Skip to content

build

The build section defines how imglife generates Dockerfiles from templates and pushes base images to your registry.

build:
core_version: "1.0.0"
registry: registry.example.com/bases
builder: imglife-builder # optional buildx builder name
platforms: [linux/amd64, linux/arm64]
sbom: true
tag_format: "{registry}/{folder}:{mirror-tag}-{build_name}"
hooks:
post_image_build:
- cmd: cosign sign --yes {image}
timeout: 120s
images:
- name: alpine
folder: images/alpine
type: core
mirror_image: registry.example.com/mirrors/alpine
mirror_tag: "3.21.3"
version: "3.21.3"
FieldTypeRequiredDefaultDescription
core_versionstringyesOrganisation build version; bumped when your templates/config change
registrystringyesBase path where built images are pushed
builderstringnodocker buildx builder instance name; omit to use the default
platforms[]stringno[linux/amd64]Default target platforms
sbomboolnofalseAttach SBOM attestation (requires buildx)
tag_formatstringno{registry}/{folder}:{mirror-tag}-{build_name}Token template for the full image reference (see Tag format)
hooks.post_image_build[]HooknoCommands to run after each image is built and pushed
FieldTypeRequiredDefaultDescription
namestringyesImage name (used in logs and the {build_name} token)
folderstringyesRegistry sub-path for the built image (the {folder} token), e.g. images/alpine
typestringyescore, spe, or spe-dev (affects EOL checking)
mirror_imagestringyesMirror image used as FROM (must not include a tag)
mirror_tagstringnolatest resolvedPin a specific mirror tag; omit to auto-resolve the latest
versionstringconditionalRequired for spe/spe-dev; forbidden for core (which uses core_version)
tmplstringconditionaltemplates/core.tmplTemplate path; required for spe/spe-dev, forbidden for core
argsmap[string]stringnoAdditional --build-arg values
platforms[]stringnoinherits top-levelPer-image platform override
sbomboolnoinherits top-levelPer-image SBOM override
hooksHooksnoPer-image hooks
TypeDescriptionEOL checkedAppears in status
coreProduction base imageYesYes
speSpecial-purpose variantYesYes
spe-devDevelopment variantNoNo

imglife renders Dockerfile.tmpl using Go’s text/template engine. The following variables are available:

VariableExampleDescription
{{.MirrorImage}}registry.example.com/mirrors/alpine:3.21.3Fully-resolved mirror image reference (tag already appended)
{{.CoreVersion}}1.0.0Organisation core version (build.core_version)
{{.Version}}3.21.3core_version for core images, or the image version
{{.Name}}alpineImage name
{{.Type}}coreImage type (core, spe, spe-dev)
{{.OSFamily}}alpineOS family auto-detected from the mirror image
{{.Args}}{KEY: value}Map of the image’s args

Example Dockerfile.tmpl:

FROM {{ .MirrorImage }}
RUN apk add --no-cache \
ca-certificates \
tzdata \
curl
# OCI labels are injected automatically by imglife

imglife injects these OCI labels on every build:

org.opencontainers.image.created = <build timestamp>
org.opencontainers.image.revision = <git SHA>
org.opencontainers.image.source = <project URL>
org.opencontainers.image.base.name = <mirror image>
org.opencontainers.image.base.digest = <mirror digest>

tag_format is rendered with single-brace tokens (not Go templates). The default is {registry}/{folder}:{mirror-tag}-{build_name}, which produces the full destination reference. You can customise it:

build:
tag_format: "{registry}/{folder}:{mirror-tag}-org{version}"
# Produces: registry.example.com/bases/images/alpine:3.21.3-org1.0.0

Available tokens:

TokenExpands toExample
{registry}build.registryregistry.example.com/bases
{folder}the image folderimages/alpine
{type}the image typecore
{version}core_version for core, otherwise the image version1.0.0
{build_name}{type}{version}core1.0.0
{mirror-tag}the resolved mirror tag3.21.3

Validation rules: unknown tokens are rejected, {registry} is required, and at least one of {build_name}, {type}, or {version} must be present.

build:
platforms: [linux/amd64, linux/arm64]
builder: imglife-builder # buildx builder must support multi-arch

When platforms has more than one entry, imglife uses docker buildx build with --push to publish a multi-arch manifest. A builder with docker-container driver is required.

Instead of building and pushing, imglife can write Docker build contexts to a local directory for consumption by external builders (Kaniko, Buildah):

Terminal window
imglife build --output-dir /tmp/imglife-contexts

Each context directory contains a Dockerfile, a build.json manifest, and any required files. See imglife build for the full reference.

build:
hooks:
post_image_build:
- cmd: cosign sign --yes {image}
timeout: 120s
continue_on_error: false

In hook commands, the literal placeholder {image} is replaced with the fully-qualified image reference including tag. It is the only substitution available; the command is run via sh -c.

Each hook entry accepts cmd (required), timeout (optional Go duration, e.g. 120s), and continue_on_error (optional bool).