automated commit

Signed-off-by: Public copy <41898282+github-actions[bot]@users.noreply.github.com>

images/hugo/config/main.tf

@@ -1,7 +1,3 @@
-locals {
-  baseline_packages = ["hugo"]
-}
-
 module "accts" {
   source = "../../../tflib/accts"
 }
@@ -22,7 +18,7 @@ output "config" {
     "contents" : {
       // TODO: remove the need for using hardcoded local.baseline_packages by plumbing
       // these packages through var.extra_packages in all callers of this config module
-      "packages" : distinct(concat(local.baseline_packages, var.extra_packages))
+      "packages" : var.extra_packages,
     },
     "entrypoint" : {
       "command" : "/usr/bin/hugo"

images/hugo/tests/main.tf

@@ -1,19 +1,88 @@
 terraform {
   required_providers {
-    oci = { source = "chainguard-dev/oci" }
+    oci       = { source = "chainguard-dev/oci" }
+    imagetest = { source = "chainguard-dev/imagetest" }
   }
 }
 
 variable "digest" {
   description = "The image digest to run tests over."
 }
 
-data "oci_exec_test" "version" {
-  digest = var.digest
-  script = "docker run --rm $IMAGE_NAME version"
+locals { parsed = provider::oci::parse(var.digest) }
+
+data "imagetest_inventory" "this" {}
+
+resource "random_pet" "suffix" {}
+
+resource "imagetest_harness_docker" "this" {
+  name      = "hugo"
+  inventory = data.imagetest_inventory.this
+
+  mounts = [
+    {
+      source      = path.module
+      destination = "/tests"
+    }
+  ]
 }
 
-data "oci_exec_test" "quickstart" {
-  digest = var.digest
-  script = "${path.module}/02-quickstart.sh"
-}
+resource "imagetest_feature" "basic" {
+  name    = "basic test"
+  harness = imagetest_harness_docker.this
+
+  steps = [
+    {
+      name = "Test making a new site"
+      cmd  = <<EOT
+        set -o errexit -o nounset -o errtrace -o pipefail -x
+
+        cleanup() {
+          docker logs ${random_pet.suffix.id}
+          docker rm -f ${random_pet.suffix.id}
+          docker network rm ${random_pet.suffix.id}
+          docker volume rm ${random_pet.suffix.id}
+        }
+
+        trap cleanup EXIT
+
+        # This test is designed to emulate the Hugo Quickstart application
+        # which is outlined here:
+        # https://gohugo.io/getting-started/quick-start/#commands
+
+        docker volume create ${random_pet.suffix.id}
+
+        docker network create ${random_pet.suffix.id}
+
+        docker run --rm -v "${random_pet.suffix.id}:/hugo" --user root \
+                cgr.dev/chainguard/busybox:latest-glibc /bin/sh -c "chown -R 65532:65532 /hugo"
+
+        # Use the hugo application to bootstrap a directory structure for us.
+        docker run --rm -v "${random_pet.suffix.id}:/hugo/quickstart" "${var.digest}" new site quickstart
+
+        # Link in the "ananke" theme (per the quickstart)
+        # We do this via containers because volume permissions are a nightmare.
+        docker run --rm -v "${random_pet.suffix.id}:/hugo/quickstart" --workdir=/hugo/quickstart \
+              cgr.dev/chainguard/git:latest-glibc init
+
+        docker run --rm -v "${random_pet.suffix.id}:/hugo/quickstart" --workdir=/hugo/quickstart \
+              cgr.dev/chainguard/git:latest-glibc-dev submodule add https://github.com/theNewDynamic/gohugo-theme-ananke "themes/ananke"
+
+        docker run --rm -v "${random_pet.suffix.id}:/hugo/quickstart" --workdir=/hugo/quickstart \
+              cgr.dev/chainguard/busybox:latest-glibc /bin/sh -c "echo \"theme = 'ananke'\" >> config.toml"
+
+        # Start the container with a name, and detach so we can then poke at it.
+        docker run --name "${random_pet.suffix.id}" --network ${random_pet.suffix.id} --detach -v "${random_pet.suffix.id}:/hugo/quickstart" \
+          --workdir /hugo/quickstart \
+          "${var.digest}" \
+          server --bind 0.0.0.0 --port 8080
+
+        # Give it a moment to start up.
+        sleep 5
+
+        # Check that it's up!
+        docker run --rm --network ${random_pet.suffix.id} cgr.dev/chainguard/curl -v http://${random_pet.suffix.id}:8080
+        EOT
+    }
+  ]
+}

images/kafka/README.md

@@ -15,7 +15,7 @@
 <!--overview:start-->
 # Chainguard Image for kafka
 
-Minimal image with Kafka.
+Minimal image for Apache Kafka, a distributed event streaming platform.
 
