Skip to main content

Building images

Similar to building images with docker build, the policy CLI allows you to build an image from the contents of a directory and tag that image with a name that consists of an organization name, a repository name, and a tag:

policy build <directory> -t [<registry>/]<organization-name>/<repository-name>:<tag>

Your current directory should contain an OPA bundle manifest, and rego files that make up a policy.

Example

$ policy build . -t ogazitt/peoplefinder:1.0.0


Created new image.
digest: sha256:84dbd4e3b5572dd2f23c3c987c89443fdcb57af87d714ea296fc552192fb17e9

Tagging image.
reference: ogazitt/peoplefinder:1.0.0

Note: The tag is optional. If omitted, the image is created as default:latest, which does not follow the accepted OCI format <registry>/<organization-name>/<repository-name>:<tag>, to prevent pushing the image to a registry without an appropriate tag.

$ policy build .


Created new image.
digest: sha256:84dbd4e3b5572dd2f23c3c987c89443fdcb57af87d714ea296fc552192fb17e9

Tagging image.
reference: ghcr.io/default:latest