Program to verify container images (civ)
Go to file
CSRBot 22049af389
Some checks failed
renovate/artifacts Artifact file update failure
continuous-integration/drone/push Build is failing
continuous-integration/drone/pr Build is failing
chore(deps): update module gopkg.in/yaml.v2 to v3
2024-05-02 20:46:59 +02:00
cmd Initial Commit 2022-01-26 16:34:42 +01:00
pkg Initial Commit 2022-01-26 16:34:42 +01:00
.drone.yml Merge pull request 'chore(deps): update docker.io/library/golang docker tag to v1.22' (#2) from renovate/docker.io-library-golang-1.x into master 2024-04-08 15:15:16 +00:00
.editorconfig Initial Commit 2022-01-26 16:34:42 +01:00
.gitignore Initial Commit 2022-01-26 16:34:42 +01:00
.golangci.yml Initial Commit 2022-01-26 16:34:42 +01:00
CODEOWNERS Initial Commit 2022-01-26 16:34:42 +01:00
Dockerfile chore(deps): update docker.io/library/alpine docker tag to v3.19 2024-04-07 22:04:04 +00:00
go.mod chore(deps): update module gopkg.in/yaml.v2 to v3 2024-05-02 20:46:59 +02:00
go.sum chore(deps): update module github.com/spf13/cobra to v1.8.0 2024-04-08 16:06:03 +00:00
LICENSE Initial Commit 2022-01-26 16:34:42 +01:00
main.go Initial Commit 2022-01-26 16:34:42 +01:00
Makefile Initial Commit 2022-01-26 16:34:42 +01:00
manifest.tmpl Initial Commit 2022-01-26 16:34:42 +01:00
README.md Initial Commit 2022-01-26 16:34:42 +01:00
renovate.json fix(renovate): remove automerge options 2024-01-21 15:02:24 +01:00

civ - container image verifier

The container image verifier - civ checks based on constraints container images. For this purpose is a config file required which contains the constraint definitions. The config file must be passed as argument to civ. civ writes the results into a separate file.

Currently is json and yaml supported. As default will be yaml used. Optionally can be specified via the second arg the result file.

civ config.yaml [ result.yaml ]

Constraints

Labels

Exists

Verify if container image volkerraschek/civ:latest has label org.opencontainers.image.documentation defined.

images:
  volkerraschek/civ:latest:
    labelConstraints:
      org.opencontainers.image.documentation:
        exists: true

Compare Semantic Versioning

Verify, if the container image volkerraschek/civ:latest has label org.opencontainers.image.version defined and has a greater version than 2.5.7.

images:
  volkerraschek/civ:latest:
    labelConstraints:
      org.opencontainers.image.version:
        compareSemver:
          greaterThan: 2.5.7

Alternatively, can lessThan and equal be used. For example to define a range of 2.5.7~2.8.4 with lessThan and greaterThan.

images:
  volkerraschek/civ:latest:
    labelConstraints:
      org.opencontainers.image.version:
        compareSemver:
          greaterThan: 2.5.7
          lessThan: 2.8.4

Compare String

Verify, if the container image volkerraschek/civ:latest has label org.opencontainers.image.documentation defined and the value starts with https:// and ends with README.md.

images:
  volkerraschek/civ:latest:
    labelConstraints:
      org.opencontainers.image.documentation:
        compareString:
          hasPrefix: "https://"
          hasSuffix: "README.md"

Alternatively, can be equal used to compare the value of a label with a expected value.

Count labels with corresponding prefix, suffix or match pattern

No more than 3 labels with the prefix org.opencontainers and exactly one labels with the suffix version may be defined for the image volkerraschek/civ:latest.

images:
  volkerraschek/civ:latest:
    labelConstraints:
      org.opencontainers%:
        count:
          lowerThan: 4
      %version:
        count:
          equal: 1

The functions lessThan and equal are also available as constraints.