 Chainguard Images are regularly-updated, minimal container images with low-to-zero CVEs.
 <!--overview:end-->
@@ -32,50 +32,43 @@ Be sure to replace the `ORGANIZATION` placeholder with the name used for your or
 <!--getting:end-->
 
 <!--body:start-->
-## Using KAFKA
+## Compatibility Notes
 
-Chainguard Kafka images include the `kafka-server-*` scripts which can be used to start up or configure Kafka or it's dependencies.
-The full list of scripts is available here:
+The Chainguard Kafka image is meant to serve as a drop-in replacement for the [Bitnami Kafka image](https://hub.docker.com/r/bitnami/kafka) and the [`cp-kafka` image from Confluent](https://hub.docker.com/r/confluentinc/cp-kafka/). Like most other Chainguard Images, the Kafka image has few-to-zero CVEs and does not run as the root user.
+
+## Getting Started
+
+Chainguard Kafka images include the server scripts which can be used to start up or configure Kafka or its dependencies. You can find the full list of available scripts in the container's `/usr/lib/kafka/bin/` directory:
 
 ```shell
-% docker run -it --entrypoint=sh cgr.dev/chainguard/kafka
+% docker run -it --entrypoint=sh cgr.dev/ORGANIZATION/kafka
 / #
 / # ls /usr/lib/kafka/bin/
-connect-distributed.sh              kafka-console-producer.sh           kafka-leader-election.sh            kafka-run-class.sh                  kafka-verifiable-producer.sh
-connect-mirror-maker.sh             kafka-consumer-groups.sh            kafka-log-dirs.sh                   kafka-server-start.sh               trogdor.sh
-connect-standalone.sh               kafka-consumer-perf-test.sh         kafka-metadata-quorum.sh            kafka-server-stop.sh                windows
-kafka-acls.sh                       kafka-delegation-tokens.sh          kafka-metadata-shell.sh             kafka-storage.sh                    zookeeper-security-migration.sh
-kafka-broker-api-versions.sh        kafka-delete-records.sh             kafka-mirror-maker.sh               kafka-streams-application-reset.sh  zookeeper-server-start.sh
-kafka-cluster.sh                    kafka-dump-log.sh                   kafka-producer-perf-test.sh         kafka-topics.sh                     zookeeper-server-stop.sh
-kafka-configs.sh                    kafka-features.sh                   kafka-reassign-partitions.sh        kafka-transactions.sh               zookeeper-shell.sh
-kafka-console-consumer.sh           kafka-get-offsets.sh                kafka-replica-verification.sh       kafka-verifiable-consumer.sh
+connect-distributed.sh          	kafka-console-consumer.sh       	kafka-get-offsets.sh            	kafka-replica-verification.sh   	kafka-verifiable-producer.sh
+connect-mirror-maker.sh         	kafka-console-producer.sh       	kafka-jmx.sh                    	kafka-run-class.sh              	trogdor.sh
+connect-plugin-path.sh          	kafka-consumer-groups.sh        	kafka-leader-election.sh        	kafka-server-start.sh           	windows
+connect-standalone.sh           	kafka-consumer-perf-test.sh     	kafka-log-dirs.sh               	kafka-server-stop.sh            	zookeeper-security-migration.sh
+kafka-acls.sh                   	kafka-delegation-tokens.sh      	kafka-metadata-quorum.sh        	kafka-storage.sh                	zookeeper-server-start.sh
+kafka-broker-api-versions.sh    	kafka-delete-records.sh         	kafka-metadata-shell.sh         	kafka-streams-application-reset.sh  zookeeper-server-stop.sh
+kafka-client-metrics.sh         	kafka-dump-log.sh               	kafka-mirror-maker.sh           	kafka-topics.sh                 	zookeeper-shell.sh
+kafka-cluster.sh                	kafka-e2e-latency.sh            	kafka-producer-perf-test.sh     	kafka-transactions.sh
+kafka-configs.sh                	kafka-features.sh               	kafka-reassign-partitions.sh    	kafka-verifiable-consumer.sh
 ```
 
-The default entrypoint is set to run the `kafka-server-start.sh` script with a sample configuration at `/usr/lib/kafka/config/server.properties`.
-This can be overridden with the cmd of the container.
+Chainguard uses the following Helm values to test the Kafka image:
 
-**NOTE**: You will need to separately configure a Zookeeper instance to start and run Kafka.
-You can use the Chainguard Image for Zookeeper, or another Zookeeper service.
+* `fsGroup`: part of a `podSecurityContext` object, the `fsGroup` field specifies the group ID under which all processes of the pod are part of.
+* `runAsUser`: part of a `containerSecurityContext` object, this value specifies the user ID under which all processes in the container run under.
+* `mountPath`: part of a `logPersistence` object, this defines the location where a log volume will be mounted.
 
-Here's a non-production-grade quickstart to try it out locally in a single container:
+### Logs
+
+You can retrieve the logs for the Kafka container with the `docker logs` command. The following example assumes that you're running a Kafka container named `kafka-container`:
 
 ```shell
-$ /usr/lib/kafka/bin/zookeeper-server-start.sh /usr/lib/kafka/config/zookeeper.properties &
-
-$ /usr/lib/kafka/bin/kafka-server-start.sh /usr/lib/kafka/config/server.properties
-[2023-03-18 00:10:17,335] INFO Registered kafka:type=kafka.Log4jController MBean (kafka.utils.Log4jControllerRegistration$)
-[2023-03-18 00:10:17,475] INFO Setting -D jdk.tls.rejectClientInitiatedRenegotiation=true to disable client-initiated TLS renegotiation (org.apache.zookeeper.common.X509Util)
-[2023-03-18 00:10:17,525] INFO Registered signal handlers for TERM, INT, HUP (org.apache.kafka.common.utils.LoggingSignalHandler)
-[2023-03-18 00:10:17,526] INFO starting (kafka.server.KafkaServer)
-[2023-03-18 00:10:17,526] INFO Connecting to zookeeper on localhost:2181 (kafka.server.KafkaServer)
-[2023-03-18 00:10:17,534] INFO [ZooKeeperClient Kafka server] Initializing a new session to localhost:2181. (kafka.zookeeper.ZooKeeperClient)
-[2023-03-18 00:10:17,536] INFO Client environment:zookeeper.version=3.6.3--6401e4ad2087061bc6b9f80dec2d69f2e3c8660a, built on 04/08/2021 16:35 GMT (org.apache.zookeeper.ZooKeeper)
-[2023-03-18 00:10:17,536] INFO Client environment:host.name=3848d9fbe7d6 (org.apache.zookeeper.ZooKeeper)
-[2023-03-18 00:10:17,536] INFO Client environment:java.version=11.0.18-internal (org.apache.zookeeper.ZooKeeper)
-[2023-03-18 00:10:17,536] INFO Client environment:java.vendor=wolfi (org.apache.zookeeper.ZooKeeper)
-[2023-03-18 00:10:17,536] INFO Client environment:java.home=/usr/lib/jvm/openjdk-jre (org.apache.zookeeper.ZooKeeper)
-...
+docker logs kafka-container
 ```
+
 <!--body:end-->
 
 ## Contact Support

images/kafka/metadata.yaml

@@ -3,13 +3,14 @@ image: cgr.dev/chainguard/kafka
 logo: https://storage.googleapis.com/chainguard-academy/logos/kafka.svg
 endoflife: ""
 console_summary: ""
-short_description: Minimal image with Kafka.
+short_description: Minimal image for Apache Kafka, a distributed event streaming platform.
 compatibility_notes: ""
 readme_file: README.md
 upstream_url: https://kafka.apache.org/
 keywords:
   - ai
   - application
+tier: APPLICATION
 aliases:
   - bitnami/kafka:latest
   - confluentinc/cp-kafka:latest

images/kubeflow-pipelines-visualization-server/metadata.yaml

@@ -8,3 +8,5 @@ compatibility_notes: ""
 readme_file: README.md
 upstream_url: https://github.com/kubeflow/pipelines/tree/master/backend/src/apiserver/visualization
 keywords: []
+aliases:
+  - gcr.io/ml-pipeline/visualization-server:latest

images/node/README.md

@@ -250,7 +250,7 @@ ENV NODE_ENV=production
 
 WORKDIR /app
 
-COPY --chown=node:node ["package.json", "package-lock.json", "server.js", "./"]
+COPY --chown=node:node ["package.json", "server.js", "./"]
 
 RUN npm install --omit-dev
 
@@ -267,7 +267,7 @@ docker build . -t node-express
 Finally, run the server container:
 
 ```sh
- docker run --rm -p 6069:6069 express
+ docker run --rm -p 6069:6069 node-express
 ```
 
 You should see the following message: