From 71aa62dd6418180cca02dc5f60eb50f0fd661c7d Mon Sep 17 00:00:00 2001 From: Kirandeep Singh Date: Mon, 13 Jan 2025 21:16:34 +0530 Subject: [PATCH] Common - Updated common folder Signed-off-by: Kirandeep Singh --- .../common/templates/image_yml_params.yml | 193 ++++++++++++++++++ .../common/templates/main_readme.j2 | 146 +++++++++++++ 2 files changed, 339 insertions(+) create mode 100644 community_images/common/templates/image_yml_params.yml create mode 100644 community_images/common/templates/main_readme.j2 diff --git a/community_images/common/templates/image_yml_params.yml b/community_images/common/templates/image_yml_params.yml new file mode 100644 index 0000000000..228d7f819a --- /dev/null +++ b/community_images/common/templates/image_yml_params.yml @@ -0,0 +1,193 @@ +# Description of image.yml keys +params: + - name: name + description: name of the image + value: '""' + - name: official_name + description: Official name of the image + value: '""' + - name: official_website + description: official website of the image + value: '""' + - name: source_image_provider + description: "source image provider, ex: Docker Library" + value: '""' + - name: source_image_repo + description: source image docker repo, used for linking image in frontrow + value: '""' + - name: source_image_repo_link + description: source image docker repo url + value: '""' + - name: rf_docker_link + description: 'rapidfort docker link, ex: rapidfort/' + value: '""' + - name: image_workflow_name + description: 'used for generating github action file name' + value: '""' + - name: github_location + description: 'relative location of image folder in community_image' + value: '""' + - name: report_url + description: 'frontrow url for the repo' + value: '""' + - name: usage_instructions + description: 'usage instructions such as helm install or docker run' + value : '""' + - name: what_is_text + description: 'description about image, usually copied from official image What is?' + value : '""' + - name: disclaimer + description: 'disclaimer or any legal liability notice to be added' + value : '""' + - name: is_locked + description: 'if the image needs RF_ACCESS_TOKEN to be used or not' + value : 'False' + - name: docker_links + description: array of all the different image versions build along with link to original Dockerfile + value : ['""', '""'] + - name: input_registry.registry + description: 'source registry used to pull docker image, ex: docker.io' + value : '""' + - name: input_registry.account + description: 'accout in registry from which source image is pulled, ex: hashicorp, fluent' + value : '""' + - name: repo_sets + description: array of repo_set object describe below. + value : ['repo_set', 'repo_set'] + - name: needs_common_commands + description: needs to run common commands or not + value : 'true' + - name: runtimes + description: array of runtime object describe below. + value : ['runtime', 'runtime'] +repo_set_params: + - name: .input_base_tag + description: input base tag to search for a given repo + value : '""' + - name: .output_repo + description: output repo name for the repo + value : 'defaults to ' + required: no +runtime_params: + - name: type + description: pick from k8s, docker_compose, docker + value : 'pickOne: [k8s, docker_compose, docker]' + - name: script + description: script to be called for the runtime + value : '""' + required: no +k8s_runtime_params: + - name: helm.repo + description: "helm repo to use for k8s runtime, ex: 'nats'" + value : '""' + - name: helm.repo_url + description: "helm repo URL to use for k8s runtime, ex: 'https://nats-io.github.io/k8s/helm/charts/'" + value : '""' + - name: helm.chart + description: "helm chart to use for k8s runtime, ex: 'nats'" + value : '""' + - name: readiness_wait_pod_name_suffix + description: "only valid for wait_type: pod, defaults to 0" + value : '["0"]' + required: no + - name: readiness_wait_deployments_suffix + description: "wait for list of deployment suffix, {release_name}-suffix" + value : '[""]' + required: no + - name: tls_certs.generate + description: if tls certs generation is needed true/false + value : 'false' + required: no + - name: tls_certs.secret_name + description: secret name to store tls certs + value : '""' + - name: tls_certs.common_name + description: common name to use in generated tls certs, defaults to localhost + value : 'localhost' + - name: helm_additional_params + description: additional key value parameters rendered as --set key=value for helm install command + value: '""' + required: no + - name: readiness_check_script + description: readiness check script to run for k8s deployment + value: '""' + required: no + - name: readiness_check_timeout + description: timeout for readiness check script to run in seconds + value: '300' + required: no + - name: image_keys..repository + description: key to use for helm install command to specify image repository, needed for multi container system + value : 'image.repository' + required: no + - name: image_keys..tag + description: key to use for helm install command to specify image tag, needed for multi container system + value : 'image.tag' + required: no +docker_compose_runtime_params: + - name: compose_file + description: docker compose file path + value : '""' + - name: env_file + description: environment file for default env variables + value : 'docker.env' + required: no + - name: wait_time_sec + description: wait time in seconds after docker-compose up + value : '30' + required: no + - name: tls_certs.generate + description: if tls certs generation is needed true/false + value : 'false' + required: no + - name: tls_certs.out_dir + description: output directory relative to image.yml dir to store tls certs, defaults to certs + value : 'certs' + required: no + - name: image_keys..repository + description: environment variable to specify repository for the repo, as describe in docker-compose.yml + value : '""' + - name: image_keys..tag + description: environment variable to specify tag for the repo, as describe in docker-compose.yml + value : '""' +docker_runtime_params: + - name: wait_time_sec + description: wait time in seconds after all docker run completes + value : '30' + required: no + - name: tls_certs.generate + description: if tls certs generation is needed true/false + value : 'false' + required: no + - name: tls_certs.out_dir + description: output directory relative to image.yml dir to store tls certs, defaults to certs + value : 'certs' + required: no + - name: volumes + description: map of input volumes, relative to script dir and mounted volume in ALL container + value : '""' + - name: environment + description: map of environment variables to be mounted in ALL container + value : '""' + - name: .env_file + description: repo specific environment file for default env variables + value : 'docker.env' + required: no + - name: .volumes + description: map of input volumes, relative to script dir and mounted volume in container + value : '""' + - name: .environment + description: map of environment variables to be mounted in container + value : '""' + - name: .exec_command + description: exec_command for container + value : '""' + - name: .daemon + description: if use daemon or interactive container flag -i or -d + value : 'True' + - name: .entrypoint + description: entrypoint for container + value : '""' + - name: .ports + description: list of ports to expose + value : '["", ""]' diff --git a/community_images/common/templates/main_readme.j2 b/community_images/common/templates/main_readme.j2 new file mode 100644 index 0000000000..58bd69d766 --- /dev/null +++ b/community_images/common/templates/main_readme.j2 @@ -0,0 +1,146 @@ + + +RapidFort + + +

