Google Cloud Platform's
govanityurlspackaged for Docker.
govanityurls is a
great little Go vanity URL server. However, the original authors do not publish
any containerised distribution of their software. This repository has one
purpose: Package the existing source code for Docker without creating another
fork that needs to be maintained (even though the upstream project seems to be
pretty stale).
docker run -p 8080:8080 -v $(pwd)/vanity.yaml:/vanity.yaml ghcr.io/mariuskiessling/govanityurls:latest
You must mount your govanityurls configuration
file
at /vanity.yaml for the container to start successfully.
⚠️ You should never use the latest tag in production. If you plan to use this image in production, use a version tag or, even better, the image's digest.
You should also not trust any random container image from the internet; this
includes mine. All generated images are signed with sigstore's
Cosign utility using the Fulcio
PKI-supported key-less signature
method.
The following attributes are signed for every image:
upstream-commit: The commit hash of the upstreamgovanityurlsproject that the container image is based on.upstream-version: The Git version tag of the upstreamgovanityurlsproject that the container image is based on.github-run-id: The ID of the GitHub Action run which built the container image.
You can verify that one or more of these attributes match your expectations by running this command:
COSIGN_EXPERIMENTAL=1 cosign verify -a upstream-version=v0.1.0 ghcr.io/mariuskiessling/govanityurls:latest
If you don't trust me at all (good attitude), you can use the GitHub Workflow
SHA claim (OID
1.3.6.1.4.1.57264.1.3)
to verify that I didn't use a hidden commit to generate a malicious container
image that just pretends to contain the claimed upstream source code version.