Build distroless images with apk
!
Witchery is a collection of tools which can be composed to build distroless images. It is intended to be portable for use with any package management tooling, but is primarily focused on apk-based distributions at the moment, such as Alpine.
It is also designed to be easy to use with any other third-party tooling in a fully composable fashion, e.g. with Docker.
Your application payload is converted into an apk
package or
equivalent. This allows for the use of the package manager to
assemble the image.
Where possible, witchery uses the pre-existing packaging tools
for a base distribution. For example, it uses abuild
to generate
the apk
package with your payload. This allows for leveraging
the automatic dependency generation features of abuild
to
simplify the process of gathering dependencies.
Witchery is designed to be easy to use with Docker. Some examples
are available in the examples/
directory.
-
witchery-buildapk - builds an APK out of an arbitrary filesystem
-
witchery-compose - composes an image, given a set of APKs, package names, and repositories as inputs
You need to have a signing key generated to sign the intermediary
artifacts. Use abuild-keygen -na
to get one.
-
alpine-make-rootfs, build Alpine rootfs with an installation script. Witchery's main difference is that it can drive
abuild
, while alpine-make-rootfs requires dependencies to be specified manually. -
Google's distroless project, same concept as witchery, but with glibc, and the bazel build system.