jfxs/alpine-task
A lightweight Task Docker image based on Alpine Linux
Image
Developer Tools
0
10K+
Docker alpine task
A Task Docker image:
- lightweight image based on Alpine Linux only 11 MB,
multiarchwith support of amd64 and arm64,- non-root container user,
- automatically updated by comparing SBOM changes,
- image signed with Cosign,
- an SBOM attestation added using
Syft, - available on Docker Hub and Quay.io.
The main repository.
The Docker Hub registry.
The Quay.io registry.
Running task
docker run -t --rm jfxs/alpine-task task --version
or
docker run -t --rm quay.io/ifxs/alpine-task task --version
Built with
Docker latest tag is 3.41.0-005, 3.41, 3 and contains:
| Name | Version | Type |
|---|---|---|
| ca-certificates | 20241121-r1 | apk |
| curl | 8.12.1-r0 | apk |
| file | 5.46-r2 | apk |
| git | 2.47.2-r0 | apk |
| github.com/go-task/task/v3 | v3.41.0 | go-module |
| jq | 1.7.1-r0 | apk |
Details are updated on Dockerhub Overview page when an image is published.
Versioning
The Docker tag is defined by the Task version used and an increment to differentiate build with the same Task version:
<task_version>-<increment>
Example: 3.19.1-003
Signature and attestation
Cosign public key:
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEa3yV6+yd/l4zh/tfT6Tx+zn0dhy3
BhFqSad1norLeKSCN2MILv4fZ9GA6ODOlJOw+7vzUvzZVr9IXnxEdjoWJw==
-----END PUBLIC KEY-----
The public key is also available online: https://gitlab.com/op_so/docker/cosign-public-key/-/raw/main/cosign.pub.
To verify an image:
cosign verify --key cosign.pub $IMAGE_URI
To verify and get the SBOM attestation:
cosign verify-attestation --key cosign.pub --type spdxjson $IMAGE_URI | jq '.payload | @base64d | fromjson | .predicate'
Authors
- FX Soubirou - Initial work - GitLab repositories
License
This program is free software: you can redistribute it and/or modify it under the terms of the MIT License (MIT). See the LICENSE for details.
Docker Pull Command
docker pull jfxs/alpine-task