go-containerregistry
docker-tools
go-containerregistry | docker-tools | |
---|---|---|
18 | 1 | |
3,091 | 122 | |
0.8% | 12.3% | |
6.8 | 9.4 | |
10 days ago | 7 days ago | |
Go | C# | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
go-containerregistry
- Crane: Tool for interacting with remote images and registries
-
A gopher’s journey to the center of container images
I also explored another module, go-containerregistry, in order to build images without root privileges. The approach is completely different, and we can manipulate each component of the container image separately. This can present an advantage, if you're looking for a way to fine tune things.
-
Skip build if "${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}" exists on container registry
Use crane ls in a different job to check the tags in the registry. Create an artifact from its output that you evaluate in your kaniko job to check if the build should run or not.
-
Docker: We’re No Longer Sunsetting the Free Team Plan
Multi-arch builds are easy to "transfer" IMHO
crane cp docker.io/openfaas/gateway:0.10.0 ghcr.io/openfaas/gateway:0.10.0
If you've not used it yet - do take a look. Crane doesn't pull the images into a local Docker library for re-tagging and re-pushing.
https://github.com/google/go-containerregistry/blob/main/cmd...
-
Weekly: This Week I Learned (TWIL?) thread
crane - tool to copy images from one repo to another - https://github.com/google/go-containerregistry/blob/main/cmd/crane/doc/crane.md
- Dockerhub to (likely?) delete a lot of organizations.
-
FYI: Docker is deleting Open Source organisations
pretty sure the crane being referred by alex is this one: https://github.com/google/go-containerregistry/tree/main/cmd/crane
-
Docker's deleting Open Source images and here's what you need to know
https://github.com/google/go-containerregistry/tree/main/cmd...
It was recommended in this article:
- Crafting container images without Dockerfiles
-
ImagePullPolicy: IfNotPresent - (image doesn’t exist in repo) - Is it possible to pull the micro service image from an EKS node and then push to repo?
Look at using tools like skopeo or crane
docker-tools
-
.NET container images are maintained
For the scanning, we (.NET team) use the scanning services provided in Azure Container Registry (ACR). This is an internal ACR and the results of that are internal as mentioned in the post.
All the other tooling we use is open source. You can find our build infrastructure at https://github.com/dotnet/docker-tools. There's a tool there called image-builder that provides much of the functionality. I've written a blog post on how we use Azure Pipelines to manage the builds. Between image-builder and the pipelines, there's some automation that automatically rebuilds our images whenever a parent image changes.
What are some alternatives?
skopeo - Work with remote images registries - retrieving information, images, signing content
container-diff - container-diff: Diff your Docker containers
regclient - Docker and OCI Registry Client in Go and tooling using those libraries.
image-spec - OCI Image Format
gcr-cleaner - Delete untagged image refs in Google Container Registry or Artifact Registry
crane - A Nix library for building cargo projects. Never build twice thanks to incremental artifact caching.
docker-lock - Automatically manage image digests in Dockerfiles, docker-compose files, and Kubernetes manifests by tracking them in a separate Lockfile
kubectl-node-shell - Exec into node via kubectl
containerd - An open and reliable container runtime
manifest-tool - Command line tool to create and query container image manifest list/indexes
buildkit - concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit