Markus Pesch
b82578fbf0
All checks were successful
continuous-integration/drone/push Build is passing
96 lines
2.4 KiB
Markdown
96 lines
2.4 KiB
Markdown
# civ - container image verifier
|
|
|
|
The container image verifier - `civ` checks based on constraints container
|
|
images. For this purpose is a config file required which contains the constraint
|
|
definitions. The config file must be passed as argument to `civ`. `civ` writes
|
|
the results into a separate file.
|
|
|
|
Currently is `json` and `yaml` supported. As default will be `yaml` used.
|
|
Optionally can be specified via the second arg the result file.
|
|
|
|
`civ config.yaml [ result.yaml ]`
|
|
|
|
## Constraints
|
|
|
|
### Labels
|
|
|
|
#### Exists
|
|
|
|
Verify if container image `volkerraschek/civ:latest` has label
|
|
`org.opencontainers.image.documentation` defined.
|
|
|
|
```yaml
|
|
images:
|
|
volkerraschek/civ:latest:
|
|
labelConstraints:
|
|
org.opencontainers.image.documentation:
|
|
exists: true
|
|
```
|
|
|
|
#### Compare Semantic Versioning
|
|
|
|
Verify, if the container image `volkerraschek/civ:latest` has label
|
|
`org.opencontainers.image.version` defined and has a greater version than
|
|
`2.5.7`.
|
|
|
|
```yaml
|
|
images:
|
|
volkerraschek/civ:latest:
|
|
labelConstraints:
|
|
org.opencontainers.image.version:
|
|
compareSemver:
|
|
greaterThan: 2.5.7
|
|
```
|
|
|
|
Alternatively, can `lessThan` and `equal` be used. For example to define a range
|
|
of `2.5.7~2.8.4` with `lessThan` and `greaterThan`.
|
|
|
|
```yaml
|
|
images:
|
|
volkerraschek/civ:latest:
|
|
labelConstraints:
|
|
org.opencontainers.image.version:
|
|
compareSemver:
|
|
greaterThan: 2.5.7
|
|
lessThan: 2.8.4
|
|
```
|
|
|
|
#### Compare String
|
|
|
|
Verify, if the container image `volkerraschek/civ:latest` has label
|
|
`org.opencontainers.image.documentation` defined and the value starts with
|
|
`https://` and ends with `README.md`.
|
|
|
|
```yaml
|
|
images:
|
|
volkerraschek/civ:latest:
|
|
labelConstraints:
|
|
org.opencontainers.image.documentation:
|
|
compareString:
|
|
hasPrefix: "https://"
|
|
hasSuffix: "README.md"
|
|
```
|
|
|
|
Alternatively, can be `equal` used to compare the value of a label with a
|
|
expected value.
|
|
|
|
#### Count labels with corresponding prefix, suffix or match pattern
|
|
|
|
No more than 3 labels with the prefix `org.opencontainers` and exactly one
|
|
labels with the suffix `version` may be defined for the image
|
|
`volkerraschek/civ:latest`.
|
|
|
|
```yaml
|
|
images:
|
|
volkerraschek/civ:latest:
|
|
labelConstraints:
|
|
org.opencontainers%:
|
|
count:
|
|
lowerThan: 4
|
|
%version:
|
|
count:
|
|
equal: 1
|
|
```
|
|
|
|
The functions `lessThan` and `equal` are also available as constraints.
|