From 7531847a85005dfb133af35669289e7b91c457b2 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 1 Sep 2023 04:35:58 -0700 Subject: [PATCH 1/3] feat: added vault image --- docs/release/trg-4/trg-4-06.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/release/trg-4/trg-4-06.md b/docs/release/trg-4/trg-4-06.md index 17b2bfabe09..54f73df5a7b 100644 --- a/docs/release/trg-4/trg-4-06.md +++ b/docs/release/trg-4/trg-4-06.md @@ -129,3 +129,9 @@ You have to adapt some of the provided links to match your used version. - Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/aspnet:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/aspnet/6.0/alpine3.17/amd64/Dockerfile) - GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) - DockerHub: [https://hub.docker.com/_/microsoft-dotnet-aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet) + +### Hashicorp Vault image +- Base image reference (example): `vault:13.3` +- Dockerfile (:13.3): [vault:13.3](https://github.com/hashicorp/docker-vault/blob/v1.13.3/0.X/Dockerfile) +- GitHub project: [https://github.com/hashicorp/docker-vault](https://github.com/hashicorp/docker-vault) +- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault) \ No newline at end of file From 7ff2f21314c0369b706a2ac87bec2c0c3551430b Mon Sep 17 00:00:00 2001 From: --show-origin Date: Fri, 1 Sep 2023 04:43:45 -0700 Subject: [PATCH 2/3] fix: fixed markdown linting --- docs/release/trg-4/trg-4-06.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/release/trg-4/trg-4-06.md b/docs/release/trg-4/trg-4-06.md index 54f73df5a7b..90f104e2467 100644 --- a/docs/release/trg-4/trg-4-06.md +++ b/docs/release/trg-4/trg-4-06.md @@ -131,7 +131,8 @@ You have to adapt some of the provided links to match your used version. - DockerHub: [https://hub.docker.com/_/microsoft-dotnet-aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet) ### Hashicorp Vault image + - Base image reference (example): `vault:13.3` - Dockerfile (:13.3): [vault:13.3](https://github.com/hashicorp/docker-vault/blob/v1.13.3/0.X/Dockerfile) - GitHub project: [https://github.com/hashicorp/docker-vault](https://github.com/hashicorp/docker-vault) -- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault) \ No newline at end of file +- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault) From 4315da62d9d2f01ded3419aae51c4c58ee371417 Mon Sep 17 00:00:00 2001 From: --show-origin Date: Tue, 5 Sep 2023 05:16:27 -0700 Subject: [PATCH 3/3] chore: follow the draft flow --- docs/release/trg-0/trg-0.md | 1 + docs/release/trg-0/trg-4-06.md | 138 +++++++++++++++++++++++++++++++++ docs/release/trg-4/trg-4-06.md | 7 -- 3 files changed, 139 insertions(+), 7 deletions(-) create mode 100644 docs/release/trg-0/trg-4-06.md diff --git a/docs/release/trg-0/trg-0.md b/docs/release/trg-0/trg-0.md index f5d8db9ba0f..27f0a4c0d32 100644 --- a/docs/release/trg-0/trg-0.md +++ b/docs/release/trg-0/trg-0.md @@ -6,6 +6,7 @@ title: TRG 0 - Changelog & Drafts | Created | Post-History | |--------------|----------------------------------------------------------------------------------------------| +| 05-Sep-2023 | TRG 4.06 add base image for hashicorp vault | | 20-Jul-2023 | TRG 7.07 / 08 for OSS documentation improved, section added for documentation under CC-BY-4.0| | 6-June-2023 | Extend helm test example workflow (5.09) for k8s versions (5.10) and upgradeability (5.11) | | 2-June-2023 | Add recommendation for implementing legal notice in frontend apps (7.06) | diff --git a/docs/release/trg-0/trg-4-06.md b/docs/release/trg-0/trg-4-06.md new file mode 100644 index 00000000000..90f104e2467 --- /dev/null +++ b/docs/release/trg-0/trg-4-06.md @@ -0,0 +1,138 @@ +--- +title: TRG 4.06 - Notice for docker images +--- + +:::caution +Proposed release date: "mandatory after": 19th of May 2023 +::: + +| Status | Created | Post-History | +|--------|-------------|------------------| +| Draft | 04-May-2023 | Initial release | + +## Why + +Due to legal constrains we need to