jfxs/devcontainer-rye Docker 镜像 - 轩辕镜像 | Docker 镜像高效稳定拉取服务

devcontainer Rye

![Pipeline Status]([***]

A devcontainer Debian image with Rye to develop in Python inside a container:

• multiarch with support of amd64 and arm64,
• automatically updated by comparing software bill of materials (SBOM) changes,
• image signed with Cosign,
• a software bill of materials (SBOM) attestation added using Syft,
• available on Docker Hub and Quay.io.

![GitLab]([***] The main repository.

![Docker Hub]([***] The Docker Hub registry.

![Quay.io]([***] The Quay.io registry.

This image offers an optimal experience for zsh shell users. The image also includes bash shell.

Running with VScode

.devcontainer/devcontainer.json configuration to develop inside a container:

json
{
  "image": "jfxs/devcontainer-rye",
...
}

Running locally

shell
docker run -it --rm -v $(pwd):/workdir jfxs/devcontainer-rye /bin/zsh

Built with

Docker latest tag is 0.44.0-029, 0.44, 0 and has:

Dockerhub Overview page has the details of the last published image.

Versioning

Docker tag definition:

• the rye version used,
• a dash
• an increment to differentiate build with the same version starting at 001

text
<rye_version>-<increment>

Example: 0.26.0-001

Signature and attestation

Cosign public key:

shell
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEa3yV6+yd/l4zh/tfT6Tx+zn0dhy3
BhFqSad1norLeKSCN2MILv4fZ9GA6ODOlJOw+7vzUvzZVr9IXnxEdjoWJw==
-----END PUBLIC KEY-----

The public key is also available online: <[***]>.

To verify an image:

shell
cosign verify --key cosign.pub $IMAGE_URI

To verify and get the software bill of materials (SBOM) attestation:

shell
cosign verify-attestation --key cosign.pub --type spdxjson $IMAGE_URI | jq '.payload | @base64d | fromjson | .predicate'

Authors

• FX Soubirou - Initial work - GitLab repositories

License

This program is free software: you can redistribute it and/or modify it under the terms of the MIT License (MIT). See the LICENSE for details.