Background

Update the Intel SGX Provisioning Certificate Caching Service (PCCS) containerfile to use UBI 10 as the base image instead of UBI 9 with Node.js 20. This migration is a prerequisite for the Konflux build implementation and ensures compatibility with latest Red Hat base image standards.

Current State

• Current Base Image: Red Hat Universal Base Image (UBI) with Node.js 20
• Target Base Image: Red Hat Universal Base Image (UBI) 10 with Node.js 20
• Container Location: https://github.com/openshift/confidential-compute-artifacts/tree/main/containerfiles/pccs

Migration Requirements

• Update Containerfile FROM statement to use UBI 10 with Node.js 20
• Verify Node.js 20 compatibility with UBI 10
• Ensure Intel SGX DCAP repository integration works with UBI 10
• Validate PCK Certificate Selection library compilation
• Test PCCS server functionality and certificate management

Technical Considerations

• Verify Node.js 20 runtime availability in UBI 10
• Ensure build tools and dependencies work correctly
• Test Intel SGX DCAP repository cloning and version pinning
• Validate PCK Certificate Selection library build process
• Check multi-stage build optimization with UBI 10
• Verify PCCS server startup and operation

Acceptance Criteria

• [ ] Containerfile updated to use UBI 10 with Node.js 20 base image
• [ ] Multi-stage container builds successfully
• [ ] All Node.js dependencies install correctly
• [ ] Intel SGX DCAP repository integration works
• [ ] PCK Certificate Selection library compiles properly
• [ ] PCCS server starts and runs correctly
• [ ] Certificate management functionality validated
• [ ] Container image passes security scans
• [ ] Final image remains optimized and minimal
• [ ] Documentation updated to reflect UBI 10 usage

Dependencies

• This story is a prerequisite for KATA-4170 (Konflux build implementation)
• Access to UBI 10 with Node.js 20 base images
• Intel SGX DCAP repository compatibility verification