Merge branch 'main' of https://github.com/chainguard-images/images in…

…to fix-spire-tests

.github/workflows/presubmit-build.yaml

@@ -124,7 +124,7 @@ jobs:
         terraform_version: '1.5.7'
         terraform_wrapper: false
     # Make cosign/crane CLI available to the tests
-    - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
+    - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
     - uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3
 
     - uses: chainguard-dev/actions/setup-k3d@538d1927b846546b620784754c33e2a1db86e217 # main

.github/workflows/release.yaml

@@ -110,7 +110,7 @@ jobs:
           k3s-image: cgr.dev/chainguard/k3s:latest@sha256:2cce22ae3d776f2b924de7735bb10647320b1563dbca4ab1082a1eedae3b81c5
 
       # Make cosign/crane CLI available to the tests
-      - uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
+      - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
       - uses: imjasonh/setup-crane@00c9e93efa4e1138c9a7a5c594acd6c75a2fbf0c # v0.3
 
       - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2

images/envoy-ratelimit/tests/main.tf

@@ -11,16 +11,45 @@ variable "digest" {
 
 data "oci_string" "ref" { input = var.digest }
 
-# TODO: Convert this to imagetest_harness_container when ready
-data "oci_exec_test" "runs" {
-  digest = var.digest
-  script = "${path.module}/runs.sh"
+data "imagetest_inventory" "this" {}
+
+resource "imagetest_harness_docker" "this" {
+  name      = "envoy-ratelimit-container"
+  inventory = data.imagetest_inventory.this
+
+  mounts = [
+    {
+      source      = path.module
+      destination = "/tests"
+    }
+  ]
+
+  envs = {
+    IMAGE_NAME : var.digest
+  }
 }
 
-data "imagetest_inventory" "this" {}
+resource "imagetest_feature" "container_runs" {
+  name        = "container runs"
+  description = "verifies that the envoy-ratelimit container runs"
+  harness     = imagetest_harness_docker.this
+
+  steps = [
+    {
+      name = "Run test"
+      cmd  = <<EOT
+docker run --rm $IMAGE_NAME 2>&1 | grep "creating redis connection error"
+EOT
+    }
+  ]
+
+  labels = {
+    type = "container"
+  }
+}
 
 resource "imagetest_harness_k3s" "this" {
-  name      = "envoy-ratelimit"
+  name      = "envoy-ratelimit-k3s"
   inventory = data.imagetest_inventory.this
 
   sandbox = {

images/jre/tests/main.tf

@@ -1,6 +1,7 @@
 terraform {
   required_providers {
-    oci = { source = "chainguard-dev/oci" }
+    oci       = { source = "chainguard-dev/oci" }
+    imagetest = { source = "chainguard-dev/imagetest" }
   }
 }
 
@@ -25,24 +26,76 @@ variable "sdk-image" {
   default     = "cgr.dev/chainguard/jdk"
 }
 
-data "oci_exec_test" "version" {
-  digest = var.digest
-  script = "docker run --rm --entrypoint /usr/bin/java $IMAGE_NAME -version"
+data "imagetest_inventory" "this" {}
+
+resource "imagetest_container_volume" "volume" {
+  name      = "scratch-volume"
+  inventory = data.imagetest_inventory.this
 }
 
-data "oci_exec_test" "hello-world" {
-  digest = var.digest
-  script = "${path.module}/02-hello-world.sh"
-  env {
-    name  = "SDK_IMAGE"
-    value = var.sdk-image
-  }
-  env {
-    name  = "JAVA_SOURCE_VERSION"
-    value = var.java-source-version
-  }
-  env {
-    name  = "JAVA_TARGET_VERSION"
-    value = var.java-target-version
+resource "imagetest_harness_docker" "this" {
+  name      = "jre"
+  inventory = data.imagetest_inventory.this
+
+  volumes = [
+    {
+      source      = imagetest_container_volume.volume
+      destination = "/data"
+    }
+  ]
+
+  mounts = [
+    {
+      source      = path.module
+      destination = "/tests"
+    }
+  ]
+
+  envs = {
+    "SDK_IMAGE" : var.sdk-image
+    "IMAGE_NAME" : var.digest
+    "JAVA_SOURCE_VERSION" : var.java-source-version
+    "JAVA_TARGET_VERSION" : var.java-target-version
+    "VOLUME_NAME" : imagetest_container_volume.volume.id
   }
 }
+
+resource "imagetest_feature" "basic" {
+  name    = "basic test"
+  harness = imagetest_harness_docker.this
+
+  steps = [
+    {
+      name = "Version check"
+      cmd  = <<EOT
+docker run --rm --entrypoint /usr/bin/java $IMAGE_NAME -version
+EOT
+    },
+    {
+      name = "Prepare permissions and copy files"
+      cmd  = <<EOT
+chmod 777 /data
+cp -r /tests/* /data
+ls -al /data
+EOT
+    },
+    {
+      name = "Run tests"
+      cmd  = <<EOT
+# Compile the .java file into a .class file
+docker run --rm \
+  -v $VOLUME_NAME:/data \
+  --workdir /data \
+  --entrypoint /usr/bin/javac "$SDK_IMAGE" \
+  -source $JAVA_SOURCE_VERSION -target $JAVA_TARGET_VERSION \
+  HelloWorld.java
+
+# Now we have the .class file, run it to test our JRE.
+docker run --rm \
+  -v $VOLUME_NAME:/data \
+  --workdir /data \
+  --entrypoint /usr/bin/java "$IMAGE_NAME" HelloWorld
+EOT
+    }
+  ]
+}

images/pytorch-cuda12/README.md

@@ -30,13 +30,13 @@ docker pull cgr.dev/chainguard/pytorch-cuda12:latest
 
 ## Running pytorch-cuda12
 
-Pytorch has some pre-requisites which need to be configured in the environment
+PyTorch has some prerequisites which need to be configured in the environment
 prior to running with GPUs. For examples, please refer to [TESTING.md](https://github.com/chainguard-images/images/blob/main/images/pytorch-cuda12/TESTING.md).
 
 Additionally, please refer to the [upstream documentation](https://github.com/pytorch/pytorch)
-for more information on coniguring and using Pytorch.
+for more information on configuring and using PyTorch.
 
-Assuming the environment pre-requisite have been met, below demonstrates how
+Assuming the environment prerequisites have been met, below demonstrates how
 to launch the container:
 
 ```bash
@@ -46,7 +46,7 @@ docker run --rm -i -t \
     cgr.dev/chainguard/pytorch:latest
 ```
 
-If your environment has access to GPUs, you may provide access pytorch access to it by running 
+If your environment has access to GPUs, you may provide PyTorch access to it by running 
 ```bash
 docker run --rm -it --gpus all cgr.dev/chainguard/pytorch-cuda12:latest
 bash-5.2$ python
@@ -56,7 +56,7 @@ Type "help", "copyright", "credits" or "license" for more information.
 >>> print(torch.cuda.is_available())
 True
 ```
-As a quick intro, we will use pytorch to create a very simple deep learning model with two linear layers and an activation function. We’ll create an instance of it and ask it to report on its parameters. The script can be found in ```model_builder.py``` in this directory.
+As a quick intro, we will use PyTorch to create a very simple deep learning model with two linear layers and an activation function. We’ll create an instance of it and ask it to report on its parameters. The script can be found in ```model_builder.py``` in this directory.
 
 To run this script, 
 ```bash
@@ -67,7 +67,7 @@ A quickstart tutorial as outlined [here](https://pytorch.org/tutorials/beginner/
 
 ### Using Helm charts
 
-As a place to get started, you may also use this Helm chart to get pytorch running
+As a place to get started, you may also use this Helm chart to get PyTorch running
 ```bash
   helm install pytorch \
   --namespace pytorch-space --create-namespace  \

images/tesseract/README.md

@@ -0,0 +1,40 @@
+<!--monopod:start-->
+# tesseract
+| | |
+| - | - |
+| **OCI Reference** | `cgr.dev/chainguard/tesseract` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/tesseract/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->
+
+<!--overview:start-->
+Minimal image that contains tesseract
+<!--overview:end-->
+
+<!--getting:start-->
+## Download this Image
+The image is available on `cgr.dev`:
+
+```
+docker pull cgr.dev/chainguard/tesseract:latest
+```
+<!--getting:end-->
+
+<!--body:start-->
+# Usage
+
+tessaract sample Example: OCR a eurotext.png file to .txt
+
+```
+docker run --rm \
+    -v "${PWD}":/work \
+    -w /work \
+    cgr.dev/chainguard/tesseract:latest
+    eurotext.png -
+```
+<!--body:end-->

images/tesseract/config/main.tf

@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    apko = { source = "chainguard-dev/apko" }
+  }
+}
+
+variable "extra_packages" {
+  description = "The additional packages to install"
+  # Install tesseract itself, orientation & size & english datasets
+  default = ["tesseract", "tesseract-osd", "tesseract-eng"]
+}
+
+data "apko_config" "this" {
+  config_contents = file("${path.module}/template.apko.yaml")
+  extra_packages  = var.extra_packages
+}
+
+output "config" {
+  value = jsonencode(data.apko_config.this.config)
+}

images/tesseract/config/template.apko.yaml

@@ -0,0 +1,14 @@
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+entrypoint:
+  command: /usr/bin/tesseract
+
+cmd: --help

images/tesseract/main.tf

@@ -0,0 +1,38 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+  }
+}
+
+variable "target_repository" {
+  description = "The docker repo into which the image and attestations should be published."
+}
+
+module "latest-config" { source = "./config" }
+
+module "latest" {
+  source = "../../tflib/publisher"
+
+  name = basename(path.module)
+
+  target_repository = var.target_repository
+  config            = module.latest-config.config
+  build-dev         = true
+}
+
+module "test-latest" {
+  source = "./tests"
+  digest = module.latest.image_ref
+}
+
+resource "oci_tag" "latest" {
+  depends_on = [module.test-latest]
+  digest_ref = module.latest.image_ref
+  tag        = "latest"
+}
+
+resource "oci_tag" "latest-dev" {
+  depends_on = [module.test-latest]
+  digest_ref = module.latest.dev_ref
+  tag        = "latest-dev"
+}