├── .github └── workflows │ ├── delete-images-from-ghcr.yml │ ├── docker-image-alpine-316-build.yml │ ├── docker-image-alpine-316-cicd.yml │ ├── docker-image-alpine-316-openjdk11.yml │ ├── docker-image-alpine-316-openjdk17.yml │ ├── docker-image-alpine-316-openjre11.yml │ ├── docker-image-alpine-316-openjre17.yml │ ├── docker-image-alpine-316-python310-build.yml │ ├── docker-image-alpine-316-python310-run.yml │ ├── docker-image-alpine-316-run.yml │ ├── docker-image-debian11-base.yml │ ├── docker-image-debian11-python3-build.yml │ ├── docker-image-ubuntu-2204-base.yml │ ├── docker-image-ubuntu-2204-cicd.yml │ ├── docker-image-ubuntu-2204-node16.yml │ ├── docker-image-ubuntu-2204-openjdk11.yml │ ├── docker-image-ubuntu-2204-openjdk17.yml │ ├── docker-image-ubuntu-2204-openjre11.yml │ ├── docker-image-ubuntu-2204-openjre17.yml │ ├── docker-image-ubuntu-2204-python310-build.yml │ ├── docker-image-ubuntu-2204-python310-run.yml │ ├── docker-image-ubuntu-2204-run.yml │ ├── mirror-dockerhub-images.yml │ └── mirror-gcr-images.yml ├── README.md ├── alpine3.16-build └── Dockerfile ├── alpine3.16-cicd └── Dockerfile ├── alpine3.16-openjdk11 └── Dockerfile ├── alpine3.16-openjdk17 └── Dockerfile ├── alpine3.16-openjre11 └── Dockerfile ├── alpine3.16-openjre17 └── Dockerfile ├── alpine3.16-python3.10-build └── Dockerfile ├── alpine3.16-python3.10-run └── Dockerfile ├── alpine3.16-run └── Dockerfile ├── debian11-base └── Dockerfile ├── debian11-python3-build └── Dockerfile ├── ubuntu22.04-base └── Dockerfile ├── ubuntu22.04-cicd └── Dockerfile ├── ubuntu22.04-node16 └── Dockerfile ├── ubuntu22.04-openjdk11 └── Dockerfile ├── ubuntu22.04-openjdk17 └── Dockerfile ├── ubuntu22.04-openjre11 └── Dockerfile ├── ubuntu22.04-openjre17 └── Dockerfile ├── ubuntu22.04-python3.10-build └── Dockerfile ├── ubuntu22.04-python3.10-run └── Dockerfile └── ubuntu22.04-run └── Dockerfile /.github/workflows/delete-images-from-ghcr.yml: -------------------------------------------------------------------------------- 1 | name: delete-ghcr-images 2 | 3 | on: 4 | # push: 5 | # branches: 6 | # - main 7 | workflow_dispatch: 8 | 9 | jobs: 10 | delete-images: 11 | name: Delete image from ghcr.io 12 | runs-on: ubuntu-latest 13 | # strategy: 14 | # matrix: 15 | # tag: [''2.0.0-cnb', 16 | # 'sha256-9d8e012da12e6449723114fb484bae12459cc9cb501c17eac03e7b1ccb743369.sig', 17 | # '2.0.0-buildx-amazoncorretto-17-alpine3-15', 18 | # 'sha256-53809537e15bb78d5eef05e810577d53eb8b0840a808e121326328737690a037.sig', 19 | # '2.0.0-kaniko-curated-alpine3.16-openjdk17', 20 | # 'sha256-e19c7a251682fd8b439a9588bab8b1ca13c4db2ba559ed8ecda2715b2300fe45.sig', 21 | # '2.0.0-kaniko-amazoncorretto-17-alpine3-15', 22 | # 'sha256-d55bd9a9f00f2aca315904f80f5f1c445038fc7a62665e93c6da977f6b04bf6b.sig', 23 | # '2.0.0-buildx-distroless-java17-debian11', 24 | # 'sha256-9c301b40bcfbdd8ff0bdcdc21b1f8087fad48af8866df570c91d662fd20f7355.sig', 25 | # '2.0.0-buildx-eclipse-temurin-17-jre-jammy'] 26 | steps: 27 | - name: Delete image 28 | uses: bots-house/ghcr-delete-image-action@main 29 | with: 30 | owner: codepraxis-io 31 | name: spring-music 32 | token: ${{ secrets.GHCR_TOKEN }} 33 | #tag: ${{ matrix.tag }} 34 | untagged-keep-latest: 1 35 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-build.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-build 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-build 11 | - .github/workflows/docker-image-alpine-316-build.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-build 18 | docker_image_name: alpine3.16 19 | docker_image_tag: build 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-cicd.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-cicd 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-cicd 11 | - .github/workflows/docker-image-alpine-316-cicd.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-cicd 18 | docker_image_name: alpine3.16 19 | docker_image_tag: cicd 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-openjdk11.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-openjdk11 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-openjdk11 11 | - .github/workflows/docker-image-alpine-316-openjdk11.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-openjdk11 18 | docker_image_name: alpine3.16 19 | docker_image_tag: openjdk11 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-openjdk17.