Merge pull request #1227 from DavidHurta/extend-dev-building-and-publishing-release-docs

openshift-merge-bot[bot] · web-flow · commit fa628785fc41 · 2025-09-05T12:55:10.000Z
NO-JIRA: Extend the development documentation regarding building and publishing a payload image
diff --git a/docs/dev/README.md b/docs/dev/README.md
@@ -48,7 +48,64 @@ that will contain all manifests from an existing release payload and the develop
 ```console
 $ oc adm release new --from-release=quay.io/openshift-release-dev/ocp-release:4.11.18-x86_64 \
                      --to-image-base=${REPO}/origin-cluster-version-operator:latest \
-                     --image=${REPO}/ocp-release:latest
+                     --to-image=${REPO}/ocp-release:latest
+```
+
+Note that the pull secret for the `quay.io/openshift-release-dev/ocp-release` container image can be acquired [here](https://console.redhat.com/openshift/install/pull-secret).
+
+In case you want to utilize different credentials for the same container image registry domain, for example, 
+one set of credentials for the existing release image and one for a personal location where to upload the new release 
+image in the same container image registry domain, the following unsupported methods are possible at the moment.
+Note that these methods may not be supported or functional when used with other container tools.
+
+The main idea is to modify the used [authentication file](https://docs.podman.io/en/latest/markdown/podman-login.1.html#authfile-path)
+and specify a second `auth` entry that has a specified port or path, which acts as a new entry for which different 
+credentials can be specified.
+
+Given an authentication file with a specified path:
+
+```json
+{
+  "auths": {
+    "quay.io/username": {
+      "auth": "token to be used when accessing the username's namespace"
+    },
+    "quay.io": {
+      "auth": "broad token to be used when the quay.io host is specified"
+    }
+  }
+}
+```
+
+Build and publish a release image:
+
+```console
+$ oc adm release new --from-release=quay.io/openshift-release-dev/ocp-release:4.11.18-x86_64 \
+                     --to-image-base=quay.io/username/origin-cluster-version-operator:latest \
+                     --to-image=quay.io/username/ocp-release:latest
+```
+
+Given a specified port in the authentication file:
+
+```json
+{
+  "auths": {
+    "quay.io:443": {
+      "auth": "broad token to be used when the quay.io host and the 443 port are specified"
+    },
+    "quay.io": {
+      "auth": "broad token to be used when the quay.io host is specified"
+    }
+  }
+}
+```
+
+Build and publish a release image by specifying the port accordingly, for example:
+
+```console
+$ oc adm release new --from-release=quay.io/openshift-release-dev/ocp-release:4.11.18-x86_64 \
+                     --to-image-base=quay.io:443/${NAMESPACE}/origin-cluster-version-operator:latest \
+                     --to-image=quay.io:443/${NAMESPACE}/ocp-release:latest
 ```
 
 ## Testing CVO
