hoppr/semantic-release Docker 镜像 - 轩辕镜像 | Docker 镜像高效稳定拉取服务
hoppr/semantic-releasehoppr
由Renovate Bot维护的Semantic Release基础镜像,用于自动化版本管理和发布流程,支持GitLab CI集成及镜像签名验证,适用于CI/CD环境中的版本自动化。
1 次收藏下载次数: 0状态:社区镜像维护者:hoppr仓库类型:镜像最近更新:25 天前
Semantic Release 镜像
概述和主要用途
由Renovate Bot维护的基础镜像,用于自动化版本管理和发布流程。基于Semantic Release工具,支持在CI/CD环境中实现版本号自动生成、发布日志创建等功能。镜像源码仓库:[] Release官方文档:[]
核心功能和特性
- 提供Semantic Release运行环境,支持自动化版本控制和发布流程
- 集成GitLab CI,可输出发布环境变量文件(release.env)并作为制品存储
- 支持通过Cosign工具验证镜像签名,确保镜像完整性和安全性
- 提供Cyclonedx格式证明验证,支持供应链安全审计
使用场景和适用范围
适用于需要自动化版本管理的项目,尤其适合集成到GitLab CI/CD流水线中,实现版本号自动管理、发布日志生成、发布包推送等自动化流程。
使用方法和配置说明
GitLab CI配置示例
以下是在GitLab CI中使用该镜像的基础配置:
yamlsemantic-release: image: hoppr/semantic-release:latest script: - semantic-release artifacts: paths: - release.env reports: dotenv: release.env
镜像验证
可通过Cosign工具验证镜像签名,公钥可在镜像Releases页面获取。签名将通过Rekor透明度日志验证。
验证命令示例
使用crane获取镜像摘要,结合yq提高输出可读性:
bash$ export DGST=$(crane digest hoppr/semantic-release:latest) $ export COSIGN_PUB_KEY=$(cat cosign.pub) $ COSIGN_EXPERIMENTAL=1 cosign verify --key env://COSIGN_PUB_KEY hoppr/semantic-release@$DGST | yq eval -P -
验证输出示例:
Verification for hoppr/semantic-release@sha256:bbd771d1dc194ee6bb4001e6823d4a84167601859c6d3eb3be8fe470590db962 -- The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The signatures were verified against the specified public key - critical: identity: docker-reference: hoppr/semantic-release image: docker-manifest-digest: sha256:bbd771d1dc194ee6bb4001e6823d4a84167601859c6d3eb3be8fe470590db962 type: cosign container image signature optional: Bundle: SignedEntryTimestamp: MEUCIQD+BYY+e6wIA...... Payload: body: eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI0Njk1NjkzODE5MTIwMjUwN2JkMzNhYTRlMTdmYTQ2MzA1MzgxOTgyNWI2MDkzMzA5OGJhMWJlMWM2MjVjN2VmIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FWUNJUURXaVFWbitXTUZ6UGp1TFA4VlJUSmZWNXBBZ2VEamlkZkxSeWhPdFJHQVlnSWhBSmI4SXF4TXZ5clRYRFRWVGVTa0oxclVCcVo3R1MrcHIxaTlNdmMvYWZINiIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCUVZVSk1TVU1nUzBWWkxTMHRMUzBLVFVacmQwVjNXVWhMYjFwSmVtb3dRMEZSV1VsTGIxcEplbW93UkVGUlk....... integratedTime: *** logIndex: 6887..... logID: c0d23d6ad406973f9559f3ba.......
证明验证
可通过验证镜像证明树确认证明和签名有效性。
查看证明树结构
bash$ export DGST=$(crane digest hoppr/semantic-release:latest) $ cosign tree hoppr/semantic-release@$DGST
输出示例:
📦 Supply Chain Security Related artifacts for an image: hoppr/semantic-release@sha256:97d9e2c819c905b13bd849650aeb7bbafb9dcac9ba1e49851e8d82c40a9697cb └── 💾 Attestations for an image tag: hoppr/semantic-release:sha256-97d9e2c819c905b13bd849650aeb7bbafb9dcac9ba1e49851e8d82c40a9697cb.att └── 🍒 sha256:b56dcbd3d1ada9c64a2450a3a2cbd3a0b75a15fdec2eedc123d780c2c3a846a2 └── 🔐 Signatures for an image tag: hoppr/semantic-release:sha256-97d9e2c819c905b13bd849650aeb7bbafb9dcac9ba1e49851e8d82c40a9697cb.sig └── 🍒 sha256:120a8bc7c8025d57559f21a8f8c6681bb744a1689a423768c50949e233cc5b7b
验证Cyclonedx格式证明
bash$ export DGST=$(crane digest hoppr/semantic-release:latest) $ export COSIGN_PUB_KEY=$(cat cosign.pub) $ cosign verify-attestation --key env://COSIGN_PUB_KEY --type cyclonedx hoppr/semantic-release@$DGST
解码证明Payload
bash$ export DGST=$(crane digest hoppr/semantic-release:latest) $ export COSIGN_PUB_KEY=$(cat cosign.pub) cosign verify-attestation --key env://COSIGN_PUB_KEY --type cyclonedx hoppr/semantic-release@$DGST | jq -r '.payload' | base64 --decode
镜像拉取常见问题
使用与功能问题
错误码与失败问题
manifest unknown 错误:镜像不存在或标签错误
manifest unknown 错误
TLS/SSL 证书验证失败:Docker pull 时 HTTPS 证书错误
TLS 证书验证失败
DNS 解析超时:无法解析镜像仓库地址或连接超时
DNS 解析超时
410 Gone 错误:Docker 版本过低导致协议不兼容
410 错误:版本过低
402 Payment Required 错误:流量耗尽错误提示
402 错误:流量耗尽
401 UNAUTHORIZED 错误:身份认证失败或登录信息错误
身份认证失败错误
429 Too Many Requests 错误:请求频率超出专业版限制
429 限流错误
Docker login 凭证保存错误:Cannot autolaunch D-Bus(不影响登录)
凭证保存错误
账号 / 计费 / 权限
用户好评
来自真实用户的反馈,见证轩辕镜像的优质服务
oldzhang
运维工程师
Linux服务器
5
"Docker访问体验非常流畅,大镜像也能快速完成下载。"