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-openjdk17 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-openjdk17 11 | - .github/workflows/docker-image-alpine-316-openjdk17.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-openjdk17 18 | docker_image_name: alpine3.16 19 | docker_image_tag: openjdk17 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-openjre11.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-openjre11 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-openjre11 11 | - .github/workflows/docker-image-alpine-316-openjre11.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-openjre11 18 | docker_image_name: alpine3.16 19 | docker_image_tag: openjre11 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-openjre17.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-openjre17 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-openjre17 11 | - .github/workflows/docker-image-alpine-316-openjre17.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-openjre17 18 | docker_image_name: alpine3.16 19 | docker_image_tag: openjre17 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-python310-build.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-python310-build 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-python3.10-build 11 | - .github/workflows/docker-image-alpine-316-python310-build.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-python3.10-build 18 | docker_image_name: alpine3.16 19 | docker_image_tag: python3.10-build 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-python310-run.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-python310-run 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-python3.10-run 11 | - .github/workflows/docker-image-alpine-316-python310-run.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-python3.10-run 18 | docker_image_name: alpine3.16 19 | docker_image_tag: python3.10-run 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-alpine-316-run.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-alpine-316-run 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - alpine3.16-run 11 | - .github/workflows/docker-image-alpine-316-run.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: alpine3.16-run 18 | docker_image_name: alpine3.16 19 | docker_image_tag: run 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-debian11-base.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-debian11-base 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - debian11-base 11 | - .github/workflows/docker-image-debian11-base.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: debian11-base 18 | docker_image_name: debian11 19 | docker_image_tag: base 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-debian11-python3-build.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-debian11-python3-build 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - debian11-python3-build 11 | - .github/workflows/docker-image-debian11-python3-build.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: debian11-python3-build 18 | docker_image_name: debian11 19 | docker_image_tag: python3-build 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-base.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-base 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-base 11 | - .github/workflows/docker-image-ubuntu-2204-base.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-base 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: base 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-cicd.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-cicd 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-cicd 11 | - .github/workflows/docker-image-ubuntu-2204-cicd.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-cicd 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: cicd 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-node16.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-node16 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-node16 11 | - .github/workflows/docker-image-ubuntu-2204-node16.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-node16 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: node16 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-openjdk11.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-openjdk11 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-openjdk11 11 | - .github/workflows/docker-image-ubuntu-2204-openjdk11.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-openjdk11 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: openjdk11 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-openjdk17.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-openjdk17 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-openjdk17 11 | - .github/workflows/docker-image-ubuntu-2204-openjdk17.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-openjdk17 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: openjdk17 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-openjre11.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-openjre11 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-openjre11 11 | - .github/workflows/docker-image-ubuntu-2204-openjre11.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-openjre11 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: openjre11 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-openjre17.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-openjre17 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-openjre17 11 | - .github/workflows/docker-image-ubuntu-2204-openjre17.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-openjre17 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: openjre17 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-python310-build.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-python310-build 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-python3.10-build 11 | - .github/workflows/docker-image-ubuntu-2204-python310-build.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-python3.10-build 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: python3.10-build 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-python310-run.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-python310-run 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-python3.10-run 11 | - .github/workflows/docker-image-ubuntu-2204-python310-run.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-python3.10-run 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: python3.10-run 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/docker-image-ubuntu-2204-run.yml: -------------------------------------------------------------------------------- 1 | name: docker-image-ubuntu-2204-run 2 | 3 | on: 4 | schedule: 5 | - cron: '0 7 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - ubuntu22.04-run 11 | - .github/workflows/docker-image-ubuntu-2204-run.yml 12 | workflow_dispatch: 13 | jobs: 14 | pipeline: 15 | uses: codepraxis-io/github-actions/.github/workflows/docker-build-scan-push-workflow.yml@main 16 | with: 17 | docker_context_dir: ubuntu22.04-run 18 | docker_image_name: ubuntu22.04 19 | docker_image_tag: run 20 | secrets: 21 | destination_registry_username: ${{ secrets.GH_PACKAGES_USERNAME }} 22 | destination_registry_password: ${{ secrets.GH_PAT }} 23 | cosign_private_key: ${{ secrets.COSIGN_PRIVATE_KEY }} 24 | cosign_private_key_password: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 25 | cosign_public_key: ${{ secrets.COSIGN_PUBLIC_KEY }} 26 | -------------------------------------------------------------------------------- /.github/workflows/mirror-dockerhub-images.yml: -------------------------------------------------------------------------------- 1 | name: mirror-dockerhub-images 2 | 3 | on: 4 | schedule: 5 | - cron: '0 6 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - .github/workflows/mirror-dockerhub-images.yml 11 | workflow_dispatch: 12 | jobs: 13 | pipeline: 14 | uses: codepraxis-io/github-actions/.github/workflows/docker-image-mirror-workflow.yml@main 15 | with: 16 | upstream-registry: registry.hub.docker.com 17 | upstream-image-list: '["library/ubuntu:22.04", "library/alpine:3.16", "library/debian:11-slim", "library/amazoncorretto:17.0.4-alpine3.15", "library/eclipse-temurin:17-jre-jammy"]' 18 | secrets: 19 | DESTINATION_REGISTRY_USERNAME: ${{ secrets.GH_PACKAGES_USERNAME }} 20 | DESTINATION_REGISTRY_PASSWORD: ${{ secrets.GH_PAT }} 21 | COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} 22 | COSIGN_PRIVATE_KEY_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 23 | COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} 24 | -------------------------------------------------------------------------------- /.github/workflows/mirror-gcr-images.yml: -------------------------------------------------------------------------------- 1 | name: mirror-gcr-images 2 | 3 | on: 4 | schedule: 5 | - cron: '0 6 * * *' 6 | push: 