diff --git a/docs/release/trg-0/trg-0.md b/docs/release/trg-0/trg-0.md index b4e3c3a9396..af194d6f76a 100644 --- a/docs/release/trg-0/trg-0.md +++ b/docs/release/trg-0/trg-0.md @@ -6,6 +6,7 @@ title: TRG 0 - Changelog & Drafts | Created | Post-History | |--------------|-----------------------------------------------------------------------------------------------| +| 09-Oct-2023 | TRG 4.06 add base image for hashicorp vault | | 29-Sep-2023 | TRG 4.02 / 06 add Alpine Linux to list of container base images | | 20-Sept-2023 | Adjust PostgreSQL version in TRG 5.07 | | 24-Aug-2023 | Move updated TRG 7.01 to active | diff --git a/docs/release/trg-0/trg-4-06.md b/docs/release/trg-0/trg-4-06.md new file mode 100644 index 00000000000..90f104e2467 --- /dev/null +++ b/docs/release/trg-0/trg-4-06.md @@ -0,0 +1,138 @@ +--- +title: TRG 4.06 - Notice for docker images +--- + +:::caution +Proposed release date: "mandatory after": 19th of May 2023 +::: + +| Status | Created | Post-History | +|--------|-------------|------------------| +| Draft | 04-May-2023 | Initial release | + +## Why + +Due to legal constrains we need to annotate the released container images to make it clear that we do our best to provide good images for demo purposes, +but we do not provide any legal guarantee. +This has to be defined in a dedicated 'Notice for docker image' section in our repositories and on the respective image page on `DockerHub`. + +## Description + +There are a few properties and links, that **must** be present on each notice, but they do vary for each image and product. +The minimum set of information is: + +- Link to the source of your base image (Container registry and GitHub if available) +- Link to your product image on `DockerHub` +- Link to your repository on GitHub +- Direct link to the Dockerfile used to build your image +- Link to `LICENCE` file in your repo as 'Project License' (make clear, that this is the PROJECT licence, not an image license) + +## How and where to annotate the base image + +The above information **must** be provided in Markdown format, either in your toplevel `README.md`, or in a dedicated +notice Markdown file, that you then reference from your toplevel `README.md`. + +A dedicated notice file can be necessary, if you built multiple container image from a single repository. +Multiple notice files ensure, that you can directly link the specific `Dockerfile`, that is used and include it in the description, that is pushed to `DockerHub`. + +The notice **must** always start with the following headline and the reference to your image on `DockerHub` +(example taken from [app-dashboard](https://github.com/eclipse-tractusx/app-dashboard#notice-for-docker-image): + +```markdown +## Notice for Docker image + +DockerHub: [https://hub.docker.com/r/tractusx/app-dashboard](https://hub.docker.com/r/tractusx/app-dashboard) +``` + +Following this, you **must** provide additional information on your product: +(example taken from [app-dashboard](https://github.com/eclipse-tractusx/app-dashboard#notice-for-docker-image): + +```markdown +Eclipse Tractus-X product(s) installed within the image: + +____ + +- GitHub: https://github.com/eclipse-tractusx/ +- Project home: https://projects.eclipse.org/projects/automotive.tractusx +- Dockerfile: https://github.com/eclipse-tractusx//blob/main/ +- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx//blob/main/LICENSE) +``` + +The last bits of information you **must** provide is related to your used base image. +As previously described, the following information should be provided, if available: + +- DockerHub links +- GitHub repo +- direct links to Dockerfile + +The following example is taken from the [IRS product](https://github.com/eclipse-tractusx/item-relationship-service#notice-for-docker-image): + +```markdown +**Used base image** + +- [eclipse-temurin:20-jre-alpine](https://github.com/adoptium/containers) +- Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin +- Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin +- Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin +``` + +Closing the notice, we provide a general statement about potentially contained other tools and the demo/experimental purpose +of our images. We use the following text: + +```markdown +As with all Docker images, these likely also contain other software which may be under other licenses +(such as Bash, etc. from the base distribution, along with any direct or indirect dependencies of the primary software being contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. +``` + +## Examples + +The following examples are shown as reference, to see already existing and complete versions of a 'Notice for docker images'. +They **can not** be used for your product without modifications. + +Good example for notice integrated in toplevel `README.md`: [IRS](https://github.com/eclipse-tractusx/item-relationship-service#notice-for-docker-image) + +Good example for a dedicated notice file: [edc-controlplane-memory-hashicorp-vault](https://github.com/eclipse-tractusx/tractusx-edc/edit/main/edc-controlplane/edc-controlplane-memory-hashicorp-vault/notice.md) + +## Already collected base image information + +The following sections contain information, that already has been collected on base images, that are used in Eclipse Tractus-X. +You can use that information for your own notice. **Be careful**, when it comes to version, like JRE versions for example. +You have to adapt some of the provided links to match your used version. + +### Eclipse Temurin (JRE) + +- Base image reference (example) `eclipse-temurin:20-jre-alpine` +- [GitHub repo](https://github.com/adoptium/containers) +- [Official Eclipse Temurin DockerHub page](https://hub.docker.com/_/eclipse-temurin) +- [Eclipse Temurin Project](https://projects.eclipse.org/projects/adoptium.temurin) +- [Additional information about the Eclipse Temurin images](https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin) + +### Nginx-unprivileged (serve static HTML and JS bundles) + +- Base image reference (example) `nginxinc/nginx-unprivileged:alpine` +- [Dockerfile (alpine)](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/Dockerfile-alpine.template) +- GitHub project: [https://github.com/nginxinc/docker-nginx-unprivileged](https://github.com/nginxinc/docker-nginx-unprivileged) +- DockerHub: [https://hub.docker.com/r/nginxinc/nginx-unprivileged](https://hub.docker.com/r/nginxinc/nginx-unprivileged) + +### .NET runtime + +- Base image reference (example): `mcr.microsoft.com/dotnet/runtime:6.0-alpine` +- Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/runtime:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/runtime/6.0/alpine3.17/amd64/Dockerfile) +- GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) +- DockerHub: [https://hub.docker.com/_/microsoft-dotnet-runtime](https://hub.docker.com/_/microsoft-dotnet-runtime) + +### ASP.NET core runtime + +- Base image reference (example): `mcr.microsoft.com/dotnet/aspnet:6.0-alpine` +- Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/aspnet:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/aspnet/6.0/alpine3.17/amd64/Dockerfile) +- GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) +- DockerHub: [https://hub.docker.com/_/microsoft-dotnet-aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet) + +### Hashicorp Vault image + +- Base image reference (example): `vault:13.3` +- Dockerfile (:13.3): [vault:13.3](https://github.com/hashicorp/docker-vault/blob/v1.13.3/0.X/Dockerfile) +- GitHub project: [https://github.com/hashicorp/docker-vault](https://github.com/hashicorp/docker-vault) +- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault)