curl · pstoeckle · Jul 17, 2025 · Jul 17, 2025
diff --git a/Makefile b/Makefile
@@ -2,7 +2,7 @@
 
 container_ids=`buildah ls --format "{{.ContainerID}}"`
 
-# default setttings for official curl images
+# default settings for official curl images
 debian_base=docker.io/debian
 fedora_base=docker.io/fedora
 base=docker.io/alpine:3.22.1

diff --git a/README.md b/README.md
@@ -1,26 +1,31 @@
 # Curl Container
 
-[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml) 
+[![build_master_multi_images](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_master_multi.yml)
 [![build_latest_release_multi_images](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml/badge.svg)](https://github.com/curl/curl-container/actions/workflows/build_latest_release_multi.yml)
 
-This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images 
+This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images
 available from the following registries:
+
 * [quay.io](https://quay.io/curl/curl): curl images distributed by Quay.io
 * [docker.io](https://hub.docker.com/r/curlimages/curl): curl images distributed by docker.io
 * [github packages](https://github.com/orgs/curl/packages): development curl images
 
 To pull an image:
+
+```shell
+podman pull quay.io/curl/curl:latest
 ```
-> podman pull quay.io/curl/curl:latest
-```
+
 To run an image:
-```
-> podman run -it quay.io/curl/curl:latest -V
+
+```shell
+podman run -it quay.io/curl/curl:latest -V
 ```
 
 To use base image:
-```
-from quay.io/curl/curl-base:latest
+
+```dockerfile
+FROM quay.io/curl/curl-base:latest
 RUN apk add jq
 ```
 
@@ -32,19 +37,24 @@ RUN apk add jq
 ## How to verify images
 
 To view curl image signature use [sigstore](https://sigstore.dev) `cosign tree`:
-```commandline
-> cosign tree ghcr.io/curl/curl-container/curl:master
+
+```shell
+cosign tree ghcr.io/curl/curl-container/curl:master
 ```
+
 Images are verified with this [public key](https://github.com/curl/curl-container/blob/main/cosign.pub):
+
 ```commandline
 -----BEGIN PUBLIC KEY-----
 MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwFTRXl79xRiAFa5ZX4aZ7Vkdqmji
 5WY0zqc3bd6B08CsNftlYsu2gAqdWm0IlzoQpi2Zi5C437RTg/DgLQ6Bkg==
 -----END PUBLIC KEY-----
 ```
+
 Verify image using [cosign.pub](cosign.pub) public key using [sigstore](https://sigstore.dev) `cosign verify`:
-```
-> cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master
+
+```shell
+cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master
 ```
 
 ## Contact
@@ -57,38 +67,44 @@ or [Jim Fuller]([email protected]) directly.
 The following images are available via [github packages](https://github.com/orgs/curl/packages).
 
 Master branch built regularly:
-* **curl-dev:master** - curl-dev **master** branch 
+
+* **curl-dev:master** - curl-dev **master** branch
 * **curl-base:master** - curl-base **master** branch
 * **curl:master** - curl **master** branch
 * **curl-multi:master** - curl multiarch **master** branch
 * **curl-base-multi:master** - curl-base multiarch **master** branch
 
 A set of special case images built regularly:
-* **curl-exp:master** - curl **master** branch built enabling expiremental features
+
+* **curl-exp:master** - curl **master** branch built enabling experimental features
 
 Platform specific dev images built daily:
+
 * **curl-dev:master** - alpine based development environment
 * **curl-dev-debian:master** - debian based development environment
 * **curl-dev-fedora:master** - fedora based development environment
 
-To use any of these development images; 
-```
-> podman run -it -v /Users/exampleuser/src/curl:/src/curl  ghcr.io/curl/curl-container/curl-dev-debian:master zsh
-> ./buildconf
-> ./configure
-> make
+To use any of these development images;
+
+```shell
+podman run -it -v /Users/exampleuser/src/curl:/src/curl  ghcr.io/curl/curl-container/curl-dev-debian:master zsh
+./buildconf
+./configure
+make
 ```
 
-**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which 
+**Note**- dev images are not specifically scanned for vulnerabilities and we currently _pin_ to latest which
 always has vulns ... **use at your own risk**. Perhaps we could consider _pinning_ to a later 'vintage'.
 
 ## Dependencies
 
 Either of the following are required to use images:
-* [podman](https://podman.io/getting-started/) 
+
+* [podman](https://podman.io/getting-started/)
 * [docker](https://docs.docker.com/get-docker/)
 
-The following are required to build or release images: 
+The following are required to build or release images:
+
 * [buildah](https://buildah.io/): used for composing dev/build images
 * [qemu-user-static](https://github.com/multiarch/qemu-user-static): used for building multiarch images
 
@@ -106,4 +122,3 @@ The release process is as follows:
 * raise prep PR, review and merge
 * create [new release](https://github.com/curl/curl-container/releases/new) with new tag ( ex. 8.1.2 ) based on previously created branch
 * new tag will trigger CI for publishing to quay/docker
-
diff --git a/adrs/01-design.md b/adrs/01-design.md
@@ -24,7 +24,7 @@ One other goal is to ensure this infrastructure is not overly dependent on any s
 
 ## Container Build Design
 
-Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hiearchy of 
+Using [buildah](https://buildah.io/), we can create reusable and parameterised set of scripts building a hierarchy of
 container images.
 
 ```commandline
@@ -58,7 +58,7 @@ Design and create container image build process using [buildah](https://buildah.
 
 Add CHANGELOG.md and automated release process based on tag.
 
-Use [sigstore](https://www.sigstore.dev/) for signing and verifying fo all images generated by this process
+Use [sigstore](https://www.sigstore.dev/) for signing and verifying for all images generated by this process
 
 Ensure both podman and docker work equally well.
 
@@ -69,8 +69,8 @@ Enhance testing
 We could keep the status quo (eg. ugly bash/makefile) though it is hard to maintain... also current release process is completely
 opaque and non automated.
 
-We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ... 
+We could have opted for other container build frameworks/language or other adjuncts (ex. [skopeo](https://github.com/containers/skopeo)) ...
 buildah seemed to have the right set of features and mature ... perhaps in the future we will have even more choices.
 
 Presumably we could have gone full 'code as infrastructure' and invoke buildah programmatically ... opted for shell scripts
-for simplicity.
+for simplicity.