7 | branches: 8 | - main 9 | paths: 10 | - .github/workflows/mirror-gcr-images.yml 11 | workflow_dispatch: 12 | jobs: 13 | pipeline: 14 | uses: codepraxis-io/github-actions/.github/workflows/docker-image-mirror-workflow.yml@main 15 | with: 16 | upstream-registry: gcr.io 17 | upstream-image-list: '["distroless/java11-debian11:latest", "distroless/java17-debian11:latest", "distroless/python3-debian11:latest"]' 18 | secrets: 19 | DESTINATION_REGISTRY_USERNAME: ${{ secrets.GH_PACKAGES_USERNAME }} 20 | DESTINATION_REGISTRY_PASSWORD: ${{ secrets.GH_PAT }} 21 | COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} 22 | COSIGN_PRIVATE_KEY_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_PASSWORD }} 23 | COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY }} 24 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # curated-docker-images 2 | Docker images mirrored from upstream registries and curated 3 | -------------------------------------------------------------------------------- /alpine3.16-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/library/alpine:3.16 2 | 3 | ENV cosign_version=1.13.1 4 | ENV crane_version=0.12.0 5 | 6 | # Install basic tools 7 | RUN set -eux \ 8 | #&& apk --no-cache add alpine-sdk \ 9 | && apk --no-cache add \ 10 | bash \ 11 | build-base \ 12 | ca-certificates \ 13 | curl \ 14 | docker-cli \ 15 | gettext \ 16 | git \ 17 | gnupg \ 18 | gpg-agent \ 19 | jq \ 20 | lsof \ 21 | unzip \ 22 | vim \ 23 | wget \ 24 | zip 25 | 26 | # install cosign 27 | RUN \ 28 | cd /tmp \ 29 | && wget "https://github.com/sigstore/cosign/releases/download/v${cosign_version}/cosign-linux-amd64" \ 30 | && mv cosign-linux-amd64 /usr/local/bin/cosign \ 31 | && chmod +x /usr/local/bin/cosign 32 | 33 | # install crane and gcrane 34 | RUN \ 35 | mkdir -p /tmp/crane \ 36 | && cd /tmp/crane \ 37 | && curl -sL "https://github.com/google/go-containerregistry/releases/download/v${crane_version}/go-containerregistry_Linux_x86_64.tar.gz" > go-containerregistry.tar.gz \ 38 | && tar xvfz go-containerregistry.tar.gz \ 39 | && mv *crane /usr/local/bin \ 40 | && crane version \ 41 | && gcrane version \ 42 | && cd /tmp \ 43 | && rm -rf crane 44 | 45 | # add user with UID and GID 1000 to be used instead of root 46 | ENV USER_ID=1000 47 | ENV GROUP_ID=1000 48 | ENV USER_NAME=devsecops 49 | ENV GROUP_NAME=devsecops 50 | ENV USER_HOMEDIR=/home/devsecops 51 | 52 | RUN addgroup -g ${GROUP_ID} ${GROUP_NAME} \ 53 | && adduser -u ${USER_ID} -G ${GROUP_NAME} -D -h ${USER_HOMEDIR} ${USER_NAME} 54 | 55 | # Cleanup 56 | RUN rm -rf /var/cache/apk/* 57 | 58 | # Switch to non-root user 59 | #USER devsecops 60 | 61 | -------------------------------------------------------------------------------- /alpine3.16-cicd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:python3.10-build 2 | 3 | ENV ko_version=0.12.0 4 | 5 | # Install basic tools 6 | RUN set -eux \ 7 | #&& apk --no-cache add alpine-sdk \ 8 | && apk --no-cache add \ 9 | bash \ 10 | ca-certificates \ 11 | curl \ 12 | gettext \ 13 | git \ 14 | gnupg \ 15 | gpg-agent \ 16 | jq \ 17 | lsof \ 18 | unzip \ 19 | vim \ 20 | wget \ 21 | zip 22 | 23 | # install ko 24 | RUN \ 25 | mkdir -p /tmp/ko \ 26 | && cd /tmp/ko \ 27 | && curl -sL "https://github.com/ko-build/ko/releases/download/v${ko_version}/ko_${ko_version}_Linux_x86_64.tar.gz" > ko.tar.gz \ 28 | && tar xvfz ko.tar.gz \ 29 | && mv ko /usr/local/bin \ 30 | && ko version \ 31 | && cd /tmp \ 32 | && rm -rf ko 33 | 34 | # install trivy 35 | RUN \ 36 | curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.34.0 37 | 38 | # install semgrep 39 | RUN \ 40 | python3 -m pip install semgrep 41 | 42 | # install grype 43 | RUN \ 44 | curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin \ 45 | && chmod +x /usr/local/bin/grype 46 | 47 | # install syft 48 | RUN \ 49 | curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin \ 50 | && chmod +x /usr/local/bin/syft 51 | 52 | # Add $HOME/go/bin to $PATH 53 | RUN \ 54 | echo 'PATH=$PATH:$HOME/go/bin' >> /root/.bashrc 55 | 56 | # Cleanup 57 | RUN rm -rf /var/cache/apk/* 58 | 59 | # Switch to non-root user 60 | #USER devsecops 61 | 62 | -------------------------------------------------------------------------------- /alpine3.16-openjdk11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:build 2 | 3 | USER root 4 | RUN apk add openjdk11 5 | #USER devsecops 6 | -------------------------------------------------------------------------------- /alpine3.16-openjdk17/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:build 