Hansel

Hansel generates empty linux packages. These packages can be installed to track dependencies manually added to a container image.

Usage

You can add hansel to an image, and generate + install tracking packages for dependencies in a single step:

FROM node:18-alpine

COPY --from=ghcr.io/shopify/hansel:latest /usr/bin/hansel /usr/bin/hansel
RUN hansel --name node --version "$(node -v | sed -e's/^v//g')" --install

You can use hansel in a multistep build to generate and install separately:

FROM ghcr.io/shopify/hansel:latest AS crumbs
RUN hansel --name rando-thing --version 1.2.3 --debian

FROM debian:bullseye
RUN curl -o /usr/bin/rando-thing https://rando.thing/v1.2.3/unsigned-blob-yolo
COPY --from=crumbs /rando-thing*.deb /tmp/rando-thing.deb
RUN dpkg -i /tmp/rando-thing.deb && \
    rm /tmp/rando-thing.deb

The name is inspired by Hansel and Gretel, as the packages are breadcrumbs left for container scanners to identify.

Name		Name	Last commit message	Last commit date
Latest commit History 338 Commits
.github		.github
_examples		_examples
cmd/hansel		cmd/hansel
internal/cli		internal/cli
.gitignore		.gitignore
.golangci.yml		.golangci.yml
.goreleaser.yaml		.goreleaser.yaml
CONTRIBUTING.md		CONTRIBUTING.md
Dockerfile		Dockerfile
Dockerfile.test		Dockerfile.test
LICENSE		LICENSE
README.md		README.md
go.mod		go.mod
go.sum		go.sum

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Hansel

Usage

About

Releases 12

Packages

Contributors 6

Languages

License

Shopify/hansel

Folders and files

Latest commit

History

Repository files navigation

Hansel

Usage

About

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases 12

Packages 0

Contributors 6

Languages

Packages