What I did in the last couple of weeks (part 8):

Did I mention previously that building container images with apko using packages from WolfiOS, is a very pleasant and nice experience?

Well, I needed to build an image in GitlabCI. For GitHub, there is an official apko action that works flawlessly.
For GitlabCI though I encountered that the official apko image is not working due to the lack of a shell inside the container (which normally is a good things safety-wise).

So, I built my own apko image on GitHub and then used that in the GitlabCI to build an image using apko there.

https://github.com/kastl-ars/wolfi-apko-with-bash

I also opened an issue with the apko maintainers for this, as GitlabCI support would be really nice.

BTW, huge shoutout to the Chainguard folks for maintaining WolfiOS and so many safe and small images!

#container #GitlabCI #cicd #apko #chainguard #

This week I have been building some #container images for e.g. #renovatebot and I must say I really dig #Chainguard and the #WolfiOS ecosystem. Building an image locally using #apko was a breeze. Building on #GitHub was easy due to their Github Action.

And the long list of packages available is nice.

And the list of CVEs in the image is really short.

I'll try to get my hands dirty with melange and try to build a Pluto package for WolfiOS...

📯 Did you know that @chainguard_dev has a YouTube channel and they are creating lots of amazing content in there?
🔖 @lorenc_dan is doing a video series called "Bring Your Own Image" that lets you learn first-hand how to create packages/images using #apko and #melange!
🎤 @adrianmouat is doing practical lighting talks about images, digests, signatures and SBOMs, of course by explaining them how they related with the @chainguard_dev tooling!
➡️ https://www.youtube.com/@chainguard/videos

I've been wanting to kick the tires on #melange and #apko for awhile. Finally found an excuse this week and I'm in 😍 got a 5.4mb nginx image w/ 0 vulns (snyk/trivy) and a custom module added.

Now to figure out a new pipeline for managing these not-on-my-box.

While using #apko and #melange to build container images for both architectures amd64/arm64 and encounter with the following error:

`bwrap: execvp /bin/sh: Exec format error`

Use Tõnis Tiigi's binfmt project to install qemu-user emulators for target architectures you want to build for👋

> $ docker run --privileged --rm tonistiigi/binfmt --install all

as a reminder, if you are using #apko to build @alpinelinux 3.18 based images, you will need 0.8.0 or later which adds support for the python~3.11 type of dependency relationships.

@ariadne I just updated #apko in #Nixpkgs :nix_snowflake_logo: 🆙
https://github.com/NixOS/nixpkgs/pull/228007

#apko 0.8.0 has been released, adding support for the tilde version matching operator (oops, we forgot about it, sorry), as used by alpine 3.18's python packages.

🎧🤸Do you want to learn more about creating secure container images for your #rust and #golang projects by using two of the newest projects #apko and #melange from @chainguard_dev tooling? If so, please go and watch the latest @wolfi community call 💃www.youtube.com/watch?v=Uc2t3VbCTQs

#melange 0.3.0 has been released, with a lot of improvements from the community!

if you didn't know, #melange is the declarative APK builder based on #apko which allows building packages for any APK distribution (such as @alpinelinux, @wolfi or @AdelieLinux) using a composable pipeline built from declarative components.

@wolfi is built with #melange, the repository being a forest of declarative YAML-based package definitions.

#apko 0.7.3 is released, with some minor bugfixes, largely relating to the use of apko on case-insensitive filesystems.

☝️ That was an excellent community call since @imjasonh made a presentation about #WolfiOS and the complimentary projects behind @wolfi both #apko and #melange🥇

Don't worry if you missed you can watch it on-demand on Chainguard YouTube 🙉

Here is the presentation link, again thanks to @imjasonh for sharing this with me 🌟

➡️https://docs.google.com/presentation/d/1D4mqXpjzv4pPjv1u7kJV_FHJPvEc2kSu2PM10kM2Eec/edit

https://github.com/wolfi-dev/community

#apko 0.7.0 is released 🎉

new release, exactly on the 1 year mark of the first apko release!

this brings an entirely new reimplementation of apk-tools as a reusable #golang package, and a cross-platform VFS implementation.

the result: you can compose alpine and wolfi images on non-Linux machines, such as macOS and freebsd. it might also work on windows, but we haven't tested it.

📢You can reach out to our talk at KCD Pakistan with @furkanturkal about creating a secure base image with #apko using @wolfi packages and using it with #ko to build OCI-compliant container images and signing them #cosign in keyless and verifying them with #kyverno
➡️ https://www.youtube.com/watch?v=W1Xct6ZtmHo

An event organized by @chainguard_dev at #CrowdCast about getting started to @wolfi and the tech stack #apko + #melange behind it is now available on #chainguard's YouTube channel 💖 Do not forget to watch it if you missed the event 💫
https://www.youtube.com/watch?v=2pqhLXA6NaI

i’m told that there is going to be a talk on #apko and #melange at #KCDUK 🙃

Good session today! The slides for my presentation about #Wolfi, #melange and #apko are already available in this link: https://speakerdeck.com/erikaheidi/hello-wolfi

The video will be available soon 😉

I liken the approach of these tools to @docker's approach that takes care of all the hard work to manage containers, #apko & #melange from @chainguard_dev also does the same for creating distroless images, but do you know how to make one, let's find out 👇
https://blog.chainguard.dev/secure-your-software-factory-with-melange-and-apko/

Do you have any questions about the great projects by the @chainguard_dev, such as #apko, #melange, and #wolfi, here is the podcast where you might find an answer to your questions, thanks @ariadne 🎖️

https://podcasts.apple.com/sk/podcast/container-base-images-with-glibc-musl/id1570698802?i=1000584114144

Don't forget to take your seat at one of the amazing talks from @erikaheidi about #Wolfi and the complementary projects #apko and #melange provided by @chainguard_dev 🥳🕺🏻
https://www.crowdcast.io/c/wolfi-101