My Dockerfile and docker-compose

• For development, I mostly use Podman instead of Docker. Except some applications that only supports Docker (e.g. Cosign)

• Please check the license of the components of the container images.

  • Using Apache 2.0 License for the Dockerfiles and docker-compose does not mean the container image is under Apache 2.0 License.

  • The created container image would contain other software (such as Bash, glibc and etc.), these software may be in different licenses.

• Please check any direct and in-direct dependency of the software being produced or contained.

List of materials

• Here’s a list of Dockerfile and container images that maintain or create

Application name	Dockerfile/building repository	Container repository	Signed	Purpose	Remark
pod-recon	https://gitlab.com/patrick.dung/pod-recon	https://gitlab.com/patrick.dung/pod-recon/container_registry	No	Collection of tools for troubleshooting in container environments	Use Rocky Linux 10-minimal as base OS https://github.com/patrickdung/pod-recon not updated, WIP https://github.com/users/patrickdung/packages/container/package/pod-recon%2Fpod-recon not updated, WIP
amicontained	GitHub repo	GitHub container registry	Yes	Aims to create amicontained on ARM64 platform	Use Alpine as base OS Not using set-output for GH actions
MeiliSearch	GitHub repo	GitHub container registry	No (after 2024)	For using stripped MeiliSearch binaries	Use minideb Debian-13 trixie as base OS Not using set-output for GH actions
WikiJS	GitHub repo	GitHub container registry	No (after 2024)	Update NodeJS packages in WikiJS and other optimizations	Use node20 Debian-13 as base OS Not using set-output for GH actions
Coral Project - Talk	GitHub repo	ghcr, ARM64 only	No	Coral Project - Talk does not (currently) provide official ARM64 Docker image	Use node20 Debian-11 as build image, use node20 Debian-13 (trixie) as running image CircleCI (build), GH actions (Cosign/SBOM, broken)
Goat Counter	GitHub repo	GitHub container registry	Yes	No official Docker image is provided	Use rockylinux/10-minimal as base OS Not using save-output for GH action
Gollum	GitHub repo	GitHub container registry	Yes	Include Pandoc and AsciiDoctor support in the container image	Use ruby Debian-11 as base OS
Kubernetes example, NFS-exporter container with a file	GitHub repo	GitHub container registry	Yes	Outdated Docker image is provided, and no ARM64 support	Use almalinuxorg/9-minimal as base OS Not using save-output for GH action
Prometheus	My GitHub repo - not building now	My GitHub container registry	Yes	For customization with glibc and jemalloc support, but later turns out that jemalloc is not used	Use ChainGuard busybox:latest-glibc as base OS Not using save-output for GH actions
mcrouter by Facebook/Meta	My GitHub repo	ghcr, for ARM64 only	No	No official container images provided	Use Almalinux 8 as base OS Not using save-output for GH actions

Container image verification by Cosign

If the container is signed (by me). You can verify by below steps:

1. Get my Cosign public key and save as cosign.pub

   -----BEGIN PUBLIC KEY-----
   MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAENAxpHzZWHRHsR72J+Zzm6M32UAvv
   YeHhQD4doXjqNXHbgXI212HVfmLzBevCvUqurwPvEsTf9FqWuYHUUrrK6w==
   -----END PUBLIC KEY-----

2. Command for Cosign

   cosign verify --key cosign.pub \
     [container-registry/project-name:tag]

   Example:

   cosign verify --key cosign.pub \
     ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0

3. Output:

   Verification for ghcr.io/patrickdung/meilisearch-crossbuild:v0.24.0 --
   The following checks were performed on each of these signatures:
     - The cosign claims were validated
     - The signatures were verified against the specified public key
     - Any certificates were verified against the Fulcio roots.
   
   [{"critical":{"identity":{"docker-reference":"ghcr.io/patrickdung/meilisearch-crossbuild"},"image":{"docker-manifest-digest":"sha256:41969fc06309c9988a23aa5a1ca677c171c9011399527d2c2120bab87ea9311a"},"type":"cosign container image signature"},"optional":null}]