remove shell implementation of image-build

- Get source package version from the public altlinux api.
- Add build options: --dry-run, --push, --skip-build, --latest
- Separate build and push stages of images

.gitea/workflows/testscript

@@ -24,20 +24,22 @@ do
     then imgpath="$2-$1/$IM:latest"
   fi
 
+  entrypoint='/bin/sh'
+
   command="echo empty_command"
   if [[ $test != '' ]]; then
-    command="podman run --rm --entrypoint=\"/bin/sh\" $3/$imgpath -c \"$test\""
+    command="podman run --rm --entrypoint=\"$entrypoint\" $3/$imgpath -c \"$test\""
   else
-    if [[ $IM = 'distroless-true' ]]; then
+    if [[ $IM == 'distroless-true' ]]; then
       command="podman run --rm $3/$imgpath \"true\""
     fi
-    if [[ $IM = 'distroless-gotop' ]]; then 
+    if [[ $IM == 'distroless-gotop' ]]; then 
       command="podman run --rm $3/$imgpath \"--version\""
     fi 
-    if [[ $IM = 'flannel-cni-plugin' ]]; then
+    if [[ $IM == 'flannel-cni-plugin' ]]; then
       command="podman run --rm $3/$imgpath \"/flannel\""
     fi
-    if [[ $IM = 'pause' ]]; then 
+    if [[ $IM == 'pause' ]]; then 
       command="podman run --rm $3/$imgpath \"/pause\" \"-v\""
     fi 
   fi

.gitea/workflows/wf_full_p10.yaml

@@ -62,7 +62,6 @@ jobs:
         id: build-script
         run: |
           build_args="-b $BR -o $ORG --skip-images alt/distroless-devel"          
-          if [[ $BR == 'c10f1' || $BR == 'c10f2' ]]; then build_args="$build_args --skip-arches arm ppc64le"; fi
           if [[ $ORG == 'k8s' ]]; then build_args="$build_args --tags tags.toml --overwrite-organization $ORG-$BR --skip-images k8s/kube-apiserver k8s/kube-controller-manager k8s/kube-proxy k8s/kube-scheduler"; fi
           echo "build.py $build_args"
           ${{ gitea.workspace }}/build.py $build_args

.gitea/workflows/wf_full_p11.yaml

@@ -0,0 +1,133 @@
+name: Full building alt images
+on:
+  push:
+    tags:
+      - 'p11_*'
+
+jobs:
+  build-process:
+    runs-on: alt-sisyphus
+    outputs:
+      branch: ${{ env.BRANCH }}
+      org: ${{ env.ORG }}
+      url: ${{ env.URL }}
+      repo: ${{ env.REPO }}
+      buildres: ${{ steps.build-script.outcome }}
+    steps:
+      - name: Check workspace
+        run: |
+          repourl=$(echo $GU | cut -d '/' -f 3)
+          echo "URL=$repourl" >> ${GITHUB_ENV}
+          echo $repourl
+          reponame=$(echo $GR | cut -d '/' -f 1)
+          echo "REPO=$reponame" >> ${GITHUB_ENV}
+          echo $reponame
+        env:
+          GU: ${{ gitea.server_url }}
+          GR: ${{ gitea.repository }}
+      - name: Set repo for p11 (Temporary)
+        if: ${{ contains(github.ref_name, 'p11') }}
+        run: |
+          echo "event tag=${{ github.ref_name }}" 
+          echo "10.4.0.3        update.altsp.su" >> /etc/hosts
+          echo "cat /etc/hosts"
+          cat /etc/hosts 
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+          echo "apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc"
+          apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc          
+      - name: Check out current repo
+        uses: actions/checkout@v4
+      - name: Parse target branch and tag from events context, save to env                                
+        env:
+          EV: ${{ toJson(gitea.event) }}                                         
+        run: |
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1 >> ${GITHUB_ENV}
+          org=$(echo $EV | jq '.ref' -r | sed 's/refs\/tags\///g' | cut -d '_' -f 2)
+          echo "ORG=$org" >> ${GITHUB_ENV}                              
+          echo "ORG=$org"
+      - name: Login podman gitea
+        run: |
+          echo "podman login ${{ env.URL }}"
+          podman login --username $P_USER --password $P_PASS ${{ env.URL }}          
+        env:
+          P_USER: ${{ secrets.PODMAN_USER }}
+          P_PASS: ${{ secrets.PODMAN_PASS }}
+      - name: Run building script
+        id: build-script
+        run: |
+          build_args="-b $BR -o $ORG --skip-images alt/distroless-devel"          
+          if [[ $ORG == 'k8s' ]]; then build_args="$build_args --tags tags.toml --overwrite-organization $ORG-$BR --skip-images k8s/kube-apiserver k8s/kube-controller-manager k8s/kube-proxy k8s/kube-scheduler"; fi
+          echo "build.py $build_args"
+          ${{ gitea.workspace }}/build.py $build_args
+        env:
+          ORG: ${{ env.ORG }}
+          BR: ${{ env.BRANCH }}
+        continue-on-error: true
+      - name: Send notification if build crashed
+        if: ${{ steps.build-script.outcome != 'success' }}
+        run: |
+          issueid=1
+          body="Building images finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+      - name: Delete event tag
+        run: |
+          tagname=$(echo $EV | jq '.ref' -r | sed "s/refs\/tags\///g")
+          curl -X 'DELETE' "$URL/api/v1/repos/$REPO/image-forge/tags/$tagname?token=$T" -H 'accept: application/json' -s
+          echo "tag $tagname is deleted"                    
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          EV: ${{ toJson(gitea.event) }}
+  test-process:
+    needs: build-process
+    if: ${{ needs.build-process.outputs.buildres == 'success' }}
+    runs-on: alt-sisyphus
+    steps:
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+      - name: Check out current repo
+        uses: https://gitea.com/actions/checkout@v4
+      - name: Test
+        id: test-script
+        continue-on-error: true
+        run: |
+          $WS/.gitea/workflows/testscript $BR $ORG $URL $REPO $WS
+          cat haserr.log >> ${GITHUB_ENV}
+          echo "test process finished"
+        env:
+          BR: ${{ needs.build-process.outputs.branch }}
+          ORG: ${{ needs.build-process.outputs.org }}
+          URL: ${{ needs.build-process.outputs.url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+          WS: ${{ gitea.workspace }}
+      - name: Send notification if test crashed
+        if: ${{ env.ERR == 'true' || steps.test-script.outcome == 'failure' }}
+        run: |
+          issueid=1
+          errors=$(cat errors.log)
+          body="Testing images finish with some errors. $errors"
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ needs.build-process.outputs.repo }}

