New Image Pull Request Template

Fixes: #2497

smaller than public counterpart

hairyhenderson/gomplate                         latest    fab49dfd161c   4 days ago      65.6MB
ttl.sh/tuananh/gomplate/gomplate                <none>    385661ad5a07   9 days ago      59.1MB

0 cve

grype ttl.sh/tuananh/gomplate/gomplate:latest@sha256:bc7969ad93826822ded01143c35636103ea8e83c2e963126b75ca6628bf1f0db
 ✔ Vulnerability DB                [updated]  
 ✔ Loaded image                    ttl.sh/tuananh/gomplate/gomplate:latest@sha256:bc7969ad93826822ded01143c35636103ea8e83c2e963126b75ca6628  
 ✔ Parsed image                                                     sha256:385661ad5a07f6d2e80ce5fb06f0933ae95113b8fd34d6a8b04a83de672c8b53
 ✔ Cataloged contents                                                      94ed30f9af85975191f8f55128dd7e7f132bf28847cd5baa1ed00989558ac5b1
   ├── ✔ Packages                        [132 packages]  
   ├── ✔ File digests                    [56 files]  
   ├── ✔ File metadata                   [56 locations]  
   └── ✔ Executables                     [20 executables]  
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]  
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored 
No vulnerabilities found

Image Size

• The Image is smaller in size than its common public counterpart.
• The Image is larger in size than its common public counterpart (please explain in the notes).

Notes:

Image Vulnerabilities

• The Grype vulnerability scan returned 0 CVE(s).
• The Grype vulnerability scan returned > 0 CVE(s) (please explain in the notes).

Notes:

Image Tagging

• The image is not tagged with version tags.
• The image is tagged with :latest
• The image is not tagged with :latest (please explain in the notes).

Notes:

Basic Testing - K8s cluster

• The container image was successfully loaded into a kind cluster.
• The container image could not be loaded into a kind cluster (please explain in the notes).

Notes:

Basic Testing - Package/Application

• The application is accessible to the user/cluster/etc. after start-up.
• The application is not accessible to the user/cluster/etc. after start-up. (please explain in the notes).

Notes:

Helm

• A Helm chart has been provided and the container image can be used with the chart. If needed, please add a -compat package to close any gaps with the public helm chart.
• A Helm chart has been provided and the container image is not working with the chart (please explain in the notes).
• A Helm chart was not provided.

Notes:

Processor Architectures

• The image was built and tested for x86_64.
• The image could not be built for x86_64 (please explain in the notes).
• The image was built and tested for aarch64.
• The image could not be built for aarch64. (please explain in the notes).

Notes:

Functional Testing + Documentation

• Functional tests have been included and the tests are passing. All tests have been documnted in the notes section.

Notes:

Environment Testing + Documentation

• There has not been a request and/or there is no indication that this image needs tested on a public cloud provider.
• The container image has been tested successfully on a public cloud provider (AWS, GCP, Azure).
• The container image has not been tested successfully on a public cloud provider (AWS, GCP, Azure) (please explain in the notes).

Notes:

Version

• The package version is the latest version of the package. The latest tag points to this version.
• The package version is the not the latest version of the package (please explain in the notes).

Notes:

Dev Tag Availability

• There is a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base')
• There is not a dev tag available that includes a shell and apk tools (by depending on 'wolfi-base') (please explain in the notes).

Notes:

Access Control + Authentication

• The image runs as nonroot and GID/UID are set to 65532 or upstream default
• Alternatively the username and GID/UID may be a commonly used one from the ecosystem e.g: postgres
• The image requires a non-standard username or non-standard GID/UID (please explain in the notes).

ENTRYPOINT

• applications/servers/utilities set to call main program with no arguments e.g. [redis-server]
• applications/servers/utilities not set to call main program with no arguments e.g. [redis-server] (please explain in the notes)
• base images leave empty.
• base image and not empty (please explain in the notes).
• dev variants is set to entrypoint script that falls back to system.
• dev variants is not set to entrypoint script that falls back to system (please explain in the notes).

CMD

• For server applications give arguments to start in daemon mode (may be empty)
• For utilities/tooling bring up help e.g. –help
• For base images with a shell, call it e.g. [/bin/sh]

Environment Variables

• Environment variables added.
• Environment variables not added and not required.

SIGTERM

• The image responds to SIGTERM (e.g., docker kill $(docker run -d --rm cgr.dev/chainguard/nginx))

Logs

• Error logs write to stderr and normal logs to stdout. Logs DO NOT write to file.

Documentation - README

• A README file has been provided and it follows the README template.