At our company, we are planning to create some kind of “docker build pipeline”, which should allow the developers in the teams to create their own containers. Currently, the building of docker containers and deployment is now very free-form. Some people build containers locally and upload it the registry.
In order to reason about the quality of the containers we use in our datacenter, we want to create process that is easy to use, repeatable and can enforce certain validation checks before uploading/pushing a container into the (private) registry.
Now my question is: how do you guys make sure that the containers which are pushed to your private registry are “okay” and “validate” against your centralised set of rules? What are best practices?