From 87524f81d65ed125771f0e483e93a8f19b806b0a Mon Sep 17 00:00:00 2001 From: Vladimir Aleksandrov Date: Thu, 12 Feb 2026 14:14:49 +0100 Subject: [PATCH 1/2] generic: add Dependency-Check example from cachi2-generic Migrate the generic fetcher sample from cachito-testing/cachi2-generic (sample-app branch) to doc-examples, adapted for Hermeto output. Signed-off-by: Vladimir Aleksandrov --- Containerfile | 10 ++++++++++ artifacts.lock.yaml | 7 +++++++ 2 files changed, 17 insertions(+) create mode 100644 Containerfile create mode 100644 artifacts.lock.yaml diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..e4cd7e2 --- /dev/null +++ b/Containerfile @@ -0,0 +1,10 @@ +FROM ibmjava:11-jdk + +WORKDIR /tmp + +# use jar to unzip file in order to avoid having to install more dependencies +RUN jar -xvf hermeto-output/deps/generic/dependency-check.zip + +RUN chmod +x dependency-check/bin/dependency-check.sh + +ENTRYPOINT ["/tmp/dependency-check/bin/dependency-check.sh", "--version"] \ No newline at end of file diff --git a/artifacts.lock.yaml b/artifacts.lock.yaml new file mode 100644 index 0000000..ba0e860 --- /dev/null +++ b/artifacts.lock.yaml @@ -0,0 +1,7 @@ +--- +metadata: + version: "1.0" +artifacts: + - download_url: "https://github.com/jeremylong/DependencyCheck/releases/download/v11.1.0/dependency-check-11.1.0-release.zip" + checksum: "sha256:c5b5b9e592682b700e17c28f489fe50644ef54370edeb2c53d18b70824de1e22" + filename: "dependency-check.zip" From bd6caf48fbb200f70c027ca91263462d6a953a89 Mon Sep 17 00:00:00 2001 From: Vladimir Aleksandrov Date: Thu, 12 Feb 2026 14:14:58 +0100 Subject: [PATCH 2/2] Add README for example Signed-off-by: Vladimir Aleksandrov --- README.md | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index e93574a..2aaca1f 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,28 @@ -# Repo of examples for Hermeto docs +# Generic fetcher example -Individual examples each live in their own branch (e.g. the basic `pip` example is in -the 'pip-basic' branch) +This example demonstrates using Hermeto's generic fetcher to build a container image with OWASP Dependency-Check tool. + +## Pre-fetch dependencies + +The `artifacts.lock.yaml` file specifies which files to download. Run Hermeto to fetch the dependencies: + +```shell +hermeto fetch-deps --source . --output ./hermeto-output generic +``` + +## Build the container image + +Build the container image while mounting the Hermeto output directory: + +```shell +podman build . \ + --volume "$(realpath ./hermeto-output)":/tmp/hermeto-output \ + --network none \ + --tag dependency-check-example +``` + +## Run the container + +```shell +podman run dependency-check-example +```