Skip to content

Latest commit

 

History

History
122 lines (87 loc) · 3.29 KB

README.md

File metadata and controls

122 lines (87 loc) · 3.29 KB

crane

crane is a tool for interacting with remote images and registries.

A collection of useful things you can do with crane is here.

Installation

Install from Releases

  1. Get the latest release version.

    $ VERSION=$(curl -s "https://api.github.com/repos/google/go-containerregistry/releases/latest" | jq -r '.tag_name')

    or set a specific version:

    $ VERSION=vX.Y.Z   # Version number with a leading v
  2. Download the release.

    $ OS=Linux       # or Darwin, Windows
    $ ARCH=x86_64    # or arm64, x86_64, armv6, i386, s390x
    $ curl -sL "https://github.com/google/go-containerregistry/releases/download/${VERSION}/go-containerregistry_${OS}_${ARCH}.tar.gz" > go-containerregistry.tar.gz
  3. Verify the signature. We generate SLSA 3 provenance using the OpenSSF's slsa-framework/slsa-github-generator. To verify our release, install the verification tool from slsa-framework/slsa-verifier#installation and verify as follows:

    $ curl -sL https://github.com/google/go-containerregistry/releases/download/${VERSION}/multiple.intoto.jsonl > provenance.intoto.jsonl
    $ # NOTE: You may be using a different architecture.
    $ slsa-verifier-linux-amd64 verify-artifact go-containerregistry.tar.gz --provenance-path provenance.intoto.jsonl --source-uri github.com/google/go-containerregistry --source-tag "${VERSION}"
      PASSED: Verified SLSA provenance
  4. Unpack it in the PATH.

    $ tar -zxvf go-containerregistry.tar.gz -C /usr/local/bin/ crane

Install manually

Install manually:

go install github.com/google/go-containerregistry/cmd/crane@latest

Install via brew

If you're macOS user and using Homebrew, you can install via brew command:

$ brew install crane

Install on Arch Linux

If you're an Arch Linux user you can install via pacman command:

$ pacman -S crane

Setup on GitHub Actions

You can use the setup-crane action to install crane and setup auth to GitHub Container Registry in a GitHub Action workflow:

steps:
- uses: imjasonh/[email protected]

Images

You can also use crane as docker image

$ docker run --rm gcr.io/go-containerregistry/crane ls ubuntu
10.04
12.04.5
12.04
12.10

And it's also available with a shell, at the :debug tag:

docker run --rm -it --entrypoint "/busybox/sh" gcr.io/go-containerregistry/crane:debug

Tagged debug images are available at gcr.io/go-containerregistry/crane/debug:[tag].

Using with GitLab

# Tags an existing Docker image which was tagged with the short commit hash with the tag 'latest'
docker-tag-latest:
  stage: latest
  only:
    refs:
      - main
  image:
    name: gcr.io/go-containerregistry/crane:debug
    entrypoint: [""]
  script:
    - crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - crane tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA latest