diff --git a/Makefile b/Makefile index 807629c..168dd6b 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ container_ids=`buildah ls --format "{{.ContainerID}}"` -# default setttings for official curl images +# default settings for official curl images debian_base=docker.io/debian fedora_base=docker.io/fedora base=docker.io/alpine:3.22.1 diff --git a/README.md b/README.md index 113f65d..4dec2a4 100644 --- a/README.md +++ b/README.md @@ -1,26 +1,31 @@ # Curl Container -[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml) +[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml) [![build_latest_release_multi_images](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml) -This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images +This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images available from the following registries: + * [quay.io](https://quay.io/curl/curl): curl images distributed by Quay.io * [docker.io](https://hub.docker.com/r/curlimages/curl): curl images distributed by docker.io * [github packages](https://github.com/orgs/curl/packages): development curl images To pull an image: + +```shell +podman pull quay.io/curl/curl:latest ``` -> podman pull quay.io/curl/curl:latest -``` + To run an image: -``` -> podman run -it quay.io/curl/curl:latest -V + +```shell +podman run -it quay.io/curl/curl:latest -V ``` To use base image: -``` -from quay.io/curl/curl-base:latest + +```dockerfile +FROM quay.io/curl/curl-base:latest RUN apk add jq ``` @@ -32,19 +37,24 @@ RUN apk add jq ## How to verify images To view curl image signature use [sigstore](https://sigstore.dev) `cosign tree`: -```commandline -> cosign tree ghcr.io/curl/curl-container/curl:master + +```shell +cosign tree ghcr.io/curl/curl-container/curl:master ``` + Images are verified with this [public key](https://github.com/curl/curl-container/blob/main/cosign.pub): + ```commandline -----BEGIN PUBLIC KEY----- MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwFTRXl79xRiAFa5ZX4aZ7Vkdqmji 5WY0zqc3bd6B08CsNftlYsu2gAqdWm0IlzoQpi2Zi5C437RTg/DgLQ6Bkg== -----END PUBLIC KEY----- ``` + Verify image using [cosign.pub](cosign.pub) public key using [sigstore](https://sigstore.dev) `cosign verify`: -``` -> cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master + +```shell +cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master ``` ## Contact @@ -57,38 +67,44 @@ or [Jim Fuller](jim.fuller@webcomposite.com) directly. The following images are available via [github packages](https://github.com/orgs/curl/packages). Master branch built regularly: -* **curl-dev:master** - curl-dev **master** branch + +* **curl-dev:master** - curl-dev **master** branch * **curl-base:master** - curl-base **master** branch * **curl:master** - curl **master** branch * **curl-multi:master** - curl multiarch **master** branch * **curl-base-multi:master** - curl-base multiarch **master** branch A set of special case images built regularly: -* **curl-exp:master** - curl **master** branch built enabling expiremental features + +* **curl-exp:master** - curl **master** branch built enabling experimental features Platform specific dev images built daily: + * **curl-dev:master** - alpine based development environment * **curl-dev-debian:master** - debian based development environment * **curl-dev-fedora:master** - fedora based development environment -To use any of these development images; -``` -> podman run -it -v /Users/exampleuser/src/curl:/src/curl ghcr.io/curl/curl-container/curl-dev-debian:master zsh -> ./buildconf -> ./configure -> make +To use any of these development images; + +```shell +podman run -it -v /Users/exampleuser/src/curl:/src/curl ghcr.io/curl/curl-container/curl-dev-debian:master zsh +./buildconf +./configure +make ``` -**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which +**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which always has vulns ... **use at your own risk**. Perhaps we could consider _pinning_ to a later 'vintage'. ## Dependencies Either of the following are required to use images: -* [podman](https://podman.io/getting-started/) + +* [podman](https://podman.io/getting-started/) * [docker](https://docs.docker.com/get-docker/) -The following are required to build or release images: +The following are required to build or release images: + * [buildah](https://buildah.io/): used for composing dev/build images * [qemu-user-static](https://github.com/multiarch/qemu-user-static): used for building multiarch images @@ -106,4 +122,3 @@ The release process is as follows: * raise prep PR, review and merge * create [new release](https://github.com/curl/curl-container/releases/new) with new tag ( ex. 8.1.2 ) based on previously created branch * new tag will trigger CI for publishing to quay/docker - diff --git a/adrs/01-design.md b/adrs/01-design.md index 61fe57a..332610e 100644 --- a/adrs/01-design.md +++ b/adrs/01-design.md @@ -24,7 +24,7 @@ One other goal is to ensure this infrastructure is not overly dependent on any s ## Container Build Design -Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hiearchy of +Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hierarchy of container images. ```commandline @@ -58,7 +58,7 @@ Design and create container image build process using [buildah](https://buildah. Add CHANGELOG.md and automated release process based on tag. -Use [sigstore](https://www.sigstore.dev/) for signing and verifying fo all images generated by this process +Use [sigstore](https://www.sigstore.dev/) for signing and verifying for all images generated by this process Ensure both podman and docker work equally well. @@ -69,8 +69,8 @@ Enhance testing We could keep the status quo (eg. ugly bash/makefile) though it is hard to maintain... also current release process is completely opaque and non automated. -We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ... +We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ... buildah seemed to have the right set of features and mature ... perhaps in the future we will have even more choices. Presumably we could have gone full 'code as infrastructure' and invoke buildah programmatically ... opted for shell scripts -for simplicity. \ No newline at end of file +for simplicity.