Artifact Guidance Documents
Project Introduction and Scope
Container registries, implementing the distribution-spec, provide reliable, highly scalable, secured storage services for container images. Customers either use a cloud provider implementation, vendor implementations, or instance the open source implementation of distribution. They configure security and networking to assure the images in the registry are locked down and accessible by the resources required. Cloud providers and vendors often provide additional values atop their registry implementations from security to productivity features.
This repository provides a reference for artifact authors and registry implementors for supporting new artifact types with the existing implementations of distribution. More particularly this repository has been tasked by the OCI TOB to serve 3 primary goals:
- artifact authors - guidance for authoring new artifact types. Including a clearing house for well known artifact types.
- registry operators and vendors - guidance for how operators and vendors can support new artifact types, including how they can opt-in or out of well known artifact types. Registry operators that already implement
media-typefiltering will not have to change. The artifact repo will provide context on how new
media-types can be used, and how
media-types can be associated with a type of artifact.
- clearing house for well known artifacts - artifact authors can submit their artifact definitions, providing registry operators a list by which they can easily support.
By providing an OCI artifact definition, the community can continue to innovate, focusing on new artifact types without having to build yet another storage solution (YASS).
The current state of the OCI Artifacts repository:
- The repository contains guidance for using v1.0.1 of the OCI image manifest representing individual non-container image artifact types.
- This project recognizes that additional work is needed to find ways to improve existing OCI artifact types, such as OCI images, to formally include a software bill of materials (SBOMs), scan results, signatures, and other OCI artifact related extensions. Depending on the implementation chosen, additional APIs to manage these extensions may also be needed. We believe these requirements will either require modifications to the existing specs or some new specification depending on the output of various working groups.
This project, however, does not currently have the mission to create new specifications or commit changes to the existing specifications.
- External to OCI there exists an active community of developers working under the oras-project/artifacts-spec repository on proposed changes to the OCI specifications.
- An OCI working group for reference types has been proposed to work out how OCI should adopt these extensions.
Project Governance and License
- Artifact Authors- How To
- The Apache License, Version 2.0
- Maintainer guidelines
- Contributor guidelines
- Project governance
- Release procedures
Code of Conduct
This project incorporates (by reference) the OCI Code of Conduct.
Governance and Releases
This project incorporates the Governance and Releases processes from the OCI project template: https://github.com/opencontainers/project-template.
This project would continue to use existing channels in use by the OCI developer community for communication
Versioning / Roadmap
Frequently Asked Questions (FAQ)
Q: Does this change the OCI Charter or Scope Table?