readme.adoc

My Dockerfile and docker-compose

• For development, I mostly use Podman instead of Docker. Except some applications that only supports Docker (e.g. Cosign)

• Please check the license of the components of the container images.

  • Using Apache 2.0 License for the Dockerfiles and docker-compose does not mean the container image is under Apache 2.0 License.

  • The created container image would contain other software (such as Bash, glibc and etc.), these software may be in different licenses.

• Please check any direct and in-direct dependency of the software being produced or contained.

List of materials

• Here’s a list of Dockerfile and container images that maintain or create

Application name	Dockerfile/building repository	Container repository	Signed	Purpose	Remark
pod-recon	GitHub repo, a Git mirror	GitLab Container Registry	Yes	Collection of tools for troubleshooting in container environments	Use almalinux/9-minimal as base OS
amicontained	GitHub repo	GitHub container registry	Yes	Aims to create amicontained on ARM64 platform	Use Alpine as base OS Not using set-output for GH actions
MeiliSearch	GitHub repo	GitHub container registry	Yes	For using stripped MeiliSearch binaries	Use minideb Debian-12 as base OS Not using set-output for GH actions
WikiJS	GitHub repo	GitHub container registry	Yes	Update NodeJS packages in WikiJS and other optimizations	Use node18 Debian-12 as base OS Not using set-output for GH actions
Coral Project - Talk	GitHub repo	GitLab Container Registry, ARM64 only	Yes	Coral Project - Talk does not (currently) provide official ARM64 Docker image	Use node20 Debian-11 as base OS CircleCI (build), GH actions (Cosign/SBOM, broken)
Goat Counter	GitHub repo	GitHub container registry	Yes	No official Docker image is provided	Use rockylinux/9-minimal as base OS Not using save-output for GH action
Gollum	GitHub repo	GitHub container registry	Yes	Include Pandoc and AsciiDoctor support in the container image	Use ruby Debian-11 as base OS
Kubernetes example, NFS-exporter container with a file	GitHub repo	GitHub container registry	Yes	Outdated Docker image is provided, and no ARM64 support	Use almalinuxorg/9-minimal as base OS Not using save-output for GH action
Prometheus	My GitHub repo	My GitHub container registry	Yes	For customization with glibc and jemalloc support, but later turns out that jemalloc is not used	Use ChainGuard busybox:latest-glibc as base OS Not using save-output for GH actions
mcrouter by Facebook/Meta	My GitHub repo	My GitHub container registry, for AMD64 My GitLab container registry, for ARM64	No	No official container images provided	Use Almalinux 8 as base OS Not using save-output for GH actions

Container image verification by Cosign

If the container is signed (by me). You can verify by below steps:

1. Get my Cosign public key and save as cosign.pub

   -----BEGIN PUBLIC KEY-----
   MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENAxpHzZWHRHsR72J+Zzm6M32UAvv
   YeHhQD4doXjqNXHbgXI212HVfmLzBevCvUqurwPvEsTf9FqWuYHUUrrK6w==
   -----END PUBLIC KEY-----

2. Command for Cosign

   cosign verify --key cosign.pub \
     [container-registry/project-name:tag]

   Example:

   cosign verify --key cosign.pub \
     ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0

3. Output:

   Verification for ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0 --
   The following checks were performed on each of these signatures:
     - The cosign claims were validated
     - The signatures were verified against the specified public key
     - Any certificates were verified against the Fulcio roots.
   
   [{"critical":{"identity":{"docker-reference":"ghcr.io/patrickdung/meilisearch-crossbuild"},"image":{"docker-manifest-digest":"sha256:41969fc06309c9988a23aa5a1ca677c171c9011399527d2c2120bab87ea9311a"},"type":"cosign container image signature"},"optional":null}]