GOSH Docker Extension implements GOSH repository management and image verification as the newest feature of Docker - a Docker Extension.
You will be able to create your GOSH account and Decentralized Autonomous Organization (DAO), set up and manage repositories through a graphical interface directly in Docker Desktop. Repositories stored in GOSH can then be interacted with like any regular remote repository, with a few small configurations to git, making decentralized code management easily available to anyone.
Images built directly from code stored in GOSH can be verified as GOSH-sourced in the Docker Extension, ensuring security of the software supply chain. You will always know what code specifically is running in your containers, and that none of it was tampered with during build.
Get the latest Docker Desktop (4.8.0 or later), which supports extensions.
Launch the Desktop, go to the Extensions section, and click Add Extensions.
Select and install GOSH extension on the marketplace.
Open the GOSH verified images extension in Docker Desktop. If you have a GOSH account, then enter your own one seed phrase, if not, you can create it by clicking on the link app.gosh.sh.
To get started with GOSH, you need an active Github-account.
Click Create account
After click Authorize gosh-sh
In the list of organizations received from Github, click on the organization
and select repositories for upload into GOSH
Do this for each organization for which you want to upload repositories to GOSH.
After registering on GOSH you will not be able to return to this step in this release.
This will be available later
If you want other GOSH users to be able to find you by your email, give permission.
Then click Upload
If you are familiar with blockchain, you know what to do with a seed phrase.
If you're new to blockchain, all you need to know, is that this is the key to your account and all your assets on GOSH. Your public key, which can identify you on the blockchain and the secret key you'll use to sign your actions can always be calculated from your seed phrase.
To create the GOSH-account, the seed phrase will be generated for you.
Write your seed phrase down and store it somewhere safe, and never share it with anyone. Avoid storing it in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.
Your seed phrase will be used to log into GOSH.
Once you have written down your seed phrase, click Continue.
Then choose a short nickname or create a new one and click Create account.
The Usernames must contain only Latin letters, numbers, hyphen, underscore character
( a...z, 0...9, -, _ )
When the repositories are uploaded, a notification will be sent to your email.
Follow the link in the email.
To log into GOSH open the GOSH verified images extension in Docker Desktop and enter the saved seed phrase and click Sign in.
GOSH will ask you to set up a PIN code:
And unlock with PIN code.
Once done, you will be logged into GOSH.
The GOSH DAO Bot will be a member of your organization. In the future, it will track changes in your repositories on Github and synchronize them with GOSH.
The Bot can be removed from the DAO members by voting. But then there will be no automatic synchronization of repositories in GOSH if they have been changed in Github.
The Organizations page will open after your account is created.
Click New organization button in the Organizations section.
Input Organization name and members.
The Organizations name must contain only Latin letters, numbers, hyphen, underscore character
( a...z, 0...9, -, _ )
The first mandatory member is the creator, identified by their username.
The second member is the GOSH DAO Bot. It will synchronize repositories with github on GOSH.
Any other members can be added at creation - just enter the username of each member in new line.
At any later time the list of members can be expanded by voting.
Click Create organization.
Once created, your organization will appear in the organization list. Click on it to continue.
To create a repository in your organization click Create in the Repositories section.
Enter repository name and click Create repository.
The repository name must contain only Latin letters, numbers, hyphen, underscore character
( a...z, 0...9, -, _ )
Repository is created with default main branch. To create another branch, click on the branches counter.
Select the branch to be forked, enter new branch name, and click Create branch.
The branch name must contain only Latin letters, numbers, hyphen, underscore character
( a...z, 0...9, -, _ )
Once the branch is created, it will appear in the branches list.
Switch to it via drop down list.
To create file, click Add file button.
Enter file contents and name. MD syntax is supported for preview.
Once done, scroll down to Commit data, enter commit info and click Commit changes button.
Commit status will be displayed below.
If the branch you are working in requires no vote to commit to, the changes will be commited immediately/ Otherwise a DAO vote will be initiated.
Create Pull Request
Click on the Pull requests tab and set up the pull request: what branch to merge from and to.
View the diff, scroll down to Commit data, enter details and click Commit changes.
When merging into the main branch, and in some other cases (depending on DAO setup), a DAO proposal will be initiated by trying to commit.
Organization Tokens have to be sent to the DAO Soft Majority Vote contract to start a proposal for DAO members to vote on.
Voting in SMV (Soft Majority Vote)
Actions that require a DAO vote, such as merging into main, are performed by creating a proposal.
To create a proposal, or to vote for a proposal someone else created, some of your tokens need to be allocated to SMV (once the proposal is completed), you can get them back.
For example, to merge into main, create a pull request from some other branch. A proposal will be generated and will appear on the Events page.
Open the proposal and review the contents.
The voting period is indicated on the proposal page. This is the time allotted for voting. Unless a decisive majority of >50% is achieved early, votes will be counted at the end of this period.
Voting statistics are located under the status Running. The green and red counters indicate how many tokens have been used at the moment to vote for and against the proposal.
The green indicator in the top right corner means that the SMV smart contracts are not currently processing any new votes. It turns red when the SMV contracts are busy.
Once you have made a decision, input the amount of tokens, select Approve or Reject and click Vote for proposal. Vote registration can take a bit of time.
As per the rules of Soft Majority Voting, to have a proposal approved early, you need at least 50% of the total supply of tokens in the repository + 1 token used to vote for the proposal.
For example, in a repository with two members, where the total supply of tokens is 200, 101 token needs to be used to instantly approve a proposal. Thus with every member holding 100 tokens a proposal can never be instantly completed without the participation of members other than the proposal's author.
On the other hand, so as not to depend on all members of an organization to vote, soft majority vote will complete with an approval at the end of the voting period, if 10% of the total token supply were used to vote for, and no one voted against.
The more tokens are sent against the proposal, the higher the approving amount needs to be (up to 50% of the total supply + 1 token) for the proposal to pass.
Other members of the Organization, who have transferred their tokens to SMV, will be able to vote for the proposal on this page in their own accounts.
Currently, even in organizations with a single member, voting still takes place when a proposal is created. 51 tokens are needed to approve a proposal in such a repository.
Once a majority has been reached early, or the voting period ended and the soft majority vote result was decided, the proposal completes and the proposed action is performed.
View Public Key
A user needs to know their public key, for example, when joining an organization.
To view your public key go to the main page of your account and click Settings.
Avoid storing your private key and seed phrase in plain text or screenshots, or any other non-secure way. If you lose it, you lose access to your assets. Anyone who gets it, gets full access to your assets.
Add Members to Organization
Go to Organization Settings to the Members tab to manage your organization.
To add member enter the username of each candidate from a new line and click Add members button.
Set up Git Remote Helper and continue working with your repository.
You'll need your wallet credentials. Go to the main page of your account and click Settings. Scroll down and copy them.
To view the command to clone your repo, click the Clone button on your repo page.
Update Docker Extension
When you need to update the GOSH verified images extension in Docker Desktop, you will see an orange indicator.
To update the extension, go to the menu and select Manage
After downloading the update, click Open