RUN cd /usr/bin && ln -s /usr/local/lib/argos/bin/postLink
In the example above the docker argos4j-cli is fetched from the dockerhub repository and used in the build image of argos notary.
The argos4j-cli docker image contains a sh or bat script to use located in /usr/local/lib/argos.
The executable script is called "postLink" the last command is used to create a soft link so it can be called without the path.
The following docker environment variables can be used in any build step to connect to an argosnotary service instance.
WORKSPACE: the workspace of your ci cd pipeline setup eg "/drone/src"
ARGOS_SERVICE_BASE_URL: the url of the argosnotary service eg "https://notary.argosnotary.org/api"
CREDENTIALS_PASSPHRASE: the passphrase of the service account key configured in argosnotary.
CREDENTIALS_KEY_ID: the keyId of the service account key configured in argosnotary.
SUPPLY_CHAIN_NAME: your supplychain name configured in argosnotary eg "argos-test-app"
SUPPLY_CHAIN_PATH : the label path to your supplychain configured in argosnotary eg "com.rabobank"
RUN_ID : bcdd4bf0245c82c060407b3b24b9b87301d15ac1
Commands can then be wrapped to collect materials and products and send sent link files to argosnotary.
- postLink --phase pre --segment jenkins --step build --runId $RUN_ID
- mvn -s settings.xml install
- postLink --phase post --segment jenkins --step build --runId $RUN_ID
The first command before the build command (--phase pre) is used to make a snapshot of the pipeline workspace before the main command is executed.
It collects the materials and stores a signed link in the workspace.
The second command (--phase post) is executed after the main command, it makes a new snapshot of the workspace and sends the stored link file to the argos service.