description: Learn how to customize Docker Hardened Images (DHI) and charts.
77
---
88

@@ -14,7 +14,6 @@ Hub web interface. For images, this lets you select a base image, add packages,
1414
add OCI artifacts (such as custom certificates or additional tools), and
1515
configure settings. For charts, this lets you customize the image references.
1616

17-
1817
Your customizations stay secure automatically. When the base Docker Hardened
1918
Image or chart receives a security patch or your OCI artifacts are updated,
2019
Docker automatically rebuilds your customizations in the background. This
@@ -32,35 +31,8 @@ mirrored DHI repository can create a customized image.
3231

3332
You can create customizations using either the DHI CLI or the Docker Hub web interface.
3433

35-
### Customize using the DHI CLI
36-
37-
The DHI CLI provides a command-line interface for managing Docker Hardened Image
38-
customizations. For installation instructions and usage details, see [Use
39-
the DHI CLI](./cli.md#customize-dhi-images).
40-
41-
#### Monitor customization builds
42-
43-
List builds for a customization:
44-
45-
```console
46-
$ docker dhi customization build list --org my-org my-org/dhi-golang "golang with git"
47-
```
48-
49-
Get details of a specific build:
50-
51-
```console
52-
$ docker dhi customization build get --org my-org my-org/dhi-golang "golang with git" <build-id>
53-
```
54-
55-
View build logs:
56-
57-
```console
58-
$ docker dhi customization build logs --org my-org my-org/dhi-golang "golang with git" <build-id>
59-
```
60-
61-
### Customize using the Docker Hub web interface
62-
63-
To customize a Docker Hardened Image using the web interface, follow these steps:
34+
{{< tabs >}}
35+
{{< tab name="Docker Hub" >}}
6436

6537
1. Sign in to [Docker Hub](https://hub.docker.com).
6638
1. Select **My Hub**.
@@ -158,6 +130,130 @@ To customize a Docker Hardened Image using the web interface, follow these steps
158130
to build. Once built, it will appear in the **Tags** tab of the repository,
159131
and your team members can pull it like any other image.
160132

133+
{{< /tab >}}
134+
{{< tab name="CLI" >}}
135+
136+
Authenticate with `docker login` using your Docker credentials or a [personal
137+
access token (PAT)](../../security/access-tokens.md) with **Read & Write**
138+
permissions. [Organization access tokens
139+
(OATs)](../../enterprise/security/access-tokens.md) are not supported.
140+
141+
Use the [`docker dhi customization`](/reference/cli/docker/dhi/customization/) command:
142+
143+
```console
144+
# Prepare a customization scaffold
145+
$ docker dhi customization prepare golang 1.25 \
146+
--org my-org \
147+
--destination my-org/dhi-golang \
148+
--name "golang with git" \
149+
--output my-customization.yaml
150+
151+
# Create a customization
152+
$ docker dhi customization create my-customization.yaml --org my-org
153+
154+
# List customizations
155+
$ docker dhi customization list --org my-org
156+
157+
# Filter customizations by name, repository, or source
158+
$ docker dhi customization list --org my-org --filter git
159+
$ docker dhi customization list --org my-org --repo dhi-golang
160+
$ docker dhi customization list --org my-org --source golang
161+
162+
# Get a customization
163+
$ docker dhi customization get my-org/dhi-golang "golang with git" --org my-org --output my-customization.yaml
164+
165+
# Update a customization
166+
$ docker dhi customization edit my-customization.yaml --org my-org
167+
168+
# Delete a customization
169+
$ docker dhi customization delete my-org/dhi-golang "golang with git" --org my-org
170+
171+
# Delete without confirmation prompt
172+
$ docker dhi customization delete my-org/dhi-golang "golang with git" --org my-org --yes
173+
```
174+
175+
{{< /tab >}}
176+
{{< tab name="Terraform" >}}
177+
178+
You can manage DHI customizations as infrastructure-as-code using the [DHI
179+
Terraform
180+
provider](https://registry.terraform.io/providers/docker-hardened-images/dhi/latest/docs).
181+
If you haven't configured the provider yet, see the Terraform tab in [Mirror a
182+
repository](./mirror.md) for setup instructions.
183+
184+
Define a `dhi_customization` resource for each customization:
185+
186+
```hcl
187+
resource "dhi_customization" "golang_with_git" {
188+
repository = "dhi-golang"
189+
name = "golang with git"
190+
191+
contents {
192+
packages = ["git", "curl"]
193+
}
194+
195+
platform {
196+
os = "linux"
197+
architecture = "amd64"
198+
}
199+
}
200+
```
201+
202+
The `dhi_customization` resource also supports optional configuration blocks
203+
for `accounts`, `files`, `labels`, `annotations`, `environment`, `entrypoint`,
204+
`cmd`, `user`, `workdir`, and `stop_signal`.
205+
206+
Run `terraform apply` to create the customization.
207+
208+
To edit a customization, update the resource configuration and run `terraform
209+
apply`. To delete a customization, remove the resource and run `terraform apply`.
210+
211+
For the full list of resource attributes, see the [Terraform Registry
212+
documentation](https://registry.terraform.io/providers/docker-hardened-images/dhi/latest/docs/resources/customization).
213+
214+
> [!NOTE]
215+
>
216+
> Monitoring customization builds is not available through the Terraform
217+
> provider. Use the Docker Hub web interface or the DHI CLI to monitor builds.
218+
219+
{{< /tab >}}
220+
{{< /tabs >}}
221+
222+
### Monitor customization builds
223+
224+
{{< tabs >}}
225+
{{< tab name="Docker Hub" >}}
226+
227+
1. Sign in to [Docker Hub](https://hub.docker.com).
228+
2. Select **My Hub**.
229+
3. In the namespace drop-down, select your organization.
230+
4. Select **Hardened Images** > **Manage**.
231+
5. Select the **Customizations** tab.
232+
233+
{{< /tab >}}
234+
{{< tab name="CLI" >}}
235+
236+
List builds for a customization:
237+
238+
```console
239+
$ docker dhi customization build list my-org/dhi-golang "golang with git" --org my-org
240+
```
241+
242+
Get details of a specific build:
243+
244+
```console
245+
$ docker dhi customization build get my-org/dhi-golang "golang with git" <build-id> --org my-org
246+
```
247+
248+
View build logs:
249+
250+
```console
251+
$ docker dhi customization build logs my-org/dhi-golang "golang with git" <build-id> --org my-org
252+
```
253+
254+
{{< /tab >}}
255+
{{< /tabs >}}
256+
161257
### Create an OCI artifact image for image customization
162258

163259
An OCI artifact image is a Docker image that contains files or directories that

content/manuals/dhi/how-to/manage.md

Lines changed: 0 additions & 61 deletions
This file was deleted.

0 commit comments

Comments
 (0)