.gitea/workflows/wf_full_sis.yaml

@@ -55,7 +55,6 @@ jobs:
         id: build-script
         run: |
           build_args="-b $BR -o $ORG --skip-images alt/distroless-devel"          
-          if [[ $BR == 'sisyphus' ]]; then build_args="$build_args --skip-arches arm"; fi
           if [[ $ORG == 'k8s' ]]; then build_args="$build_args --tags tags.toml --overwrite-organization $ORG-$BR --skip-images k8s/kube-apiserver k8s/kube-controller-manager k8s/kube-proxy k8s/kube-scheduler"; fi
           echo "build.py $build_args"
           ${{ gitea.workspace }}/build.py $build_args

.gitea/workflows/wf_single.yaml

@@ -0,0 +1,159 @@
+name: Building alt images
+on:
+  push:
+    tags:
+      - '*_*/*'
+
+jobs:
+  build-process:
+    runs-on: alt-latest
+    outputs:
+      branch: ${{ env.BRANCH }}
+      image: ${{ env.IMAGE }}
+      url: ${{ env.URL }}
+      repo: ${{ env.REPO }}
+      buildres: ${{ steps.build-script.outcome }}
+      test: ${{ env.TEST }}
+    steps:
+      - name: Check workspace
+        run: |
+          repourl=$(echo $GU | cut -d '/' -f 3)
+          echo "URL=$repourl" >> ${GITHUB_ENV}
+          echo "URL=$repourl"
+          reponame=$(echo $GR | cut -d '/' -f 1)
+          echo "REPO=$reponame" >> ${GITHUB_ENV} 
+          echo "REPO=$reponame"
+        env:
+          GU: ${{ gitea.server_url }}
+          GR: ${{ gitea.repository }}
+      - name: Set repo for c10f2 (Temporary)
+        if: ${{ contains(github.ref_name, 'c10f2') }}
+        run: |
+          echo "event tag=${{ github.ref_name }}" 
+          echo "10.4.0.3        update.altsp.su" >> /etc/hosts
+          echo "cat /etc/hosts"
+          cat /etc/hosts
+      - name: Update apt
+        uses: actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah jq curl
+          echo "apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc"
+          apt-get install -y qemu-user-static-binfmt-aarch64 qemu-user-static-binfmt-arm qemu-user-static-binfmt-ppc          
+      - name: Check out current repo
+        uses: actions/checkout@v4
+      - name: Login podman gitea
+        run: |
+          echo "podman login ${{ env.URL }}"
+          podman login --username $P_USER --password $P_PASS ${{ env.URL }}          
+        env:
+          P_USER: ${{ secrets.PODMAN_USER }}
+          P_PASS: ${{ secrets.PODMAN_PASS }}
+      - name: Check files in the repository
+        run: |
+          ls -a ${{ gitea.workspace }}          
+      - name: Parse target branch and tag from events context, save to env                                
+        env:
+          EV: ${{ toJson(gitea.event) }}                                         
+        run: |
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1
+          echo $EV | jq '.ref' -r | sed "s/refs\/tags\//BRANCH=/g" | cut -d '_' -f 1 >> ${GITHUB_ENV}
+          localimage=$(echo $EV | jq '.ref' -r | sed 's/refs\/tags\///g' | cut -d '_' -f 2)
+          echo "IMAGE=$localimage" >> ${GITHUB_ENV}                              
+          echo "IMAGE=$localimage"
+          org=$(echo "$localimage" | cut -d '/' -f 1)
+          echo "ORG=$org" >> ${GITHUB_ENV}
+          echo "ORG=$org"
+      - name: Get test for image
+        run: |
+          if test -f ${{ gitea.workspace }}/org/$IM/test; then testscript=$(cat ${{ gitea.workspace }}/org/$IM/test); else testscript=""; fi
+          echo "TEST=$testscript" >> ${GITHUB_ENV}          
+        env:                                     
+          IM: ${{ env.IMAGE }}
+          BR: ${{ env.BRANCH }}
+      - name: Run building script
+        id: build-script
+        run: |
+          if [[ "$IM" == *"k8s"* ]]; then k8sarg="--tags=tags.toml --overwrite-organization $ORG-$BR"; else k8sarg=""; fi
+          echo "build.py -i $IM -b $BR"
+          ${{ gitea.workspace }}/build.py -i $IM -b $BR $k8sarg        
+        env:
+          IM: ${{ env.IMAGE }}
+          BR: ${{ env.BRANCH }}
+          ORG: ${{ env.ORG }}
+        continue-on-error: true
+      - name: Send notification if build crashed
+        if: ${{ steps.build-script.outcome != 'success' }}
+        run: |
+          issueid=1
+          body="Building image $IM finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"          
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          IM: ${{ env.IMAGE }}
+      - name: Delete event tag
+        run: |
+          tagname=$(echo $EV | jq '.ref' -r | sed "s/refs\/tags\///g")
+          curl -X 'DELETE' "$URL/api/v1/repos/$REPO/image-forge/tags/$tagname?token=$T" -H 'accept: application/json' -s
+          echo "tag $tagname is deleted"                              
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ env.BRANCH }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ env.REPO }}
+          EV: ${{ toJson(gitea.event) }}
+  test-process:
+    needs: build-process
+    if: ${{ needs.build-process.outputs.buildres == 'success' }}
+    runs-on: alt-latest
+    steps:
+      - name: Update apt
+        uses: https://gitea.basealt.ru/actions/init-alt-env@v1
+      - name: Install requires
+        run: |
+          echo "apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah curl"
+          apt-get install -y python3-module-tomli python3-module-jinja2 podman buildah curl                 
+      - name: Run test
+        id: test-script
+        if: ${{ needs.build-process.outputs.test != '' }}
+        continue-on-error: true
+        run: |
+          if [[ "$IM" == *"k8s"* ]]; then echo "skip tests for k8s images"; else podman run --rm --entrypoint="/bin/sh" $URL/$IM:$BR -c "$TEST"; fi
+        env:                
+          IM: ${{ needs.build-process.outputs.image }} 
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ needs.build-process.outputs.url }}  
+          REPO: ${{ needs.build-process.outputs.repo }}
+          TEST: ${{ needs.build-process.outputs.test }}
+      - name: Run special test
+        id: special-test
+        if: ${{ needs.build-process.outputs.test == '' }}
+        continue-on-error: true
+        run: |
+          if [[ $IM = 'alt/distroless-true' ]]; then podman run --rm $URL/$IM:$BR true; fi
+          if [[ $IM = 'alt/distroless-gotop' ]]; then podman run --rm $URL/$IM:$BR --version; fi
+        env:
+          IM: ${{ needs.build-process.outputs.image }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ needs.build-process.outputs.url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+      - name: Send notification if test crashed
+        if: ${{ steps.test-script.outcome == 'failure' || steps.special-test.outcome == 'failure' }}
+        run: |
+          issueid=1
+          errors=$(cat errors.log)
+          body="Testing image $IM finish with some errors."
+          curl -X 'POST' "$URL/api/v1/repos/$REPO/image-forge/issues/$issueid/comments?token=$T" -H 'accept: application/json' -H 'Content-Type: application/json' -d "{ \"body\": \"$body\" }" -s
+          echo "notification about test error is sent to issue $issueid"          
+        env:
+          T: ${{ secrets.TOKEN }}
+          BR: ${{ needs.build-process.outputs.branch }}
+          URL: ${{ gitea.server_url }}
+          REPO: ${{ needs.build-process.outputs.repo }}
+          IM: ${{ needs.build-process.outputs.image }}
+