annotate the released container images to make it clear that we do our best to provide good images for demo purposes, +but we do not provide any legal guarantee. +This has to be defined in a dedicated 'Notice for docker image' section in our repositories and on the respective image page on `DockerHub`. + +## Description + +There are a few properties and links, that **must** be present on each notice, but they do vary for each image and product. +The minimum set of information is: + +- Link to the source of your base image (Container registry and GitHub if available) +- Link to your product image on `DockerHub` +- Link to your repository on GitHub +- Direct link to the Dockerfile used to build your image +- Link to `LICENCE` file in your repo as 'Project License' (make clear, that this is the PROJECT licence, not an image license) + +## How and where to annotate the base image + +The above information **must** be provided in Markdown format, either in your toplevel `README.md`, or in a dedicated +notice Markdown file, that you then reference from your toplevel `README.md`. + +A dedicated notice file can be necessary, if you built multiple container image from a single repository. +Multiple notice files ensure, that you can directly link the specific `Dockerfile`, that is used and include it in the description, that is pushed to `DockerHub`. + +The notice **must** always start with the following headline and the reference to your image on `DockerHub` +(example taken from [app-dashboard](https://github.com/eclipse-tractusx/app-dashboard#notice-for-docker-image): + +```markdown +## Notice for Docker image + +DockerHub: [https://hub.docker.com/r/tractusx/app-dashboard](https://hub.docker.com/r/tractusx/app-dashboard) +``` + +Following this, you **must** provide additional information on your product: +(example taken from [app-dashboard](https://github.com/eclipse-tractusx/app-dashboard#notice-for-docker-image): + +```markdown +Eclipse Tractus-X product(s) installed within the image: + +____ + +- GitHub: https://github.com/eclipse-tractusx/ +- Project home: https://projects.eclipse.org/projects/automotive.tractusx +- Dockerfile: https://github.com/eclipse-tractusx//blob/main/ +- Project license: [Apache License, Version 2.0](https://github.com/eclipse-tractusx//blob/main/LICENSE) +``` + +The last bits of information you **must** provide is related to your used base image. +As previously described, the following information should be provided, if available: + +- DockerHub links +- GitHub repo +- direct links to Dockerfile + +The following example is taken from the [IRS product](https://github.com/eclipse-tractusx/item-relationship-service#notice-for-docker-image): + +```markdown +**Used base image** + +- [eclipse-temurin:20-jre-alpine](https://github.com/adoptium/containers) +- Official Eclipse Temurin DockerHub page: https://hub.docker.com/_/eclipse-temurin +- Eclipse Temurin Project: https://projects.eclipse.org/projects/adoptium.temurin +- Additional information about the Eclipse Temurin images: https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin +``` + +Closing the notice, we provide a general statement about potentially contained other tools and the demo/experimental purpose +of our images. We use the following text: + +```markdown +As with all Docker images, these likely also contain other software which may be under other licenses +(such as Bash, etc. from the base distribution, along with any direct or indirect dependencies of the primary software being contained). + +As for any pre-built image usage, it is the image user's responsibility to ensure that any use of this image complies with any relevant licenses for all software contained within. +``` + +## Examples + +The following examples are shown as reference, to see already existing and complete versions of a 'Notice for docker images'. +They **can not** be used for your product without modifications. + +Good example for notice integrated in