added manual for creating own DHI image #24075
Conversation
✅ Deploy Preview for docsdocker ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Currently, working on a scenario that captures "Using OCI artifacts as package sources". |
Updated the title and linktitle for clarity, refined keywords, and added a section on building a catalog image. Adjusted descriptions for the os-release block and enhanced the examples for using OCI artifacts.
|
Ran vale and fixed few formatting issue. |
|
/review |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Documentation Review
Thank you for this comprehensive guide on building Docker Hardened Images! The content is well-structured and provides valuable information for users. I found a few minor clarity improvements that would enhance the documentation:
Summary
- ✅ Good technical accuracy and complete examples
- ✅ Clear step-by-step instructions
- ✅ Helpful YAML schema reference tables
- 💬 Minor terminology and clarity improvements suggested below
Note: Found 3 minor issues (1 confirmed, 2 likely improvements). The documentation is clear overall - these are small refinements for consistency with the style guide.
Updated the description of the DHI build process for clarity and accuracy.
craig-osterhout
left a comment
craig-osterhout
left a comment
There was a problem hiding this comment.
Editorial-wise, LGTM
dvdksn
left a comment
dvdksn
left a comment
There was a problem hiding this comment.
looks good - some optional comments/qs but feel free to merge
| variant: runtime | ||
| tags: | ||
| - "1.0" | ||
| - "latest" |
There was a problem hiding this comment.
I guess since DHI is all about supply chain security and conduct, maybe we shouldn't include a latest tag in this example.
| $ docker buildx build . -f base.yaml \ | ||
| --sbom=generator=dhi.io/scout-sbom-indexer:1 \ | ||
| --provenance=1 \ | ||
| --tag my-base:latest \ |
There was a problem hiding this comment.
Silly question because I am not familiar with this stuff: why do we specify image/tag in the spec file if we also specify it on the CLI?
Maybe worth explaining how image/variant/tag in the spec file works
| | Field | Description | | ||
| |------------|------------------------------------------------------------------------------| | ||
| | `name` | Full OCI reference with digest pin. Always use `@sha256:` for reproducibility. | | ||
| | `includes` | Glob patterns for files to extract from the artifact. Use `opt/**` to include everything under a directory. | |
There was a problem hiding this comment.
I guess this is true:
| | `includes` | Glob patterns for files to extract from the artifact. Use `opt/**` to include everything under a directory. | | |
| | `includes` | Glob patterns for files to extract from the artifact. Paths are resolved from the filesystem root; `opt/**` includes everything under the `/opt` path. | |
3 participants
Description
This PR adds a missing manual of building your own custom DHI image based on Alpine and Debian.
Related issues or tickets
Reviews