- Notifications
You must be signed in to change notification settings - Fork4
Docker container with utilities to process XML data (xmllint...).
License
leplusorg/docker-xml
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Docker container with utilities to process XML data (xmllint, xsltproc...).
Let's say that you have a filefoo.xml that you want to reformat and save the result tobar.xml:
Mac/Linux
cat foo.xml| docker run --rm -i --net=none leplusorg/xml xmllint -> bar.xml
Windows
type foo.xml| docker run --rm -i --net=none leplusorg/xml xmllint -> bar.xml
Assuming that you have a filefoo.xml in your current working directory that you want to validate usingfoo.xsd:
Mac/Linux
docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v"$(pwd):/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --noout
Windows
Incmd:
docker run --rm -t --net=none -v"%cd%:/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --nooutIn PowerShell:
docker run--rm-t--net=none-v"${PWD}:/tmp" leplusorg/xml xmllint--schema/tmp/foo.xsd/tmp/foo.xml--noout
docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v"$(pwd):/tmp" leplusorg/xml java -jar /opt/saxon/run.sh -s:/tmp/source.xml -xsl:/tmp/stylesheet.xsl -o:/tmp/output.xml
SeeSaxon's documentation for more details regarding syntax and options.
To know more command-line options ofxmllint:
docker run --rm --net=none leplusorg/xml xmllint --help
To get the SBOM for the latest image (in SPDX JSON format), use thefollowing command:
docker buildx imagetools inspect leplusorg/xml --format'{{ json (index .SBOM "linux/amd64").SPDX }}'Replacelinux/amd64 by the desired platform (linux/amd64,linux/arm64 etc.).
Sigstore is trying to improve supplychain security by allowing you to verify the origin of anartifcat. You can verify that the jar that you use was actuallyproduced by this repository. This means that if you verify thesignature of the ristretto jar, you can trust the integrity of thewhole supply chain from code source, to CI/CD build, to distributionon Maven Central or whever you got the jar from.
You can use the following command to verify the latest image using itssigstore signature attestation:
cosign verify leplusorg/xml --certificate-identity-regexp'https://github\.com/leplusorg/docker-xml/\.github/workflows/.+' --certificate-oidc-issuer'https://token.actions.githubusercontent.com'
The output should look something like this:
Verification for index.docker.io/leplusorg/xml:main --The following checks were performed on each of these signatures: - The cosign claims were validated - Existence of the claims in the transparency log was verified offline - The code-signing certificate was verified using trusted certificate authority certificates[{"critical":...For instructions on how to installcosign, please read thisdocumentation.
Please usethis link (GitHub account required) to request that a new tool be added to the image. I am always interested in adding new capabilities to these images.
About
Docker container with utilities to process XML data (xmllint...).