Skip to content
This repository has been archived by the owner on Jan 26, 2024. It is now read-only.

Latest commit

 

History

History
24 lines (20 loc) · 1.08 KB

README.md

File metadata and controls

24 lines (20 loc) · 1.08 KB

Chainguard Images Template

This repo provides a basic template for a Wolfi-based image configured using apko.

After creating your own repo from this template, edit apko.yaml to add or remove whatever packages you need.

The template includes two GitHub Actions workflows:

  • run a presubmit build when a pull request is opened
  • publish a new image when changes are pushed to main.
    • Images are pushed to ghcr.io/$ORG/$REPO, tagged with the date the image was published (e.g., :20230103).
    • Images are signed using the GitHub Actions' workload identity (cosign verify <image>).
    • Images have an SBOM attached (cosign download sbom <image>).
    • Images are scanned for vulnerabilities using Trivy, and signed vulnerability attestations are attached (cosign download attestation <image>). You can enable scanning with Grype and Snyk as well.
    • Images are also rebuilt nightly to pick up Wolfi package updates.