https://github.com/juburr/apko-orb

A simple CircleCI orb to install Chainguard's apko tool and optionally cache it within the CI pipeline.
https://github.com/juburr/apko-orb

apko chainguard circleci circleci-orbs container-builder containers

Last synced: 5 months ago
JSON representation

A simple CircleCI orb to install Chainguard's apko tool and optionally cache it within the CI pipeline.

• Host: GitHub
• URL: https://github.com/juburr/apko-orb
• Owner: juburr
• License: mit
• Created: 2024-02-08T16:44:07.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2025-06-27T02:54:57.000Z (12 months ago)
• Last Synced: 2025-06-27T03:45:38.346Z (12 months ago)
• Topics: apko, chainguard, circleci, circleci-orbs, container-builder, containers
• Language: Shell
• Homepage:
• Size: 420 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          


  

  
CircleCI Apko Orb

  An orb for simplifying Apko installation and use within CircleCI.





[![CircleCI Build Status](https://circleci.com/gh/juburr/apko-orb.svg?style=shield "CircleCI Build Status")](https://circleci.com/gh/juburr/apko-orb) [![CircleCI Orb Version](https://badges.circleci.com/orbs/juburr/apko-orb.svg)](https://circleci.com/developer/orbs/orb/juburr/apko-orb) [![GitHub License](https://img.shields.io/badge/license-MIT-lightgrey.svg)](https://raw.githubusercontent.com/juburr/apko-orb/master/LICENSE) [![CircleCI Community](https://img.shields.io/badge/community-CircleCI%20Discuss-343434.svg)](https://discuss.circleci.com/c/ecosystem/orbs)

This is an unofficial Apko orb used for installing Apko in your CircleCI pipeline to build distroless container images. Contributions are welcome!

## Features

### **Secure By Design**

- **Least Privilege**: Installs to a user-owned directory by default, with no `sudo` usage anywhere in this orb.

- **Integrity**: Checksum validation of all downloaded binaries using SHA-512.

- **Provenance**: Installs directly from Apko's official [releases page](https://github.com/chainguard-dev/apko/releases/) on GitHub. No third-party websites, domains, or proxies are used.

- **Confidentiality**: All secrets and environment variables are handled in accordance with CircleCI's [security recommendations](https://circleci.com/docs/security-recommendations/) and [best practices](https://circleci.com/docs/orbs-best-practices/).

- **Privacy**: No usage data of any kind is collected or shipped back to the orb developer.

Info for security teams:

- Required external access to allow, if running a locked down, self-hosted CircleCI pipeline on-prem:

  - `github.com`: For download and installation of the Apko tool.