主要是一个集成,同时可以提供方便的alpine apk 包管理以及维护
参考集成
备注:以上中使用git 进行配置管理,使用melange 进行apk 包的构建,同时可以结合s3 将数据存储到s3中,如果构建基于alpine 镜像的可以直接使用构建的私服,同时
也可以结合apko 进行oci 镜像构建,也比较高效方便
参考使用
- apk 构建 yaml 定义
package:name: helloversion: 2.12description: "the GNU hello world program"copyright:- paths:- "*"attestation: |Copyright 1992, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2005,2006, 2007, 2008, 2010, 2011, 2013, 2014, 2022 Free Software Foundation,Inc.license: GPL-3.0-or-laterdependencies:runtime:
environment:contents:repositories:- https://mirrors.aliyun.com/alpine/edge/mainpackages:- alpine-baselayout-data- busybox- build-base- scanelf- ssl_client- ca-certificates-bundle
pipeline:- uses: fetchwith:uri: https://ftp.gnu.org/gnu/hello/hello-${{package.version}}.tar.gzexpected-sha256: cf04af86dc085268c5f4470fbae49b18afbc221b78096aab842d934a76bad0ab- uses: autoconf/configure- uses: autoconf/make- uses: autoconf/make-install- uses: strip- apko yaml 定义
contents:repositories:- https://mirrors.aliyun.com/alpine/edge/main- /work/packagespackages:- alpine-base- curl- tree- tzdata- hello
entrypoint:command: /bin/sh -l
paths:- path: /etc/localtimetype: symlinksource: /usr/share/zoneinfo/Asia/Shanghai
# optional environment configurationenvironment:PATH: /usr/sbin:/sbin:/usr/bin:/bin
archs:- amd64- 生成证书
docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen- 构建apk
docker run --rm --privileged -v "${PWD}":/work \cgr.dev/chainguard/melange build demo.yaml \--arch amd64 \--signing-key melange.rsa- 构建镜像
docker run --rm -v "${PWD}":/work \cgr.dev/chainguard/apko build --debug app-base.yaml \dalongdemoapp:v1 dalongdemoapp.tar -k melange.rsa.pub \--arch amd64- 效果
- 加载运行效果
docker load < dalongdemoapp.tardocker run -it dalongdemoapp:v1-amd64效果
说明
基于melange+apko 对于构建基于alpine apk 的容器镜像是一个不错的选择
参考资料
https://docs.sigstore.dev/cosign/sign/
https://github.com/rongfengliang/melange_apko_learning
https://github.com/chainguard-dev/apko
https://github.com/chainguard-dev/melange