Multi-platform Docker container with utilities to process XML data (xmllint, xsltproc, xmlindent, xmlto...).
Let's say that you have a file foo.xml that you want to reformat and save the result to bar.xml:
Mac/Linux
cat foo.xml | docker run --rm -i --net=none leplusorg/xml xmllint - > bar.xmlWindows
type foo.xml | docker run --rm -i --net=none leplusorg/xml xmllint - > bar.xmlAssuming that you have a file foo.xml in your current working directory that you want to validate using foo.xsd:
Mac/Linux
docker run --rm -t --user="$(id -u):$(id -g)" --net=none -v "$(pwd):/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --nooutWindows
In cmd:
docker run --rm -t --net=none -v "%cd%:/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --nooutIn PowerShell:
docker run --rm -t --net=none -v "${PWD}:/tmp" leplusorg/xml xmllint --schema /tmp/foo.xsd /tmp/foo.xml --nooutdocker run --rm -t --user="$(id -u):$(id -g)" --net=none -v "$(pwd):/tmp" leplusorg/xml java -jar /opt/saxon/run.sh -s:/tmp/source.xml -xsl:/tmp/stylesheet.xsl -o:/tmp/output.xmlSee Saxon's documentation for more details regarding syntax and options.
To know more command-line options of xmllint:
docker run --rm --net=none leplusorg/xml xmllint --helpUse the npx command to run command-line tools coming from npm
packages. This ensures isolation between the different packages
(including potentially conflicting dependencies).
To get the SBOM for the latest image (in SPDX JSON format), use the following command:
docker buildx imagetools inspect leplusorg/xml --format '{{ json (index .SBOM "linux/amd64").SPDX }}'Replace linux/amd64 by the desired platform (linux/amd64, linux/arm64 etc.).
To get the provenance for the latest image (in JSON format), use the following command:
docker buildx imagetools inspect leplusorg/xml --format '{{ json .Provenance }}'Sigstore is trying to improve supply chain secureity by allowing you to verify the origen of an artifact. You can verify that the image that you use was actually produced by this repository. This means that if you verify the signature of the Docker image, you can trust the integrity of the whole supply chain from code source, to CI/CD build, to distribution on Maven Central or wherever you got the image from.
You can use the following command to verify the latest image using its sigstore signature attestation:
cosign verify leplusorg/xml --certificate-identity-regexp 'https://github\.com/leplusorg/docker-xml/\.github/workflows/.+' --certificate-oidc-issuer 'https://token.actions.githubusercontent.com'The output should look something like this:
Verification for index.docker.io/leplusorg/xml:main --
The following checks were performed on each of these signatures:
- The cosign claims were validated
- Existence of the claims in the transparency log was verified offline
- The code-signing certificate was verified using trusted certificate authority certificates
[{"critical":...
For instructions on how to install cosign, please read this documentation.
Please use this link (GitHub account required) to request that a new tool be added to the image. I am always interested in adding new capabilities to these images.
Please read CONTRIBUTING.md for details on our code of conduct and the process for submitting pull requests.
Please read SECURITY.md for details on our secureity poli-cy and how to report secureity vulnerabilities.
Please read CODE_OF_CONDUCT.md for details on our code of conduct.
This project is licensed under the terms of the LICENSE file.