2 | 3 | USER root 4 | RUN apk add openjdk17 5 | #USER devsecops 6 | -------------------------------------------------------------------------------- /alpine3.16-openjre11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:run 2 | 3 | USER root 4 | RUN apk add openjdk11-jre-headless 5 | USER devsecops 6 | -------------------------------------------------------------------------------- /alpine3.16-openjre17/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:run 2 | 3 | USER root 4 | RUN apk add openjdk17-jre-headless 5 | USER devsecops 6 | -------------------------------------------------------------------------------- /alpine3.16-python3.10-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:build 2 | 3 | USER root 4 | 5 | # Install python, pip and venv 6 | RUN apk add python3 \ 7 | && apk add python3-dev \ 8 | && apk add py3-pip \ 9 | && apk add py3-virtualenv 10 | 11 | # install common python modules 12 | #RUN pip3 install requests \ 13 | # && pip3 install py-bcrypt 14 | 15 | # Cleanup 16 | RUN rm -rf /var/cache/apk/* 17 | 18 | #USER devsecops 19 | WORKDIR /home/devsecops 20 | 21 | -------------------------------------------------------------------------------- /alpine3.16-python3.10-run/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/alpine3.16:run 2 | 3 | USER root 4 | 5 | # Install python and venv 6 | RUN apk add python3 \ 7 | && apk add py3-virtualenv 8 | 9 | # Cleanup 10 | RUN rm -rf /var/cache/apk/* 11 | 12 | # switch to non-root user 13 | USER devsecops 14 | WORKDIR /home/devsecops 15 | -------------------------------------------------------------------------------- /alpine3.16-run/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/library/alpine:3.16 2 | 3 | # Install basic tools 4 | RUN set -eux \ 5 | && apk --no-cache add \ 6 | bash \ 7 | ca-certificates \ 8 | curl \ 9 | gettext \ 10 | jq \ 11 | vim \ 12 | wget \ 13 | zip 14 | 15 | # add user with UID and GID 1000 to be used instead of root 16 | ENV USER_ID=1000 17 | ENV GROUP_ID=1000 18 | ENV USER_NAME=devsecops 19 | ENV GROUP_NAME=devsecops 20 | ENV USER_HOMEDIR=/home/devsecops 21 | 22 | RUN addgroup -g ${GROUP_ID} ${GROUP_NAME} \ 23 | && adduser -u ${USER_ID} -G ${GROUP_NAME} -D -h ${USER_HOMEDIR} ${USER_NAME} 24 | 25 | # Cleanup 26 | RUN rm -rf /var/cache/apk/* 27 | 28 | # Switch to non-root user 29 | USER devsecops 30 | 31 | -------------------------------------------------------------------------------- /debian11-base/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/library/debian:11-slim 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | ENV cosign_version=1.13.1 5 | ENV crane_version=0.12.0 6 | 7 | # Install basic tools 8 | RUN set -eux \ 9 | && apt-get update -y \ 10 | && mkdir -p /usr/share/man/man1 \ 11 | && apt-get install -y --no-install-recommends \ 12 | apt-transport-https \ 13 | bash \ 14 | build-essential \ 15 | ca-certificates \ 16 | cmake \ 17 | curl \ 18 | gettext-base \ 19 | git-all \ 20 | gnupg-agent \ 21 | gnupg2 \ 22 | jq \ 23 | lsb-release \ 24 | lsof \ 25 | software-properties-common \ 26 | unzip \ 27 | vim \ 28 | wget \ 29 | zip 30 | 31 | 32 | # Install Docker CLI 33 | RUN mkdir -p /etc/apt/keyrings \ 34 | && curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \ 35 | && echo \ 36 | "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \ 37 | $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ 38 | && apt-get update \ 39 | && apt-get install docker-ce-cli -y 40 | 41 | # install cosign 42 | RUN \ 43 | cd /tmp \ 44 | && wget "https://github.com/sigstore/cosign/releases/download/v${cosign_version}/cosign-linux-amd64" \ 45 | && mv cosign-linux-amd64 /usr/local/bin/cosign \ 46 | && chmod +x /usr/local/bin/cosign 47 | 48 | # install crane and gcrane 49 | RUN \ 50 | mkdir -p /tmp/crane \ 51 | && cd /tmp/crane \ 52 | && curl -sL "https://github.com/google/go-containerregistry/releases/download/v${crane_version}/go-containerregistry_Linux_x86_64.tar.gz" > go-containerregistry.tar.gz \ 53 | && tar xvfz go-containerregistry.tar.gz \ 54 | && mv *crane /usr/local/bin \ 55 | && crane version \ 56 | && gcrane version \ 57 | && cd /tmp \ 58 | && rm -rf crane 59 | 60 | # add user with UID and GID 1000 to be used instead of root in Dockerfiles derived from this one 61 | ENV USER_ID=1000 62 | ENV USER_NAME=devsecops 63 | ENV USER_HOMEDIR=/home/devsecops 64 | 65 | RUN useradd -u ${USER_ID} -U -m -d ${USER_HOMEDIR} ${USER_NAME} 66 | 67 | # Cleanup 68 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 69 | 70 | # Become non-root user 71 | #USER devsecops 72 | 73 | -------------------------------------------------------------------------------- /debian11-python3-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/debian11:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | RUN apt-get update -y && \ 6 | apt-get install --no-install-suggests --no-install-recommends --yes python3-venv libpython3-dev python3-pip \ 7 | python3-distutils gcc 8 | 9 | # install useful python modules 10 | RUN pip3 install requests cyclonedx-bom 11 | 12 | # Cleanup 13 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 14 | -------------------------------------------------------------------------------- /ubuntu22.04-base/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/library/ubuntu:22.04 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | ENV cosign_version=1.13.1 5 | ENV crane_version=0.12.0 6 | 7 | # Install basic tools 8 | RUN set -eux \ 9 | && apt-get update -y \ 10 | && mkdir -p /usr/share/man/man1 \ 11 | && apt-get install -y --no-install-recommends \ 12 | apt-transport-https \ 13 | bash \ 14 | build-essential \ 15 | ca-certificates \ 16 | cmake \ 17 | curl \ 18 | gettext-base \ 19 | git-all \ 20 | gnupg-agent \ 21 | gnupg2 \ 22 | jq \ 23 | lsb-release \ 24 | lsof \ 25 | software-properties-common \ 26 | unzip \ 27 | vim \ 28 | wget \ 29 | zip 30 | 31 | 32 | # Install Docker CLI 33 | RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \ 34 | && echo \ 35 | "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \ 36 | $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null \ 37 | && apt-get update \ 38 | && apt-get install docker-ce-cli -y 39 | #&& apt-get install docker-ce docker-ce-cli containerd.io -y 40 | 41 | # install cosign 42 | RUN \ 43 | cd /tmp \ 44 | && wget "https://github.com/sigstore/cosign/releases/download/v${cosign_version}/cosign-linux-amd64" \ 45 | && mv cosign-linux-amd64 /usr/local/bin/cosign \ 46 | && chmod +x /usr/local/bin/cosign 47 | 48 | # install crane and gcrane 49 | RUN \ 50 | mkdir -p /tmp/crane \ 51 | && cd /tmp/crane \ 52 | && curl -sL "https://github.com/google/go-containerregistry/releases/download/v${crane_version}/go-containerregistry_Linux_x86_64.tar.gz" > go-containerregistry.tar.gz \ 53 | && tar xvfz go-containerregistry.tar.gz \ 54 | && mv *crane /usr/local/bin \ 55 | && crane version \ 56 | && gcrane version \ 57 | && cd /tmp \ 58 | && rm -rf crane 59 | 60 | # add user with UID and GID 1000 to be used instead of root in Dockerfiles derived from this one 61 | ENV USER_ID=1000 62 | ENV USER_NAME=devsecops 63 | ENV USER_HOMEDIR=/home/devsecops 64 | 65 | RUN useradd -u ${USER_ID} -U -m -d ${USER_HOMEDIR} ${USER_NAME} 66 | 67 | # Cleanup 68 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 69 | 70 | # Become non-root user 71 | #USER devsecops 72 | 73 | -------------------------------------------------------------------------------- /ubuntu22.04-cicd/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | ENV go_version=1.18.6 5 | ENV ko_version=0.12.0 6 | 7 | USER root 8 | 9 | # install go 10 | #RUN \ 11 | #curl -L https://golang.org/dl/go${go_version}.linux-amd64.tar.gz -o /tmp/go${go_version}.linux-amd64.tar.gz \ 12 | #&& tar -C /usr/local -xzf /tmp/go${go_version}.linux-amd64.tar.gz \ 13 | #&& mv /usr/local/go /usr/local/go${go_version} \ 14 | #&& ln -snf /usr/local/go${go_version}/bin/go /usr/local/bin/go 15 | 16 | # install ko 17 | RUN \ 18 | mkdir -p /tmp/ko \ 19 | && cd /tmp/ko \ 20 | && curl -sL "https://github.com/ko-build/ko/releases/download/v${ko_version}/ko_${ko_version}_Linux_x86_64.tar.gz" > ko.tar.gz \ 21 | && tar xvfz ko.tar.gz \ 22 | && mv ko /usr/local/bin \ 23 | && ko version \ 24 | && cd /tmp \ 25 | && rm -rf ko 26 | 27 | # install trivy 28 | RUN \ 29 | wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - \ 30 | && echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list \ 31 | && apt-get update \ 32 | && apt-get install trivy 33 | 34 | # install semgrep 35 | RUN \ 36 | apt-get install -y python3-pip \ 37 | && python3 -m pip install semgrep 38 | 39 | # install grype 40 | RUN \ 41 | curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin \ 42 | && chmod +x /usr/local/bin/grype 43 | 44 | # install syft 45 | RUN \ 46 | curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin \ 47 | && chmod +x /usr/local/bin/syft 48 | 49 | # Add $HOME/go/bin to $PATH 50 | RUN \ 51 | echo 'PATH=$PATH:$HOME/go/bin' >> /root/.bashrc 52 | 53 | # Cleanup 54 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 55 | 56 | # Switch to non-root user 57 | #USER devsecops 58 | -------------------------------------------------------------------------------- /ubuntu22.04-node16/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install node 16 8 | RUN curl -fsSL https://deb.nodesource.com/setup_16.x | bash - 9 | RUN apt-get install -y nodejs 10 | 11 | # Cleanup 12 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 13 | 14 | # Switch to non-root user 15 | #USER devsecops 16 | -------------------------------------------------------------------------------- /ubuntu22.04-openjdk11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install default-jdk 8 | RUN apt update -y \ 9 | && apt install default-jdk -y \ 10 | && apt install maven -y 11 | 12 | # Cleanup 13 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 14 | 15 | # Switch to non-root user 16 | #USER devsecops 17 | -------------------------------------------------------------------------------- /ubuntu22.04-openjdk17/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install openjdk-17 8 | RUN apt update -y \ 9 | && apt install openjdk-17-jdk -y \ 10 | && apt install maven -y 11 | 12 | # Cleanup 13 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 14 | 15 | # Switch to non-root user 16 | #USER devsecops 17 | -------------------------------------------------------------------------------- /ubuntu22.04-openjre11/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install default-jre 8 | RUN apt update -y \ 9 | && apt install default-jre -y 10 | 11 | # Cleanup 12 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 13 | 14 | # Switch to non-root user 15 | USER devsecops 16 | -------------------------------------------------------------------------------- /ubuntu22.04-openjre17/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install openjdk-17-jre 8 | RUN apt update -y \ 9 | && apt install openjdk-17-jre -y 10 | 11 | # Cleanup 12 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 13 | 14 | # Switch to non-root user 15 | USER devsecops 16 | -------------------------------------------------------------------------------- /ubuntu22.04-python3.10-build/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:base 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install pip and venv 8 | RUN apt-get update -y \ 9 | && apt install python3-venv -y \ 10 | && apt install python3-distutils -y \ 11 | && apt install python3-pip -y 12 | 13 | # install useful python modules 14 | RUN pip3 install requests cyclonedx-bom 15 | 16 | # Cleanup 17 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 18 | 19 | # switch to non-root user 20 | #USER devsecops 21 | -------------------------------------------------------------------------------- /ubuntu22.04-python3.10-run/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/ubuntu22.04:run 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | USER root 6 | 7 | # Install venv 8 | RUN apt-get update -y \ 9 | && apt install python3-venv -y 10 | 11 | # Cleanup 12 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 13 | 14 | # switch to non-root user 15 | USER devsecops 16 | -------------------------------------------------------------------------------- /ubuntu22.04-run/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM ghcr.io/codepraxis-io/library/ubuntu:22.04 2 | 3 | ENV DEBIAN_FRONTEND=noninteractive 4 | 5 | # Install basic tools 6 | RUN set -eux \ 7 | && apt-get update -y \ 8 | && mkdir -p /usr/share/man/man1 \ 9 | && apt-get install -y --no-install-recommends \ 10 | apt-transport-https \ 11 | bash \ 12 | ca-certificates \ 13 | curl \ 14 | gettext-base \ 15 | gnupg-agent \ 16 | gnupg2 \ 17 | jq \ 18 | lsb-release \ 19 | lsof \ 20 | software-properties-common \ 21 | unzip \ 22 | wget \ 23 | zip 24 | 25 | # add user with UID and GID 1000 to be used instead of root in Dockerfiles derived from this one 26 | ENV USER_ID=1000 27 | ENV USER_NAME=devsecops 28 | ENV USER_HOMEDIR=/home/devsecops 29 | 30 | RUN useradd -u ${USER_ID} -U -m -d ${USER_HOMEDIR} ${USER_NAME} 31 | 32 | # Cleanup 33 | RUN rm -rf /var/lib/apt/lists/* /var/cache/apt/* 34 | 35 | # Become non-root user 36 | USER devsecops 37 | 38 | --------------------------------------------------------------------------------