README.md

@@ -1,5 +1,22 @@
 # image-forge
 
+## Wrapper
+
+### Examples
+
+From the repository
+
+```shell
+image-build -b sisyphus -r registry.altlinux.org --prefix=k8s-sisyphus kube-apiserver kubernetes1.28
+```
+
+From a task
+
+```shell
+image-build -b sisyphus -r test.registry.altlinux.org -t 335250 --prefix=k8s-sisyphus kube-apiserver kubernetes1.28
+```
+
+
 ## alt images
 To build `alt` images, run:
 ```bash
@@ -29,6 +46,7 @@ If you push to the users repository, then organiztion is your username.
 ## Dependencies
 On x86_64 machine using p10 branch you need:
 - `python3-module-tomli`
+- `python3-module-jinja2`
 - `qemu-user-static-binfmt-aarch64` to build for arm64 architecture
 - `qemu-user-static-binfmt-arm` to build for arm architecture
 - `qemu-user-static-binfmt-ppc` to build for ppc64le architecture

build.py

@@ -15,6 +15,7 @@ from jinja2 import Template
 
 ORG_DIR = Path("org")
 
+PKG_VERSION: str = ""
 
 class Image:
     def __init__(self, canonical_name):
@@ -578,6 +579,7 @@ class DockerBuilder:
             "--force-rm",
             f"--manifest={manifest}",
             f"--platform={platforms}",
+            f'--build-arg=PKG_VERSION={PKG_VERSION}',
             ".",
         ]
         self.run(build_cmd, cwd=image.path)
@@ -638,8 +640,8 @@ class ImagesInfo:
 
 def parse_args():
     stages = ["build", "remove_dockerfiles", "render_dockerfiles", "push"]
-    arches = ["amd64", "386", "arm64", "arm", "ppc64le"]
+    arches = ["amd64", "386", "arm64"]
-    branches = ["p9", "p10", "sisyphus", "c10f1", "c10f2"]
+    branches = ["p11", "p10", "sisyphus", "c10f1", "c10f2"]
     organizations = list(ORG_DIR.iterdir())
     images = [f"{o.name}/{i.name}" for o in organizations for i in o.iterdir()]
     organizations = [o.name for o in organizations]
@@ -749,6 +751,10 @@ def parse_args():
         choices=stages,
         help="list of stages to skip",
     )
+    parser.add_argument(
+        "--package-version",
+        help="from which package to build",
+    )
     args = parser.parse_args()
 
     args.stages = set(args.stages) - set(args.skip_stages)
@@ -760,7 +766,10 @@ def parse_args():
 
 
 def main():
+    global PKG_VERSION
+
     args = parse_args()
+    PKG_VERSION = args.package_version
     arches = args.arches
     images_info = ImagesInfo()
     tags = Tags(args.tags, args.latest)

image-build.md

@@ -0,0 +1,7 @@
+## Examples
+
+Build `kube-apisever` image from package `kubernetes1.31`:
+
+```bash
+./image-build.py -b sisyphus -r registry.altlinux.org kube-apiserver kubernetes1.31
+```

image-build.py

@@ -0,0 +1,234 @@
+#!/usr/bin/env python3
+
+import argparse
+import logging
+import re
+import subprocess
+from pathlib import Path
+
+import requests
+
+LOGGING_FORMAT = "%(asctime)s %(name)s %(levelname)s %(message)s"
+logging.basicConfig(format=LOGGING_FORMAT)
+logger = logging.getLogger(__name__)
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        description="build an OCI image from a package",
+        epilog="""The image is only pushed to the destination registry
+        if the option --push is present.""",
+        formatter_class=argparse.ArgumentDefaultsHelpFormatter,
+    )
+
+    parser.add_argument("image_name")
+    parser.add_argument("package_name")
+    parser.add_argument(
+        "-b",
+        "--branch",
+        default="sisyphus",
+        help="package repository branch",
+    )
+    parser.add_argument(
+        "-r",
+        "--registry",
+        default="registry.altlinux.org",
+        help="OCI destination registry",
+    )
+    parser.add_argument(
+        "-t",
+        "--task-id",
+        help="install the package from the task with this id",
+    )
+    parser.add_argument(
+        "--prefix",
+        help="image name prefix",
+    )
+    parser.add_argument(
+        "--dry-run",
+        action="store_true",
+        help="only print what would be done",
+    )
+    parser.add_argument(
+        "--latest",
+        action="store_true",
+        help="also tag this image as latest",
+    )
+    parser.add_argument(
+        "--push",
+        action="store_true",
+        help="push the image to the registry after build",
+    )
+    parser.add_argument(
+        "--skip-build",
+        action="store_true",
+        help="if push is true, then skip the build stage",
+    )
+    parser.add_argument(
+        "--log-level",
+        choices=["debug", "info", "warning"],
+        default="warning",
+        help="logging level",
+    )
+
+    return parser.parse_args()
+
+
+def api_get_source_package_version(branch: str, package_name: str) -> str:
+    api_url = "https://rdb.altlinux.org/api/site/package_versions_from_tasks"
+    params = {"branch": branch, "name": package_name}
+    response = requests.get(api_url, params)
+    if response.status_code != 200:
+        raise RuntimeError(
