This is a minimal Git image based on Alpine, using up-to-date apks available on the Alpine Community repositories (not built from source). The image contains git, git-lfs, and supporting libraries such as openssh (for ssh-based auth), and ca-certs (for https-based cloning).
The image is available on cgr.dev:
docker pull cgr.dev/chainguard/git:latest
| Tag | Digest | Arch |
|---|---|---|
2.38.0-r1 |
sha256:69c9f045a42fa3e8d60b4d88642050de653bb51f967f162d4a66accada026103View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3-r0-root-glibc |
sha256:c4f4c1f59f269485bcfd28a3c71a4cd3745ac9e72f4090988f4b2810a385a629View entry in Rekor |
amd64 |
2 2-debian-11 2.38.0 2.38.0-debian-11-r2 2.38.0-debian-11-r3 |
sha256:79aa1b7df6773d4722dca35908903cd86dacd5d4a10656017ce8c227d9c91db3View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3-r0-glibc |
sha256:80de6d31ad4d06caf1091892c7df0c181afffe80809c84ce9f562a16634752deView entry in Rekor |
amd64 |
2.37.3-r1 |
sha256:0383d919339f5095c7c81f513cab6523e2fd323d5a524fbef3a89144d117238cView entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.38.1-r0 root |
sha256:c6be2fb936d1d7470dfb2d55c69cf7ab2c059624b57c1d83f4b368ea20ca0186View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.38.1-r0-glibc |
sha256:f26f78bb25eb2c83a8e316b75929af9c30bb53a
8000
8dd960ddecfa764a1c331892cView entry in Rekor |
amd64 |
2.38.1-r0-root-glibc |
sha256:60152eaa80075d4ef23c9becc73ce6507f3df58baa4aedf8030c843a4e47b45eView entry in Rekor |
amd64 |
2.37.3-debian-11-r8 2.37.3-r0 |
sha256:09768f17d6ce9eced953fe8e87d88c8097f867ac487d99048565fc42def493f3View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3 2.37.3-debian-11-r9 |
sha256:34a5718f96c5747b52e0cb5f217a2441be29f425ede41e946b6ec646507221e2View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3-debian-11-r5 |
sha256:5bd9e1bc50745c14199118e2a393a39e54d615444c91c6f09c3763ec8169d129View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3-debian-11-r6 |
sha256:fdede9d61b563ccb0a378233218a0040d24b4a97e0418d736708caa8394c7f55View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
2.37.3-debian-11-r7 |
sha256:fecf20ec858defbd6577b95d50e072a3836d8f390e7955a8e9801444c75ca75fView entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
latest |
sha256:7d1c0c05ff33f7887a17f1ef41ecb5dff6f3621aa3eb765ba30e8ae748feeb82View entry in Rekor |
386 amd64 arm64 armv6 armv7 ppc64le riscv64 s390x |
The Git image allows you to run ordinary Git commands in CI/CD pipelines and also locally via Docker.
To make sure you have the latest image version available, start by running a docker pull command:
docker pull cgr.dev/chainguard/gitThen, run the image with the --version flag to make sure it is functional:
docker run -it --rm cgr.dev/chainguard/git --versionYou should get output similar to this:
git version 2.37.1
Because your local system user's ID (uid) might differ from that of the container image, if you want to clone repositories locally using this image you'll need to set up special permissions for the target dir. Then, you'll be able to set up a volume and have the contents of the cloned repo replicated on your host machine.
First, create a target directory somewhere in your home folder and set the required permissions:
mkdir ~/workspace
chmod go+wrx ~/workspaceNow you can use docker run to execute the clone command, using the directory you just set up as a volume share between your local machine and the container image on /home/git.
docker run -it -v ~/workspace:/home/git --rm cgr.dev/chainguard/git clone https://github.com/chainguard-images/git.gitYou should get output like this:
Cloning into 'git'...
remote: Enumerating objects: 57, done.
remote: Counting objects: 100% (57/57), done.
remote: Compressing objects: 100% (47/47), done.
remote: Total 57 (delta 19), reused 35 (delta 10), pack-reused 0
Receiving objects: 100% (57/57), 15.23 KiB | 866.00 KiB/s, done.
