Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/some-natalie/image-ingest-script
https://github.com/some-natalie/image-ingest-script
Last synced: 11 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/some-natalie/image-ingest-script
- Owner: some-natalie
- License: mit
- Created: 2024-10-22T16:11:03.000Z (2 months ago)
- Default Branch: main
- Last Pushed: 2024-10-23T21:08:50.000Z (2 months ago)
- Last Synced: 2024-10-24T08:43:18.829Z (2 months ago)
- Language: Shell
- Size: 15.6 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# image ingestion pipeline examples
```mermaid
flowchart LR
subgraph corporate network
A(fa:fa-laptop-code
developer)
B(fas:fa-boxes-stacked
internal
container registry)
end
A -->| push new images | B
B -->| pull base images | A
subgraph internet
C(🐙
chainguard registry)
end
D{🔎 acceptance criteria
- CVE scans
- SBOM validation
- Sigstore validation}
D -->| pull tokens
or
OIDC | C
B --> D
```
Two paths are shown here, more as a demo than anything else.
1. [`ingest.sh`](ingest.sh) is a simple shell script that runs as acceptance criteria checks to pull from one source (Chainguard registry), run the checks above, then push to another (any OCI compliant registry)
2. [`.github/workflows/ingest.yaml`](.github/workflows/ingest.yaml) is the same workflow and checks, but run within GitHub Actions to show a demo of it working in a CI pipeline.