+            f"failed to retrieve package version: package {package_name!r}, branch {branch!r} "
+        )
+
+    result = response.json()
+
+    logger.debug("api/site/package_versions_from_tasks response=%s", result)
+
+    return result["versions"][0]["version"]
+
+
+def api_get_source_package_version_from_task(task_id: int, package_name: str) -> str:
+    api_url = f"https://rdb.altlinux.org/api/task/packages/{task_id}"
+    response = requests.get(api_url)
+    if response.status_code != 200:
+        raise RuntimeError(f"failed to retrieve information about task {task_id}")
+
+    result = response.json()
+
+    logger.debug("api/task/packages/%s response=%s", task_id, result)
+
+    for subtask in result["subtasks"]:
+        if subtask["source"]["name"] == package_name:
+            return subtask["source"]["version"]
+
+    raise RuntimeError(
+        f"vailed to retrieve version of package {package_name!r} from task {task_id}"
+    )
+
+
+def main() -> None:
+    args = parse_args()
+    logger.setLevel(args.log_level.upper())
+
+    image = f"k8s/{args.image_name}"
+    version_arg = None
+    tasks_file = None
+
+    if args.task_id is None:
+        version = api_get_source_package_version(args.branch, args.package_name)
+    else:
+        version = api_get_source_package_version_from_task(
+            args.task_id, args.package_name
+        )
+        tasks_file = "/tmp/k8s-tasks.toml"
+        tasks_file_contents = f"['{args.branch}']\n"
+        tasks_file_contents += f"{args.task_id} = ['{image}']\n"
+        Path(tasks_file).write_text(tasks_file_contents)
+
+    tags_file = "/tmp/k8s-tags.toml"
+    tags_file_contents = f"['{image}']\n"
+
+    match args.image_name:
+        case (
+            "etcd"
+            | "flannel"
+            | "flannel-cni-plugin"
+            | "pause"
+            | "cert-manager-acmesolver"
+            | "cert-manager-cainjector"
+            | "cert-manager-controller"
+            | "cert-manager-startupapicheck"
+            | "cert-manager-webhook"
+        ):
+            match args.image_name:
+                case "flannel-cni-plugin":
+                    num_dots = version.count(".")
+                    if num_dots == 2:
+                        tags_file_contents += (
+                            f"{args.branch} = ['v{version}-flannel1']\n"
+                        )
+                    elif num_dots == 3:
+                        flannel_version, flannel_release = version.rsplit(".", 1)
+                        tags_file_contents += f"{args.branch} = ['v{flannel_version}-flannel{flannel_release}']\n"
+                    else:
+                        raise RuntimeError(
+                            f"wrong version for package {args.package_name!r}, version {version!r}"
+                        )
+                case "etcd":
+                    tags_file_contents += f"{args.branch} = ['{version}-0']\n"
+                case "pause":
+                    tags_file_contents += f"{args.branch} = ['{version}']\n"
+                case _:
+                    tags_file_contents += f"{args.branch} = ['v{version}']\n"
+
+        case (
+            "kube-apiserver"
+            | "kube-controller-manager"
+            | "kube-scheduler"
+            | "kube-proxy"
+            | "coredns"
+        ):
+            match args.image_name:
+                case "coredns":
+                    regex_string = "coredns(.+)"
+                case (
+                    "kube-apiserver"
+                    | "kube-controller-manager"
+                    | "kube-scheduler"
+                    | "kube-proxy"
+                ):
+                    regex_string = "kubernetes(.+)"
+
+            version_match = re.search(regex_string, args.package_name)
+            if version_match is None:
+                raise RuntimeError(
+                    f"failed to retrieve version argument from package name: package {args.package_name!r}"
+                )
+
+            version_arg = version_match.group(1)
+
+            tags_file = "/tmp/k8s-tags.toml"
+            tags_file_contents = f"['{image}']\n"
+            tags_file_contents += f"{args.branch} = ['v{version}']\n"
+        case _:
+            raise RuntimeError(f"unknown image {args.image_name!r}")
+
+    Path(tags_file).write_text(tags_file_contents)
+
+    command = [
+        "./build.py",
+        f"--branch={args.branch}",
+        f"--registry={args.registry}",
+        f"--image={image}",
+        f"--tags={tags_file}",
+    ]
+
+    if tasks_file is not None:
+        command.append(f"--tasks={tasks_file}")
+
+    if version_arg is not None:
+        command.append(f"--package-version={version_arg}")
+
+    if args.prefix is not None:
+        command.append(f"--overwrite-organization={args.prefix}")
+
+    if args.latest:
