Skip to content

ThoughtWorks-DPS/gha-container-base-image

Folders and files

NameName
Last commit message
Last commit date
Oct 18, 2024
Oct 18, 2024
May 16, 2024
Oct 18, 2024
Oct 11, 2024
Oct 18, 2024
Oct 18, 2024
May 12, 2024
Oct 17, 2024

Repository files navigation

Thoughtworks Logo
DPS Title

PSK Convenience Images

twdps/gha-container-base-image

GitHub Actions Workflow Status GitHub Release

Within most teams or organizations, every job container image will require a certain amount of common configuration regardless of the purpose for which it is built.

Packages that typically fall into this set of shared executor requirements include things like:

  • tool for accessing secrets (such as Vault, chamber, 1password, teller)
  • standard shell (bash, zsh)
  • multi-language support (locales)
  • common dependencies for installing packages (curl, wget, unzip, common build dependencies)

The psk gha-container-base-image is an example of such a common base container. You will see the psk specific tools and configuration, but this can readily be adapted to any organizational requirements.

Build job specific container images starting from the base image.

See release notes for detailed version information.

signature. Images are signed using cosign. You can verify an image using the twdps public key found here.

cosign verify --key cosign.pub twdps/gha-container-base-image:0.1.0

software bill of materials. For each published image, an SBOM is generated using syft and uploaded to the container registry tagged using the manifest id and .spdx extension. You can pull the sbom using the oras tool as follows:

fetch image manifest:

docker image inspect --format='{{index .RepoDigests 0}}' twdps/gha-container-base-image:0.1.0

twdps/gha-container-base-image:0.1.0@sha256:9d8e8eef60900fcf207e3b258b4ce13b4cdb1765f0f7ca3022fd685cd53b8a14

download sbom:

oras pull docker.io/twdps/gha-container-base-image:0.1.0:sha256-9d8e8eef60900fcf207e3b258b4ce13b4cdb1765f0f7ca3022fd685cd53b8a14.spdx

Review .snyk for current vulnerability status.