community-images

+ +[![RF Hardened][rf-h-badge]][rf-link-hardened-badge] +[![Dockerhub][dh-rf-badge]][dh-rf] +[![Slack][slack-badge]][slack-link] +[![License][license-badge]][license] +[![FOSSA Status][fossa-badge]][fossa-link] +[![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/6087/badge)](https://bestpractices.coreinfrastructure.org/projects/6087) +[![CodeQL](https://github.com/rapidfort/community-images/actions/workflows/codeql.yml/badge.svg)](https://github.com/rapidfort/community-images/actions/workflows/codeql.yml) + +Near Zero CVE images available at hub.rapidfort.com/repositories + +⚠️ CRITICAL NOTICE
+As of 7/2024 community-images will be gated. Please register for free at www.rapidfort.com to access these images + +[Getting started](#getting-started) · +[Supported containers](#supported-containers) · +[Contributing](CONTRIBUTING.md) · +[Build Process](#how-community-images-are-built) · +[Additional resources](#additional-resources) + +**RapidFort is a solution for building secure, optimized Docker containers.** + +Every day, we scan the most popular Docker Hub container images and remove unused code. Then we publish the results to share with you. + +Our container optimization process reduces the software attack surface and the chance of a vulnerability exploit. + +Stop downloading container images with thousands of vulnerabilities. Start using secure containers with minimized attack surfaces. + + +## Getting Started + +![Demo][demo] + +[RapidFort][rf-link-getting-started] scans your Docker containers for vulnerabilities and looks for unused components that can be removed. + +

What containers are supported?

+ +We’ve optimized and hardened some of the most popular container images on Docker Hub and are making them available to the community. + +| Repository | View Report | RapidFort Image | Pull Count | +|-----------------------------------| ------------------------------------------ | ------------------------------- | ------------------------------- | +{%- for image in image_list_sorted %} +| [ {{- image.official_name -}} ][ {{ image.name -}} -github-link]| View Report | View on Dockerhub | {{ image.pull_count_formatted }} | +{%- endfor %} + +

What IronBank containers are supported?