toplevel `README.md`: [IRS](https://github.com/eclipse-tractusx/item-relationship-service#notice-for-docker-image) + +Good example for a dedicated notice file: [edc-controlplane-memory-hashicorp-vault](https://github.com/eclipse-tractusx/tractusx-edc/edit/main/edc-controlplane/edc-controlplane-memory-hashicorp-vault/notice.md) + +## Already collected base image information + +The following sections contain information, that already has been collected on base images, that are used in Eclipse Tractus-X. +You can use that information for your own notice. **Be careful**, when it comes to version, like JRE versions for example. +You have to adapt some of the provided links to match your used version. + +### Eclipse Temurin (JRE) + +- Base image reference (example) `eclipse-temurin:20-jre-alpine` +- [GitHub repo](https://github.com/adoptium/containers) +- [Official Eclipse Temurin DockerHub page](https://hub.docker.com/_/eclipse-temurin) +- [Eclipse Temurin Project](https://projects.eclipse.org/projects/adoptium.temurin) +- [Additional information about the Eclipse Temurin images](https://github.com/docker-library/repo-info/tree/master/repos/eclipse-temurin) + +### Nginx-unprivileged (serve static HTML and JS bundles) + +- Base image reference (example) `nginxinc/nginx-unprivileged:alpine` +- [Dockerfile (alpine)](https://github.com/nginxinc/docker-nginx-unprivileged/blob/main/Dockerfile-alpine.template) +- GitHub project: [https://github.com/nginxinc/docker-nginx-unprivileged](https://github.com/nginxinc/docker-nginx-unprivileged) +- DockerHub: [https://hub.docker.com/r/nginxinc/nginx-unprivileged](https://hub.docker.com/r/nginxinc/nginx-unprivileged) + +### .NET runtime + +- Base image reference (example): `mcr.microsoft.com/dotnet/runtime:6.0-alpine` +- Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/runtime:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/runtime/6.0/alpine3.17/amd64/Dockerfile) +- GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) +- DockerHub: [https://hub.docker.com/_/microsoft-dotnet-runtime](https://hub.docker.com/_/microsoft-dotnet-runtime) + +### ASP.NET core runtime + +- Base image reference (example): `mcr.microsoft.com/dotnet/aspnet:6.0-alpine` +- Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/aspnet:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/aspnet/6.0/alpine3.17/amd64/Dockerfile) +- GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) +- DockerHub: [https://hub.docker.com/_/microsoft-dotnet-aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet) + +### Hashicorp Vault image + +- Base image reference (example): `vault:13.3` +- Dockerfile (:13.3): [vault:13.3](https://github.com/hashicorp/docker-vault/blob/v1.13.3/0.X/Dockerfile) +- GitHub project: [https://github.com/hashicorp/docker-vault](https://github.com/hashicorp/docker-vault) +- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault) diff --git a/docs/release/trg-4/trg-4-06.md b/docs/release/trg-4/trg-4-06.md index 90f104e2467..17b2bfabe09 100644 --- a/docs/release/trg-4/trg-4-06.md +++ b/docs/release/trg-4/trg-4-06.md @@ -129,10 +129,3 @@ You have to adapt some of the provided links to match your used version. - Dockerfile (:6-alpine): [mcr.microsoft.com/dotnet/aspnet:6.0-alpine](https://github.com/dotnet/dotnet-docker/blob/e1984aaea51a796b68f6672749d280525c30e063/src/aspnet/6.0/alpine3.17/amd64/Dockerfile) - GitHub project: [https://github.com/dotnet/dotnet-docker](https://github.com/dotnet/dotnet-docker) - DockerHub: [https://hub.docker.com/_/microsoft-dotnet-aspnet](https://hub.docker.com/_/microsoft-dotnet-aspnet) - -### Hashicorp Vault image - -- Base image reference (example): `vault:13.3` -- Dockerfile (:13.3): [vault:13.3](https://github.com/hashicorp/docker-vault/blob/v1.13.3/0.X/Dockerfile) -- GitHub project: [https://github.com/hashicorp/docker-vault](https://github.com/hashicorp/docker-vault) -- DockerHub: [hhttps://hub.docker.com/_/vault](https://hub.docker.com/_/vault)