3. APKO & Melange Example - SMART2016/containerization GitHub Wiki
curl -Lo melange.tar.gz https://github.com/chainguard-dev/melange/releases/latest/download/melange-linux-amd64.tar.gz
tar -xvf melange.tar.gz
sudo mv melange /usr/local/bin/curl -Lo apko.tar.gz https://github.com/chainguard-dev/apko/releases/latest/download/apko-linux-amd64.tar.gz
tar -xvf apko.tar.gz
sudo mv apko /usr/local/bin/Verify installations:
melange --version
apko --versionLet's create a minimal Go app.
mkdir go-hello && cd go-hello
cat <<EOF > main.go
package main
import "fmt"
func main() {
fmt.Println("Hello, World!")
}
EOFMelange is used to build the Go application and package it.
Create melange.yaml:
package:
name: hello-go
version: 1.0.0
epoch: 0
description: "A simple hello world app in Go"
copyright:
- paths: ["."]
license: "MIT"
pipeline:
- uses: fetch
with:
uri: "."
- uses: go/build
with:
package: "main.go"
output: "hello-go"
- uses: strip
environment:
contents:
packages:
- goRun the build process:
melange build melange.yaml --arch x86_64This generates an apk package in the packages/ directory.
Apko is used to create a container image from the built package.
Create apko.yaml:
contents:
packages:
- hello-go
entrypoint:
command: ["/usr/bin/hello-go"]melange keygenThis generates:
-
melange.rsa(private key) -
melange.rsa.pub(public key)
apko build --arch x86_64 apko.yaml myregistry.example.com/hello-go:latest hello-go.tarThis creates a container image.
apko publish --keyring melange.rsa.pub --signing-key melange.rsa apko.yaml myregistry.example.com/hello-go:latestcosign verify --key melange.rsa.pub myregistry.example.com/hello-go:latest