Table of Contents generated with DocToc
This repository contains a couple of container demos meant for consumption by 3Pillar Global's internal DevOps Community of Practice.
For building this Docker image, the following will do:
docker build . -t devops-cop-container-demo
For added benefit, export DOCKER_BUILDKIT=1 before the build to use buildkit, the new build backend.
For installing pre-commit hooks, run:
pre-commit install
For running hadolint, dockle, and trivy, the scripts directory contains wrapper bash scripts to all three, e.g.
scripts/trivy_wrapper.sh devops-cop-container-demo
As CICD good practices,
- use pre-commit hooks,
- run the app code lint and test inside as part of a multi-stage build,
- lint the Dockerfile with Hadolint,
- lint the Docker image with Dockle,
- and scan for vulnerabilities with Trivy.
Enabling Docker Content Trust is normally recommended, but as mentioned in this open issue it does not work with locally built images.
Always clean up after yourself:
docker system prune -a
(Note: be mindful about running this on production systems, though.)