svrnty/docker-dotnet
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 5 Wiki Activity
fa20f6f0ea
docker-dotnet/DOCKERHUB.md
Mathias Beaulieu-Duncan 67d4d72414 Fix version table rendering by moving markers outside table 
HTML comments between the separator and data rows break markdown
table parsing. Markers now wrap the entire table (header included)
and the pipeline regenerates the full table.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-03 15:34:30 -05:00

128 lines
4.0 KiB
Markdown
Raw Blame History

# .NET Docker Images
<a href="https://git.openharbor.io/svrnty/docker-dotnet" target="_blank"><img src="https://img.shields.io/badge/Git-Repository-orange?logo=gitea" alt="Git Repository"></a>
<a href="https://wolfi.dev" target="_blank"><img src="https://img.shields.io/badge/Base-Wolfi-purple?logo=linux" alt="Wolfi"></a>
Minimal .NET Docker images for production and CI/CD. Built on [Wolfi](https://wolfi.dev), a security-focused Linux distribution designed for containers. All supported (non-EOL) .NET versions are rebuilt automatically.
## Images
<!-- BEGIN_VERSION_TABLE -->
| Version | `runtime` | `runtime-invariant` | `sdk` | Arch | EOL |
|---------|-----------|---------------------|-------|------|-----|
| **.NET 10** (LTS) | `runtime-10` `runtime-lts` | `runtime-invariant-10` `runtime-invariant-lts` | `sdk-10` `sdk-lts` | amd64 arm64 | 2028-11-14 |
| **.NET 9** (STS) | `runtime-9` `runtime-sts` | `runtime-invariant-9` `runtime-invariant-sts` | `sdk-9` `sdk-sts` | amd64 arm64 | 2026-11-10 |
| **.NET 8** | `runtime-8` | `runtime-invariant-8` | `sdk-8` | amd64 arm64 | 2026-11-10 |
<!-- END_VERSION_TABLE -->
## Variants
- **runtime** - ASP.NET Core runtime with ICU/globalization support
- **runtime-invariant** - ASP.NET Core runtime without ICU (smallest, invariant mode)
- **sdk** - .NET SDK with bash, git, curl for building apps
## Why Wolfi?
[Wolfi](https://wolfi.dev) is a lightweight Linux distribution built specifically for containers. It provides:
- **Minimal footprint** - Only essential packages, nothing extra
- **Daily security updates** - Patches applied quickly
- **Designed for containers** - No legacy cruft from traditional distros
## Features
- **Lightweight** - Optimized for fast CI/CD pulls
- **Secure** - Built on Wolfi with continuous vulnerability scanning
- **Multi-arch** - Supports both `linux/amd64` and `linux/arm64`
- **Non-root** - Runtime images run as unprivileged user (UID 65532)
- **Supply chain security** - SBOM and SLSA provenance attestations included
- **EOL-aware** - Versions are automatically dropped when they reach end-of-life
## Dockerfile Examples
### Web API
```dockerfile
ARG BUILDPLATFORM
FROM --platform=$BUILDPLATFORM svrnty/dotnet:sdk-10 AS build
WORKDIR /source
COPY . .
WORKDIR /source/MyApp.Api
ARG TARGETARCH
RUN case "$TARGETARCH" in \
amd64) ARCH=x64 ;; \
arm64) ARCH=arm64 ;; \
*) ARCH=$TARGETARCH ;; \
esac && \
dotnet publish -a $ARCH --self-contained false -o /app
FROM svrnty/dotnet:runtime-invariant-10 AS final
WORKDIR /app
COPY --from=build /app .
USER 65532
EXPOSE 8080
ENTRYPOINT ["/usr/share/dotnet/dotnet", "MyApp.Api.dll"]
```
### Worker service
```dockerfile
ARG BUILDPLATFORM
FROM --platform=$BUILDPLATFORM svrnty/dotnet:sdk-lts AS build
WORKDIR /source
COPY . .
ARG TARGETARCH
RUN case "$TARGETARCH" in \
amd64) ARCH=x64 ;; \
arm64) ARCH=arm64 ;; \
*) ARCH=$TARGETARCH ;; \
esac && \
dotnet publish MyWorker -a $ARCH --self-contained false -o /app
FROM svrnty/dotnet:runtime-invariant-lts AS final
WORKDIR /app
COPY --from=build /app .
USER 65532
ENTRYPOINT ["/usr/share/dotnet/dotnet", "MyWorker.dll"]
```
## CI/CD (Gitea/GitHub Actions)
```yaml
jobs:
build:
runs-on: ubuntu-latest
container:
image: svrnty/dotnet:sdk-lts
steps:
- uses: actions/checkout@v4
- run: dotnet restore
- run: dotnet test --no-restore
- run: dotnet publish -c Release -o /app
```
## Tags
- `<variant>-<major>` - Latest patch for a major version (e.g., `runtime-10`)
- `<variant>-<version>` - Exact version pin (e.g., `runtime-10.0.2`, `sdk-10.0.102`)
- `<variant>-lts` - Floating tag for the highest active LTS
- `<variant>-sts` - Floating tag for the highest active STS
## Automatic Updates
Images are automatically rebuilt when:
- New .NET patch versions are released (daily check)
- Base image security updates are available (weekly rebuild)
- A .NET version reaches EOL, it is automatically excluded
Every build is scanned and includes supply chain attestations (SBOM, SLSA provenance).
## License
MIT
Reference in New Issue View Git Blame Copy Permalink