+        command.append(f"--latest={args.branch}")
+
+    if not args.push:
+        command.append("--skip-stages=push")
+    elif args.skip_build:
+        command.append("--stages=push")
+
+    if args.dry_run:
+        command.append("--dry-run")
+
+    logger.debug("Running command: %s", command)
+    subprocess.run(command, check=True)
+
+
+if __name__ == "__main__":
+    main()

images-info.toml

@@ -1,65 +1,8 @@
 ["alt/buildpack-deps"]
 skip-branches = [ "p9" ]
 
-["alt/distroless-base"]
+["alt/openjdk21"]
-skip-branches = [ "p9" ]
+skip-arches = [ "386" ]
 
-["alt/distroless-builder"]
+["alt/ansible"]
-skip-branches = [ "p9" ]
+skip-branches = [ "c10f2", "c10f1", "p10" ]
-
-["alt/distroless-devel"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-gotop"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-static"]
-skip-branches = [ "p9" ]
-
-["alt/distroless-true"]
-skip-branches = [ "p9" ]
-
-["alt/gitea"]
-skip-branches = [ "p9" ]
-
-["alt/node"]
-skip-branches = [ "p9" ]
-
-["alt/unit"]
-skip-branches = [ "p9" ]
-
-["alt/prometheus"]
-skip-branches = [ "p9" ]
-
-["alt/registry"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-cainjector"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-controller"]
-skip-branches = [ "p9" ]
-
-["k8s/cert-manager-webhook"]
-skip-branches = [ "p9" ]
-
-["k8s/coredns"]
-skip-branches = [ "p9" ]
-
-["k8s/etcd"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-apiserver"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-controller-manager"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-proxy"]
-skip-branches = [ "p9" ]
-
-["k8s/kube-scheduler"]
-skip-branches = [ "p9" ]
-
-["k8s/pause"]
-skip-branches = [ "p9" ]

org/alt/ansible/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ organization }}/node:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="ansible"
+LABEL org.opencontainers.image.description="A radically simple IT automation system"
+LABEL org.opencontainers.image.source="http://www.ansible.com"
+LABEL org.opencontainers.image.licenses="GPL-3.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+        "ansible-vim",
+        "ansible-core",
+        "ansible-lint"
+) }}
+
+WORKDIR /etc/ansible/playbooks

org/alt/ansible/test

@@ -0,0 +1 @@
+ansible --version

org/alt/distroless-base/distroless.toml

@@ -4,8 +4,8 @@ builder-install-packages = [
     '{{if_branches(["p10"], "glibc-nss")}}',
     "glibc-timezones",
     "libselinux",
-    '{{if_branches(["p9", "p10"], "libssl1.1")}}',
+    '{{if_branches(["p10"], "libssl1.1")}}',
-    '{{if_branches(["sisyphus"], "libssl1.1")}}',
+    '{{if_branches(["p11"], "libssl3")}}',
     '{{if_branches(["sisyphus"], "libssl3")}}',
     "tzdata",
     "zlib",

org/alt/distroless-builder/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="distroless-builder"
-LABEL org.opencontainers.image.description="This images is using to build tarball for distroless images"
+LABEL org.opencontainers.image.description="This image is used to build tarballs for distroless images"
 LABEL org.opencontainers.image.licenses="GPLv2"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 

org/alt/distroless-builder/README.md

@@ -1,3 +1,3 @@
 ALT dockerfile for distroless-builder image.
 
-This images is using to build tarball for distroless images.
+This image is used to build tarballs for distroless images.

org/alt/golang/Dockerfile.template

@@ -0,0 +1,11 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="golang"
+LABEL org.opencontainers.image.description="The Golang environment for development"
+LABEL org.opencontainers.image.source="https://github.com/golang/go"
+LABEL org.opencontainers.image.licenses="BSD"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("golang") }}

org/alt/golang/test

@@ -0,0 +1 @@
+go version

org/alt/grafana/Dockerfile.template

@@ -0,0 +1,22 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="grafana"
+LABEL org.opencontainers.image.description="Metrics dashboard and graph editor"
+LABEL org.opencontainers.image.source="https://github.com/grafana/grafana"
+LABEL org.opencontainers.image.licenses="AGPL-3.0-only AND Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("grafana") }}
+
+USER grafana
+EXPOSE 3000
+VOLUME ["/var/lib/grafana"]
+
+ENV GF_PATHS_PROVISIONING=/etc/grafana/provisioning
+ENV GF_AUTH_ANONYMOUS_ENABLED=true
+ENV GF_AUTH_ANONYMOUS_ORG_ROLE=Admin
+
+ENTRYPOINT [ "/usr/bin/grafana" ]
+CMD [ "server", "--config=/etc/grafana/grafana.ini", "--homepath=/usr/share/grafana", "--packaging=docker", "-configOverrides='cfg:default.paths.provisioning=/etc/grafana/provisioning cfg:default.paths.data=/var/lib/grafana cfg:default.paths.logs=/var/log/grafana cfg:default.paths.plugins=/var/lib/grafana/plugins'" ]

org/alt/grafana/README.md

@@ -0,0 +1,6 @@
+# Prometheus image
+
+Command for run:
+```
+docker run -d --name="grafana" -p 3000:3000 -v grafana-data:/var/lib/grafana IMAGENAME
+```

org/alt/grafana/test

@@ -0,0 +1 @@
+grafana --version

org/alt/loki/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="loki"
+LABEL org.opencontainers.image.description="Like Prometheus, but for logs"
+LABEL org.opencontainers.image.source="https://github.com/grafana/loki"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("loki") }}
+
+USER _loki:_loki
+
+VOLUME ["/var/lib/loki", "/etc/loki/loki.yml"]
+EXPOSE 3100
+
+ENTRYPOINT ["/usr/bin/loki"]
+CMD ["-config.file=/etc/loki/loki.yaml"]

org/alt/loki/README.md

@@ -0,0 +1,6 @@
+# Prometheus image
+
+Command for run:
+```
+docker run -d --name="loki" -p 3100:3100 -v loki-data:/var/lib/loki -v loki-config:/etc/loki/loki.yaml IMAGENAME
+```

org/alt/loki/test

@@ -0,0 +1 @@
+loki -version -config.file=/etc/loki/loki.yaml

org/alt/openjdk21/Dockerfile.template

@@ -0,0 +1,14 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="openjdk21"
+LABEL org.opencontainers.image.description="OpenJDK 21 Runtime Environment"
+LABEL org.opencontainers.image.source="https://openjdk-sources.osci.io"
+LABEL org.opencontainers.image.licenses="Apache-1.1 and Apache-2.0 and BSD and BSD with advertising and GPL-2.0 and GPL-2.0 with exceptions and IJG and LGPL-2.0+ and MIT and MPL-2.0 and ALT-Public-Domain and W3C and Zlib and ISC and FTL and RSA-MD"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+    "java-21-openjdk",
+    "java-21-openjdk-devel"
+) }}

org/alt/openjdk21/test

@@ -0,0 +1 @@
+javac --version && java --version

org/alt/php/Dockerfile.template

@@ -0,0 +1,14 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="php"
+LABEL org.opencontainers.image.description="The PHP language environment for development"
+LABEL org.opencontainers.image.source="https://github.com/php/php-src"
+LABEL org.opencontainers.image.licenses="PHP-3.01"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+"php8.2",
+"php8.2-xdebug",
+) }}

org/alt/php/test

@@ -0,0 +1 @@
+php --version

org/alt/postgresql/Dockerfile.template

@@ -0,0 +1,20 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="postgresql16"
+LABEL org.opencontainers.image.description="PostgreSQL rograms and libraries"
+LABEL org.opencontainers.image.source="https://github.com/postgres/postgres"
+LABEL org.opencontainers.image.licenses="PostgreSQL"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+                                
+{{ install_packages("postgresql16","postgresql16-server") }}
+
+RUN usermod -a -G postgres postgres
+RUN chown -R postgres:postgres /var/lib/pgsql
+
+USER postgres
+WORKDIR /var/lib/pgsql
+EXPOSE 5432
+VOLUME [ "/var/lib/pgsql/data" ]
+

org/alt/postgresql/README.md

@@ -0,0 +1,16 @@
+dockerfiles-alt-postgresql
+==========================
+
+ALT dockerfile for postgresql.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <username>/postgresql .`
+
+And launch the rabbitmq-server container:
+`docker run -d -p 5432:5432 --name="postgresql" -v pgsql-data:/var/lib/pgsql/data IMAGENAME`
+
+First steps to start service and create db:
+`/usr/bin/initdb /var/lib/pgsql/data`
+`/usr/bin/pg_ctl -D /var/lib/pgsql/data -l logfile start`
+`/usr/bin/createdb mydb`
+`psql mydb`

org/alt/postgresql/test

@@ -0,0 +1 @@
+pg_ctl --version

org/alt/prometheus-alertmanager/Dockerfile.template

@@ -0,0 +1,20 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="alertmanager"
+LABEL org.opencontainers.image.description="The Alertmanager handles alerts sent by client applications"
+LABEL org.opencontainers.image.source="https://github.com/prometheus/alertmanager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("prometheus-alertmanager") }}
+
+WORKDIR /var/lib/prometheus/alertmanager
+RUN useradd -r -u 10001 alertmanager
+RUN usermod -a -G prometheus alertmanager
+USER alertmanager
+EXPOSE     9093
+VOLUME     [ "/var/lib/prometheus/alertmanager" ]
+ENTRYPOINT [ "/usr/bin/prometheus/alertmanager" ]
+CMD [ "--config.file=/etc/prometheus/alertmanager.yml" ]

org/alt/prometheus-alertmanager/README.md

@@ -0,0 +1,11 @@
+# Prometheus alertmanager image
+
+Command for run:
+```
+docker run -d --name="alertmanager" -p 9093:9093 -v promdata-am:/var/lib/prometheus/alertmanager IMAGENAME
+```
+
+*If you want to be able to view services on localhost, instead of -p, specify the flag:
+```
+--network="host"
+```

org/alt/prometheus-alertmanager/test

@@ -0,0 +1 @@
+alertmanager --version

org/alt/prometheus-node_exporter/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="prometheus-node_exporter"
+LABEL org.opencontainers.image.description="Prometheus exporter for hardware and OS metrics exposed by *NIX kernels"
+LABEL org.opencontainers.image.source="https://github.com/prometheus/node_exporter"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("prometheus-node_exporter") }}
+
+WORKDIR /var/lib/prometheus/node-exporter
+RUN useradd -r -u 10001 node_exporter
+RUN usermod -a -G prometheus node_exporter
+USER node_exporter
+EXPOSE 9100
+VOLUME [ "/var/lib/prometheus/node-exporter" ]
+ENTRYPOINT [ "/usr/bin/prometheus-node_exporter" ]

org/alt/prometheus-node_exporter/README.md

@@ -0,0 +1,11 @@
+# Prometheus node_exporter image
+
+Command for run:
+```
+docker run -d --name="prometheus-node_exporter" -p 9100:9100 -v promdata-ne:/var/lib/prometheus/node-exporter IMAGENAME
+```
+
+*If you want to be able to view services on localhost, instead of -p, specify the flag:
+```
+--network="host"
+```

org/alt/prometheus-node_exporter/test

@@ -0,0 +1 @@
+node_exporter --version

org/alt/prometheus/Dockerfile.template

@@ -14,4 +14,5 @@ WORKDIR /var/lib/prometheus
 USER prometheus
 EXPOSE     9090
 VOLUME     [ "/var/lib/prometheus" ]
-ENTRYPOINT [ "/usr/bin/prometheus", "--config.file=/etc/prometheus/prometheus.yml"]
+ENTRYPOINT [ "/usr/bin/prometheus" ]
+CMD [ "--config.file=/etc/prometheus/prometheus.yml" ]

org/alt/python2/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="python"
+LABEL org.opencontainers.image.description="Python 2 and tools needed for development"
+LABEL org.opencontainers.image.source="https://www.python.org/downloads/source"
+LABEL org.opencontainers.image.licenses="Python-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages(
+    "python-module-setuptools", 
+    "python-dev", 
+    "gcc",
+) }}
+
+CMD ["python2"] 

org/alt/python2/README.md

@@ -0,0 +1,13 @@
+dockerfiles-alt-python
+=======================
+
+ALT dockerfile for python.
+
+Image contains python(2) and tools to get upstream python modules. Main purpose
+of the image is to run python apps using upstream modules.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <image_name> .`
+
+And launch the python container:
+`docker run -it <image_name>`

org/alt/python2/test

@@ -0,0 +1 @@
+python2 --version

org/alt/rabbitmq/Dockerfile.template

@@ -0,0 +1,19 @@
+FROM {{ registry }}{{ organization }}/base:{{ branch }}
+
+MAINTAINER alt-cloud
+ 
+LABEL org.opencontainers.image.title="rabbitmq"
+LABEL org.opencontainers.image.description="The RabbitMQ server"
+LABEL org.opencontainers.image.source="https://github.com/rabbitmq/rabbitmq-server"
+LABEL org.opencontainers.image.licenses="MPL-1.1"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+                                
+{{ install_packages("rabbitmq-server") }}
+
+USER rabbitmq
+WORKDIR /var/lib/rabbitmq
+EXPOSE 5672 25672
+VOLUME [ "/var/lib/rabbitmq", "/etc/rabbitmq" ]
+
+ENTRYPOINT [ "/usr/sbin/rabbitmq-server" ]
+CMD ["start", "rabbitmq"]

org/alt/rabbitmq/README.md

@@ -0,0 +1,18 @@
+dockerfiles-alt-rabbitmq
+========================
+
+ALT dockerfile for rabbitmq.
+
+Copy Dockerfile somewhere and build the image:
+`$ docker build --rm -t <username>/rabbitmq .`
+
+And launch the rabbitmq-server container:
+`docker run -d -p 5672:5672 --name="rabbitmq" -v rabbit-data:/var/lib/rabbitmq -v rabbit-conf:/etc/rabbitmq IMAGENAME`
+
+With mounting /etc/rabbitmq/rabbitmq-env.conf could be change settings of rabbitmq-server.
+
+It could be test via:
+`curl localhost:5672`
+
+For starting app:
+`rabbitmqctl start_app`

org/alt/rabbitmq/test

@@ -0,0 +1 @@
+rabbitmqctl version

org/alt/systemd/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ organization }}/base:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="systemd"
-LABEL org.opencontainers.image.description="Systemd System V init tools"
+LABEL org.opencontainers.image.description="System and Session Manager"
 LABEL org.opencontainers.image.source="https://github.com/systemd/systemd"
 LABEL org.opencontainers.image.licenses="LGPLv2.1+"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/alt/trivy/Dockerfile.template

@@ -0,0 +1,13 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="trivy"
+LABEL org.opencontainers.image.description="A Fast Vulnerability Scanner for Containers"
+LABEL org.opencontainers.image.source="https://aquasecurity.github.io/trivy"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("trivy") }}
+
+ENTRYPOINT [ "trivy" ]

org/alt/trivy/README.md

@@ -0,0 +1,10 @@
+dockerfiles-alt-trivy
+=====================
+
+ALT dockerfile for trivy.
+
+Copy dockerfile somewhere and built the image:
+`$ docker build --rm -t <username>/trivy .`
+
+And launch the trivy container
+`$ docker run -it <username>/trivy`

org/alt/trivy/test

@@ -0,0 +1 @@
+trivy --version

org/k8s/cert-manager-acmesolver/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="cert-manager-acmesolver"
+LABEL org.opencontainers.image.description="HTTP server used to solve ACME challenges."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("cert-manager") }}
+
+RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
+
+USER 1000
+
+ENTRYPOINT ["/usr/bin/acmesolver"]

org/k8s/cert-manager-acmesolver/test

@@ -0,0 +1 @@
+acmesolver --help

org/k8s/cert-manager-cainjector/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-cainjector"
-LABEL org.opencontainers.image.description="Cainjector component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="cert-manager CA injector is a Kubernetes addon to automate the injection of CA data into webhooks and APIServices from cert-manager certificates."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-controller/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-controller"
-LABEL org.opencontainers.image.description="Controller component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="Automatically provision and manage TLS certificates in Kubernetes."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/cert-manager-startupapicheck/Dockerfile.template

@@ -0,0 +1,17 @@
+FROM {{ registry }}{{ alt_image }}:{{ branch }}
+
+MAINTAINER alt-cloud
+
+LABEL org.opencontainers.image.title="cert-manager-startupapicheck"
+LABEL org.opencontainers.image.description="Check that cert-manager started successfully."
+LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
+LABEL org.opencontainers.image.licenses="Apache-2.0"
+LABEL org.opencontainers.image.vendor="ALT Linux Team"
+
+{{ install_packages("cert-manager") }}
+
+RUN groupadd -r -g 1000 cert-manger && useradd --no-log-init -r -u 1000 -g cert-manger cert-manger
+
+USER 1000
+
+ENTRYPOINT ["/usr/bin/startupapicheck"]

org/k8s/cert-manager-startupapicheck/test

@@ -0,0 +1 @@
+startupapicheck --help

org/k8s/cert-manager-webhook/Dockerfile.template

@@ -3,7 +3,7 @@ FROM {{ registry }}{{ alt_image }}:{{ branch }}
 MAINTAINER alt-cloud
 
 LABEL org.opencontainers.image.title="cert-manager-webhook"
-LABEL org.opencontainers.image.description="Webhook component for automatic provisioning and managing TLS certificates in Kubernetes"
+LABEL org.opencontainers.image.description="The webhook component provides API validation, mutation and conversion functionality for cert-manager."
 LABEL org.opencontainers.image.source="https://github.com/cert-manager/cert-manager"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"

org/k8s/coredns/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/coredns/coredns"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("coredns") }}
+ARG PKG_VERSION
+
+{{ install_packages("coredns${PKG_VERSION}") }}
 
 ENTRYPOINT ["/usr/bin/coredns"]

org/k8s/kube-apiserver/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-apiserver"]

org/k8s/kube-controller-manager/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-controller-manager"]

org/k8s/kube-proxy/Dockerfile.template

@@ -8,7 +8,9 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-node") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-node") }}
 
 RUN ln -s /usr/bin/kube-proxy /usr/local/bin/kube-proxy
 

org/k8s/kube-scheduler/Dockerfile.template

@@ -8,6 +8,8 @@ LABEL org.opencontainers.image.source="https://github.com/kubernetes/kubernetes"
 LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
-{{ install_packages("kubernetes-master") }}
+ARG PKG_VERSION
+
+{{ install_packages("kubernetes${PKG_VERSION}-master") }}
 
 ENTRYPOINT ["/usr/bin/kube-scheduler"]

org/k8s/trivy-node-collector/Dockerfile.template

@@ -9,7 +9,8 @@ LABEL org.opencontainers.image.licenses="Apache-2.0"
 LABEL org.opencontainers.image.vendor="ALT Linux Team"
 
 {{ install_packages(
-    "k8s-trivy-node-collector"
+    "k8s-trivy-node-collector",
+    "procps"
 ) }}
 
 RUN ln -s /usr/bin/k8s-trivy-node-collector /usr/bin/node-collector

tags.toml

@@ -38,26 +38,36 @@ c10f2 = [ "3.5.9-0" ]
 p10 = [ "v1.10.1" ]
 sisyphus = [ "v1.10.1" ]
 c10f1 = [ "v1.9.3" ]
-c10f2 = [ "v1.9.3" ] 
+c10f2 = [ "v1.9.3" ]
 
 ["k8s/cert-manager-cainjector"]
-p10 = [ "v1.9.1" ]
+p10 = [ "v1.14.5" ]
-sisyphus = [ "v1.11.0" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
 ["k8s/cert-manager-controller"]
-p10 = [ "v1.9.1" ]
+p10 = [ "v1.14.5" ]
-sisyphus = [ "v1.11.0" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
 ["k8s/cert-manager-webhook"]
-p10 = [ "v1.9.1" ]
+p10 = [ "v1.14.5" ]
-sisyphus = [ "v1.11.0" ]
+sisyphus = [ "v1.14.5" ]
 c10f1 = [ "v1.9.1" ]
 c10f2 = [ "v1.9.1" ]
 
+["k8s/cert-manager-acmesolver"]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
+c10f1 = [ "v1.9.1" ]
+c10f2 = [ "v1.9.1" ]
+
+["k8s/cert-manager-startupapicheck"]
+p10 = [ "v1.14.5" ]
+sisyphus = [ "v1.14.5" ]
+
 ["k8s/flannel"]
 p10 = [ "v0.21.4" ]
 sisyphus = [ "v0.24.2" ]
@@ -66,12 +76,13 @@ c10f2 = [ "v0.21.4" ]
 
 ["k8s/flannel-cni-plugin"]
 p10 = [ "v1.1.2" ]
-sisyphus = [ "v1.2.0" ]
+sisyphus = [ "v1.5.1-flannel1" ]
 c10f1 = [ "v1.1.2" ]
 c10f2 = [ "v1.1.2" ]
 
 ["k8s/trivy-node-collector"]
 p10 = [ "0.0.9" ]
-sisyphus = [ "0.0.9" ]
+p11 = [ "0.3.1" ]
+sisyphus = [ "0.3.1" ]
 c10f1 = [ "0.0.9" ]
-c10f2 = [ "0.0.9" ]
+c10f2 = [ "0.3.1" ]