# If updated the workload source code or this Dockerfile, need to rebuild the image and regenerate the signature
# From current directory:
# GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o main .
# gcloud builds submit --tag us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath:latest
# # Record the image digest generated by this command
#
# Updating the container signature
# 
# # Install cosign
# go install github.com/sigstore/cosign/v2/cmd/cosign@latest
#
# Designate the sig repo
# export COSIGN_REPOSITORY=us-docker.pkg.dev/confidential-space-images-dev/cs-cosign-tests/oda
#
# # Since we don't verify the signature in the test, you can just generate your own key
# cosign generate-key-pair
# cosign public-key --key cosign.key > pub.pem
# PUB=$(cat pub.pem | openssl base64)
# PUB=$(echo $PUB | tr -d '[:space:]' | sed 's/[=]*$//')
# # Sign the container, <IMAGE_DIGEST> is from the gcloud builds submit command above
# cosign sign --key cosign.key us-west1-docker.pkg.dev/confidential-space-images-dev/cs-integ-test-images/ipc/happypath@sha256:<IMAGE_DIGEST> -a dev.cosignproject.cosign/sigalg=ECDSA_P256_SHA256 -a dev.cosignproject.cosign/pub=$PUB
#
# Once finished, refering to pr#415 to on how to update the signature and image

FROM alpine

COPY main /

ENV env_bar="val_bar"

LABEL "tee.launch_policy.allow_env_override"="ALLOWED_OVERRIDE"
LABEL "tee.launch_policy.allow_cmd_override"="true"
LABEL "tee.launch_policy.log_redirect"="always"

ENTRYPOINT ["/main"]

# Can be overridden because of the launch policy.
CMD ["arg_foo"]
