Erich Blume
0e2c10176d
## Summary - Enable OIDC + API key authentication on zot with anonymous pull preserved - Enforce tag immutability for version tags - Adopt commit-SHA-based container image tagging Details in the [[harden-zot-registry]] Mikado chain (`mise run docs-mikado harden-zot-registry`). ## Test plan - [ ] Anonymous pull still works - [ ] Unauthenticated push fails (401) - [ ] CI container builds pass with new auth and tagging - [ ] `mise run services-check` passes 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/231
23 lines
575 B
Docker
23 lines
575 B
Docker
# CV/Resume Static Site Server
|
|
# Downloads and serves a CV site tarball (HTML+CSS+PDF) via nginx
|
|
#
|
|
# Configuration (via environment):
|
|
# CV_RELEASE_URL - URL to download the CV content tarball
|
|
#
|
|
# The container downloads the tarball on startup, extracts it, and serves with nginx.
|
|
|
|
ARG CONTAINER_APP_VERSION=1.0.3
|
|
|
|
FROM nginx:alpine
|
|
|
|
# Install curl for downloading release assets
|
|
RUN apk add --no-cache curl
|
|
|
|
# Copy startup script and nginx config
|
|
COPY start.sh /start.sh
|
|
COPY default.conf /etc/nginx/conf.d/default.conf
|
|
RUN chmod +x /start.sh
|
|
|
|
EXPOSE 80
|
|
|
|
CMD ["/start.sh"]
|