Resolving deltas: 100% (19/19), done.
You can now check the contents of your workspace directory, where you should find the cloned repo.
All Chainguard Images are signed using Sigstore!
To verify the image, download cosign and run:
COSIGN_EXPERIMENTAL=1 cosign verify cgr.dev/chainguard/git:latest | jq
Output:
Verification for cgr.dev/chainguard/git:latest --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- Any certificates were verified against the Fulcio roots.
[
{
"critical": {
"identity": {
"docker-reference": "ghcr.io/chainguard-images/git"
},
"image": {
"docker-manifest-digest": "sha256:7d1c0c05ff33f7887a17f1ef41ecb5dff6f3621aa3eb765ba30e8ae748feeb82"
},
"type": "cosign container image signature"
},
"optional": {
"1.3.6.1.4.1.57264.1.1": "https://token.actions.githubusercontent.com",
"1.3.6.1.4.1.57264.1.2": "schedule",
"1.3.6.1.4.1.57264.1.3": "f26ac6517e76c3aa9d25c97a2d74b426db3dcb74",
"1.3.6.1.4.1.57264.1.4": "Create Release",
"1.3.6.1.4.1.57264.1.5": "chainguard-images/git",
"1.3.6.1.4.1.57264.1.6": "refs/heads/main",
"Bundle": {
"SignedEntryTimestamp": "MEQCIDTKkM+LycPCXJg5YNadJNlpnHZKtLURVkFAi8FPfSljAiBVHZVNGxGigmPV5tOw40NzzHh7j7ECQFSJoW+CMlw/RA==",
"Payload": {
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5MzA0MTljYjc4MWFjZTJhNDBjZmFiOTJmZDJlMTdiZWEwZjk3ZTE2ODgyYzFkNGY4ZGYxOGQyMTExMzI3YjhkIn19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRUcyOGMzR0Z3bXljckxHb2Vickc5aDhXb0ZxREFaOUZjZ00wcEZWM3pWV0FpRUF4RGdDYjRNZlZqWUsvcnUxenhjaFVaeXBKREtMSk43YUw3cDgwdWF6aEV3PSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVUndha05EUVhsNVowRjNTVUpCWjBsVlNVcE9ZamxTWkdGdFJsbE1MemhsUVRNeGJIQklZblV3U0VvMGQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcEplRTFVUVRGTlJFbDNUMFJKZVZkb1kwNU5ha2w0VFZSQk1VMUVTWGhQUkVsNVYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVZVWW5SMk9IQlhhRmRHV1dGcVdVaHFha1p2ZWxoRWFFMTVMM0JXZVhKaFIyMU5Ra1lLYWpaTGRrYzFZalJ3YW14ME5EaE1TVGhUUVNzMEwxUlVkR2RWZVVsdVltd3pWR2xyUVhSaE1rdHdWVXRtUzA5cEwyRlBRMEZyYzNkblowcElUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlZrZGxseUNqaGpPVlZWTWtoWWQwVnhlbHBzTURkcFNuSTVUVzB3ZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDFwUldVUldVakJTUVZGSUwwSkdjM2RYV1ZwWVlVaFNNR05JVFRaTWVUbHVZVmhTYjJSWFNYVlpNamwwVERKT2IxbFhiSFZhTTFab1kyMVJkQXBoVnpGb1dqSldla3d5WkhCa1F6aDFXakpzTUdGSVZtbE1NMlIyWTIxMGJXSkhPVE5qZVRsNVdsZDRiRmxZVG14TWJteG9ZbGQ0UVdOdFZtMWplVGx2Q2xwWFJtdGplVGwwV1Zkc2RVMUVhMGREYVhOSFFWRlJRbWMzT0hkQlVVVkZTekpvTUdSSVFucFBhVGgyWkVjNWNscFhOSFZaVjA0d1lWYzVkV041Tlc0S1lWaFNiMlJYU2pGak1sWjVXVEk1ZFdSSFZuVmtRelZxWWpJd2QwWm5XVXRMZDFsQ1FrRkhSSFo2UVVKQloxRkpZekpPYjFwWFVqRmlSMVYzVG1kWlN3cExkMWxDUWtGSFJIWjZRVUpCZDFGdldtcEpNbGxYVFRKT1ZFVXpXbFJqTWxsNlRtaFpWR3hyVFdwV2FrOVVaR2hOYlZFelRrZEpNRTFxV210WmFrNXJDbGt5U1ROT1JFRmpRbWR2Y2tKblJVVkJXVTh2VFVGRlJVSkJOVVJqYlZab1pFZFZaMVZ0Vm5OYVYwWjZXbFJCYWtKbmIzSkNaMFZGUVZsUEwwMUJSVVlLUWtKV2FtRkhSbkJpYldReFdWaEthMHhYYkhSWlYyUnNZM2s1Ym1GWVVYZElVVmxMUzNkWlFrSkJSMFIyZWtGQ1FtZFJVR050Vm0xamVUbHZXbGRHYXdwamVUbDBXVmRzZFUxSlIweENaMjl5UW1kRlJVRmtXalZCWjFGRFFrZ3dSV1YzUWpWQlNHTkJNMVF3ZDJGellraEZWRXBxUjFJMFkyMVhZek5CY1VwTENsaHlhbVZRU3pNdmFEUndlV2RET0hBM2J6UkJRVUZIUlZKWmRsVkhRVUZCUWtGTlFWTkVRa2RCYVVWQk9YcGtSVkZ2ZDJkblNEbE1keTk0VVhKeGFsTUtNM1ZsV0Vwck1ITTBTRlJNUmtFemNXcE9PVElyWW1kRFNWRkVNRkZSTmtvNVdXRmxXRzVzTjA1a2FISkZNekZGVVVGMldtSnlZVWRtUTBSUVVVZDVlZ3BxZUdwamJYcEJTMEpuWjNGb2EycFBVRkZSUkVGM1RtOUJSRUpzUVdwQlp6WktVbHA0TXpoblNHVk1kRTlIY0hod1JFUlNVM1l5VURoM05uQnRTRkJ2Q21WNWNrRjZZbTU2Y2xOU1kydHpZMk5qY1VSS1kyeG9ZVlZaY0UxcFIzZERUVkZEU1hJMVIzcGpRbTFFVUVacFlqVXhkVFJIVFRCbmJVWmhUbTlPU1VJS1VIQlVaSEpEYjNSUlVTc3dhSHBoS3psVmNUbHVlVTVXVlRONmNEQTNLM1pXY0RnOUNpMHRMUzB0UlU1RUlFTkZVbFJKUmtsRFFWUkZMUzB0TFMwSyJ9fX19",
"integratedTime": 1667614122,
"logIndex": 6532497,
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d"
}
},
"Issuer": "https://token.actions.githubusercontent.com",
"Subject": "https://github.com/chainguard-images/git/.github/workflows/release.yaml@refs/heads/main",
"githubWorkflowName": "Create Release",
"githubWorkflowRef": "refs/heads/main",
"githubWorkflowRepository": "chainguard-images/git",
"githubWorkflowSha": "f26ac6517e76c3aa9d25c97a2d74b426db3dcb74",
"githubWorkflowTrigger": "schedule",
"run_attempt": "1",
"run_id": "3398276120",
"sha": "f26ac6517e76c3aa9d25c97a2d74b426db3dcb74"
}
}
]
You can verify that the image was built in Github Actions in this repository from the Issuer and Subject fields.
This image is built with apko.