Skip to content

curl/curl-container

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
etc
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Curl Container

build_master_multi_images build_latest_release_multi_images

This repository contains infrastructure/code that generates, tests and distributes the Official curl docker images available from the following registries:

To pull an image:

> podman pull quay.io/curl/curl:latest

To run an image:

> podman run -it quay.io/curl/curl:latest -V

To use base image:

from quay.io/curl/curl-base:latest
RUN apk add jq

How to verify images

To view curl image signature use sigstore cosign tree:

> cosign tree ghcr.io/curl/curl-container/curl:master

Images are verified with this public key:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEwFTRXl79xRiAFa5ZX4aZ7Vkdqmji
5WY0zqc3bd6B08CsNftlYsu2gAqdWm0IlzoQpi2Zi5C437RTg/DgLQ6Bkg==
-----END PUBLIC KEY-----

Verify image using cosign.pub public key using sigstore cosign verify:

> cosign verify --key cosign.pub ghcr.io/curl/curl-container/curl:master

Contact

If you have problems, questions, ideas or suggestions, please raise an issue or contact curl-container team or Jim Fuller directly.

Development curl images

The following images are available via github packages.

Master branch built regularly:

  • curl-dev:master - curl-dev master branch
  • curl-base:master - curl-base master branch
  • curl:master - curl master branch
  • curl-multi:master - curl multiarch master branch
  • curl-base-multi:master - curl-base multiarch master branch

A set of special case images built regularly:

  • curl-exp:master - curl master branch built enabling expiremental features

Platform specific dev images built daily:

  • curl-dev:master - alpine based development environment
  • curl-dev-debian:master - debian based development environment
  • curl-dev-fedora:master - fedora based development environment

To use any of these development images;

> podman run -it -v /Users/exampleuser/src/curl:/src/curl  ghcr.io/curl/curl-container/curl-dev-debian:master zsh
> ./buildconf
> ./configure
> make

Note- dev images are not specifically scanned for vulnerabilities and we currently pin to latest which always has vulns ... use at your own risk. Perhaps we could consider pinning to a later 'vintage'.

Dependencies

Either of the following are required to use images:

The following are required to build or release images:

Release

Curl images roughly match curl own release schedule, though we may release multiple versions of the same curl version. In that instance we append a number (ex. 8.1.2-1) though do not rev the version number used in registries.

The release process is as follows:

  • create new branch (ex. v8.1.2)
  • update VERSION to match curl version
  • update CHANGELOG.md
  • raise prep PR, review and merge
  • create new release with new tag ( ex. 8.1.2 ) based on previously created branch
  • new tag will trigger CI for publishing to quay/docker