OCI Artifacts
Artifact Guidance Documents
Supporting Documents
Project Introduction and Scope
Container registries, implementing the distribution-spec, provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features.
Applications and services typically require additional artifacts to deploy and manage, including helm for deployment and Open Policy Agent (OPA) for policy enforcement.
Utilizing the manifest and index definitions, new artifacts, such as the Singularity project, can be stored and served using the distribution-spec.
This repository provides a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution. More particularly this repository has been tasked by the OCI TOB to serve 3 primary goals:
- artifact authors - guidance for authoring new artifact types. Including a clearing house for well known artifact types.
- registry operators and vendors - guidance for how operators and vendors can support new artifact types, including how they can opt-in or out of well known artifact types. Registry operators that already implement
media-type
filtering will not have to change. The artifact repo will provide context on how newmedia-type
s can be used, and howmedia-type
s can be associated with a type of artifact. - clearing house for well known artifacts - artifact authors can submit their artifact definitions, providing registry operators a list by which they can easily support.
By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS).
Project Status
The current state of the OCI Artifacts repository:
- The repository contains guidance for using v1.0.1 of the OCI image manifest representing individual non-container image artifact types.
- This project recognizes that additional work is needed to find ways to improve existing OCI artifact types, such as OCI images, to formally include a software bill of materials (SBOMs), scan results, signatures, and other OCI artifact related extensions. Depending on the implementation chosen, additional APIs to manage these extensions may also be needed. We believe these requirements will either require modifications to the existing specs or some new specification depending on the output of various working groups.
This project, however, does not currently have the mission to create new specifications or commit changes to the existing specifications.
Related Projects Working on Extending OCI Specs
Project Governance and License
- Artifact Authors- How To
- The Apache License, Version 2.0
- Maintainers
- Maintainer guidelines
- Contributor guidelines
- Project governance
- Release procedures
Code of Conduct
This project incorporates (by reference) the OCI Code of Conduct.
Governance and Releases
This project incorporates the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template.
Project Communications
This project uses existing channels in use by the OCI developer community for communication
Versioning / Roadmap
Artifacts will reference specific distribution, index and manifest versions in its examples, identifying any dependencies required.
Frequently Asked Questions (FAQ)
Q: Does this change the OCI Charter or Scope Table?
A: No. Artifacts are a prescriptive means of storing index and manifest within distribution implementations.