Product Docs
Open Source
Education
This workshop kit provides resources for individuals who would like to present a talk or workshop about Wolfi and the tools that comprise its ecosystem.
The following materials are included:
Software supply chain threats have been growing exponentially in the last few years, according to industry leaders and security researchers (PDF). With the popularization of automated workflows and cloud native deployments, it is more important than ever to provide users with the ability to attest the provenance of all relevant software artifacts that compose the container images being used as build and production runtimes.
In this workshop, you’ll learn more about Wolfi, a community Linux undistro designed for the container and cloud-native era. You’ll also learn about melange and apko, Chainguard’s open source toolkit created to build more secure container images.
The demo files are available on the chainguard.dev/hello-wolfi-demo repository. The demo application is a command-line script built with PHP. It connects to the cat facts API and outputs a quote about cats.
Before getting started, make sure you have Docker installed on your machine. These steps were executed on an Ubuntu 22.04 host Linux machine, but they should work seamlessly across platforms that support Docker and multi-platform builds.
Clone the demo repository with:
cd ~ git clone https://github.com/chainguard-dev/hello-wolfi-demo.git cd hello-wolfi-demo
The demo consists of the following steps:
cgr.dev/chainguard/melange
cgr.dev/chainguard/apko
docker pull
melange-php.yaml
composer-php.yaml
melange-app.yaml
apko.yaml
docker load
docker run --rm <image-name>
Start by downloading the latest version of the melange and apko images.
docker pull cgr.dev/chainguard/melange docker pull cgr.dev/chainguard/apko
To make sure the generated packages work with apko, you’ll need to sign them. The following command will generate a keypair that you can use when building your packages:
docker run --rm -v "${PWD}":/work cgr.dev/chainguard/melange keygen
Next, build the PHP package with melange. On a Linux machine, follow the next command:
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-php.yaml \ --arch x86_64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
On a macOS machine, use the following command.
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-php.yaml \ --arch aarch64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
If you run into issues while running melange commands, check the melange troubleshooting guide.
You can now build the Composer package with the following command on Linux operating systems:
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-composer.yaml \ --arch x86_64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
On macOS, you can build the Composer package with the following command:
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-composer.yaml \ --arch aarch64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
With both the PHP and Composer dependencies in place, you can now build the application package.
On Linux systems, use the following command:
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-app.yaml \ --arch x86_64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
On macOS, you can build the application with:
docker run --privileged --rm -v "${PWD}":/work -- \ cgr.dev/chainguard/melange build melange-app.yaml \ --arch aarch64 \ --signing-key melange.rsa --keyring-append melange.rsa.pub
Now that all dependencies are ready, you can now run apko build to build the image that runs the demo app.
apko build
docker run --rm -v ${PWD}:/work cgr.dev/chainguard/apko build --debug apko.yaml hello-wolfi:latest hello-wolfi.tar -k melange.rsa.pub
If you run into issues while running apko commands, check the apko troubleshooting guide.
You can now load the generated image into Docker with the following command:
docker load < hello-wolfi.tar
You can now run the image with:
docker run --rm hello-wolfi
You should see output similar to this, showing a quote about cats:
A happy cat holds her tail high and steady.