+ +We’ve optimized and hardened some of the most popular container images on IronBank and are making them available to the community. + +| Repository | View Report | RapidFort Image | Pull Count | +|-----------------------------------| ------------------------------------------ | ------------------------------- | ------------------------------- | +{%- for image in image_list_sorted %} +{%- if 'input_registry' in image and image['input_registry']['registry'] == 'registry1.dso.mil' and image['input_registry']['account'] == 'ironbank' %} +| [ {{- image.official_name -}} ][ {{ image.name -}} -github-link]| View Report | View on Dockerhub | {{ image.pull_count_formatted }} | +{%- endif %} +{%- endfor %} + +### How to use Community Images + +Here’s what you can do with Community Images. + +```sh +# Docker +$ docker run --name redis -e ALLOW_EMPTY_PASSWORD=yes rapidfort/redis:latest + +# Docker compose +$ docker-compose up -d + +# Kubernetes Helm +$ helm repo add argo https://argoproj.github.io/argo-helm + +# install argocd, just replace repository with RapidFort registry +$ helm install my-argocd argo/argo-cd --set image.repository=rapidfort/argocd + +# install nats +$ helm install my-postgresql nats/nats --set image.repository=rapidfort/nats + +``` +## How Community Images are Built + +Source images are run through an optimization process that identifies and removes unused components from the image. +You can contribute to this project by adding new images, improving coverage scripts, and adding regression and benchmark tests. + +![Demo](contrib/workflow.png) + +## Need support + + +RapidFort Community Slack + + + +## Stargazers over time + +[![Stargazers over time](https://starchart.cc/rapidfort/community-images.svg)](https://starchart.cc/rapidfort/community-images) + +## 🌟 Star this project + +[![](https://user-images.githubusercontent.com/48997634/174794647-0c851917-e5c9-4fb9-bf88-b61d89dc2f4f.gif)](https://github.com/rapidfort/community-images/stargazers) + +### [⏫⭐️ Scroll to the star button](#start-of-content) + +If you believe this project has potential, feel free to **star this repo** just like many [amazing people](https://github.com/rapidfort/community-images/stargazers) +have. + +## Additional Resources + +[![RapidFort](https://raw.githubusercontent.com/rapidfort/community-images/main/contrib/github_logo_footer.png)][rf-link-main-landing-footer-logo] + + +Learn more about container optimization at [RapidFort.com][rf-link-additonal-resource]. + + +[rf-link-hardened-badge]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=rf_hardened_badge +[rf-link-getting-started]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=getting_started_link +[rf-link-additonal-resource]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=additonal_resource +[rf-link-main-landing-footer-logo]: https://rapidfort.com?utm_source=github&utm_medium=ci_rf_link&utm_campaign=sep_01_sprint&utm_term=ci_main_landing&utm_content=main_landing_footer_logo + +[rf-h-badge]: https://img.shields.io/static/v1?label=RapidFort&labelColor=333F48&message=hardened&color=50B4C4&logo=data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACcAAAAkCAYAAAAKNyObAAAACXBIWXMAACE4AAAhOAFFljFgAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAHvSURBVHgB7ZjvTcMwEMUvEgNkhNuAjOAR2IAyQbsB2YAyQbsBYoKwQdjA3aAjHA514Xq1Hf9r6QeeFKVJ3tkv+cWOVYCAiKg124b82gZqe0+NNlsHJbLBxthg1o+RASetIEdTJxnBRvtUMCHgM6TIBtMZwY7SiQFfrhUsN+Ao/TJYR3WC5QY88/Nge6oXLBRwO+P/GcnNMZzZteBR0zQfogM0O4Q47Uz9TtSrUIHs71+paugw16Dn+qt5xJ/TD4viEcrE25tepaXPaHxP350GXtD10WwHQWjQxKhl7YUGRg/MuPaY9vxuzPFA+RpEW9rj0yCMbcCsmG9B+Xpk7YRo4RnjQEEttBiBtAefyI23BtoYpBrmRO6ZX0EZWo60c1yfaGBMOKRzdKVocYZO/NpuMss7E9cHitcc0gFS5Qig2LUUtCGkmmJwOsJJvLlokdWtfMFzAvLGctCOooYPtg2USoRQ7HwM2hXzIzuvKQenIxzHm4oWmZ9TKF1AnAR8sI2moB093nKcjoBvtnHFzoXQ8qeMDGcLtUW/i4NYtJ3jJhRcSnRYHMSg1Q5PD5cWHT4/ih0vIpDOf9QrhZtQLsWxlILT8AjXEol/iQRaiVTBX4pO57D6U0WJBFoFtyaLtuqLfwf19G62e7hFWbQKKuoLYovGDo9dW28AAAAASUVORK5CYII= + +[fossa-badge]: https://app.fossa.com/api/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images.svg?type=shield +[fossa-link]: https://app.fossa.com/projects/git%2Bgithub.com%2Frapidfort%2Fcommunity-images?ref=badge_shield + +[dh-rf-badge]: https://img.shields.io/badge/dockerhub-images-important.svg?logo=Docker +[dh-rf]: https://hub.docker.com/u/rapidfort +[license-badge]: https://img.shields.io/github/license/rapidfort/community-images?color=lightgray&style=flat-square +[license]: https://github.com/rapidfort/community-images/blob/main/LICENSE +[demo]: contrib/demo.gif + +[slack-badge]: https://img.shields.io/static/v1?label=Join&message=slack&logo=slack&logoColor=E01E5A&color=4A154B +[slack-link]: https://join.slack.com/t/rapidfortcommunity/shared_invite/zt-1g3wy28lv-DaeGexTQ5IjfpbmYW7Rm_Q + +[ image-ft-badge]: https://github.com/rapidfort/community-images/actions/workflows/image_run_v3.yml/badge.svg +[ image-ft-badge-link]: https://github.com/rapidfort/community-images/actions/workflows/image_run_v3.yml + +{% for image in image_list %} +[ {{- image.name -}} -github-link]: https://github.com/rapidfort/community-images/tree/main/community_images/{{- image.github_location }} +[ {{- image.name -}} -dh-img-pulls-badge]: https://img.shields.io/docker/pulls/ {{- image.rf_docker_link -}} ?logo=docker&logoColor=white +[ {{- image.name -}} -rf-link]: {{- image.report_url -}}?utm_source=github&utm_medium=ci_view_report&utm_campaign=sep_01_sprint&utm_term={{- image.name -}}&utm_content=landing_view_report +{% endfor %}