mirrors/jellyseerr
1
0
Fork 0
mirror of https://github.com/fallenbagel/jellyseerr.git synced 2025-12-24 02:39:18 -05:00
Code Issues Packages Projects Releases Wiki Activity

docs: add documentation for dockerhub (#2063)

Browse Source 
* docs: add documentation for dockerhub

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>

* docs: typo fixes

---------

Signed-off-by: Ludovic Ortega <ludovic.ortega@adminafk.fr>
Co-authored-by: sudo-kraken <joe@j-harrison.co.uk>
This commit is contained in:
Ludovic Ortega
2025-10-17 18:22:19 +03:00
committed by GitHub
parent 81eab7434f
commit 0dbbac02af
2 changed files with 47 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/getting-started/docker.mdx
View File

@@ -11,6 +11,10 @@ Details on how to install Docker can be found on the [official Docker website](h
Refer to [Configuring Databases](/extending-jellyseerr/database-config#postgresql-options) for details on how to configure your database. Refer to [Configuring Databases](/extending-jellyseerr/database-config#postgresql-options) for details on how to configure your database.
::: :::
:::info
An alternative Docker image is available on Docker Hub for this project. You can find it at [Docker Hub Repository Link](https://hub.docker.com/r/seerr/seerr)
:::
## Unix (Linux, macOS) ## Unix (Linux, macOS)
:::warning :::warning
Be sure to replace `/path/to/appdata/config` in the below examples with a valid host directory path. If this volume mount is not configured correctly, your Jellyseerr settings/data will not be persisted when the container is recreated (e.g., when updating the image or rebooting your machine). Be sure to replace `/path/to/appdata/config` in the below examples with a valid host directory path. If this volume mount is not configured correctly, your Jellyseerr settings/data will not be persisted when the container is recreated (e.g., when updating the image or rebooting your machine).
@@ -71,7 +75,7 @@ docker run -d ...
:::info :::info
All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/). All official Seerr images are cryptographically signed and include a verified [Software Bill of Materials (SBOM)](https://cyclonedx.org/).
To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Images](/using-jellyseerr/advanced/verifying-signed-images) guide. To confirm that the container image you are using is authentic and unmodified, please refer to the [Verifying Signed Artifacts](/using-jellyseerr/advanced/verifying-signed-artifacts) guide.
::: :::
:::tip :::tip

79
docs/using-jellyseerr/advanced/verifying-signed-images.mdx → docs/using-jellyseerr/advanced/verifying-signed-artifacts.mdx
View File

@@ -1,13 +1,37 @@
--- ---
id: verifying-signed-images id: verifying-signed-artifacts
title: Verifying Signed Images title: Verifying Signed Artifacts
sidebar_label: Verify Signed Images sidebar_label: Verify Signed Artifacts
description: Learn how to verify Seerr's signed container images and SBOM attestations using Cosign, Docker, Podman, or Skopeo. description: Learn how to verify Seerr's signed artifacts and SBOM attestations.
--- ---
import Tabs from '@theme/Tabs'; import Tabs from '@theme/Tabs';
import TabItem from '@theme/TabItem'; import TabItem from '@theme/TabItem';
# Verifying Signed Artifacts
These artifacts are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/):
- Container images
This ensures that the images you pull are authentic, tamper-proof, and built by the official Seerr release pipeline.
Additionally each container image also includes a CycloneDX SBOM (Software Bill of Materials) attestation, generated with [Trivy](https://aquasecurity.github.io/trivy/), providing transparency about all dependencies included in the image.
---
## Prerequisites
You will need the following tools installed:
- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)
To verify images:
- [Docker](https://docs.docker.com/get-docker/) **or**
- [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
---
# Verifying Signed Images # Verifying Signed Images
All Seerr container images published to GitHub Container Registry (GHCR) are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/). All Seerr container images published to GitHub Container Registry (GHCR) are cryptographically signed using [Sigstore Cosign](https://docs.sigstore.dev/quickstart/quickstart-cosign/).
@@ -17,42 +41,23 @@ Each image also includes a CycloneDX SBOM (Software Bill of Materials) attestati
--- ---
## Prerequisites ### Image Locations
You will need the following tools installed:
- [Cosign](https://docs.sigstore.dev/cosign/system_config/installation/)
- [Docker](https://docs.docker.com/get-docker/) **or**
- [Podman](https://podman.io/getting-started/installation) (including [Skopeo](https://github.com/containers/skopeo/blob/main/install.md))
```bash
cosign version
```
If using **Podman**, ensure `skopeo` is available:
```bash
skopeo --version
```
---
## Image Locations
Official Seerr images are available from: Official Seerr images are available from:
- GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr:<tag>` - GitHub Container Registry (GHCR): `ghcr.io/seerr-team/seerr:<tag>`
- Docker Hub: `seerr/seerr:<tag>`
You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/releases). You can view all available tags on the [Seerr Releases page](https://github.com/seerr-team/seerr/releases).
--- ---
## Verifying a Specific Release Tag ### Verifying a Specific Release Tag
Each tagged release (for example `v2.7.4`) is immutable and cryptographically signed. Each tagged release (for example `v2.7.4`) is immutable and cryptographically signed.
Verification should always be performed using the image digest (SHA256). Verification should always be performed using the image digest (SHA256).
### Retrieve the Image Digest #### Retrieve the Image Digest
<Tabs groupId="verify-methods"> <Tabs groupId="verify-methods">
<TabItem value="docker" label="Docker"> <TabItem value="docker" label="Docker">
@@ -78,7 +83,7 @@ sha256:abcd1234...
--- ---
### Verify the Image Signature #### Verify the Image Signature
<Tabs groupId="registry-methods"> <Tabs groupId="registry-methods">
<TabItem value="ghcr" label="GitHub Container Registry (GHCR)"> <TabItem value="ghcr" label="GitHub Container Registry (GHCR)">
@@ -112,14 +117,14 @@ The following checks were performed:
--- ---
## Verifying the `latest` Tag ### Verifying the `latest` Tag
:::warning Latest Tag Warning :::warning Latest Tag Warning
The `latest` tag is **mutable**, meaning it will change with each new release. The `latest` tag is **mutable**, meaning it will change with each new release.
Always verify the digest that `latest` currently points to. Always verify the digest that `latest` currently points to.
::: :::
### Retrieve the Digest for `latest` #### Retrieve the Digest for `latest`
<Tabs groupId="verify-methods"> <Tabs groupId="verify-methods">
<TabItem value="docker" label="Docker"> <TabItem value="docker" label="Docker">
@@ -143,7 +148,7 @@ Example output:
sha256:abcd1234... sha256:abcd1234...
``` ```
### Verify the Signature #### Verify the Signature
<Tabs groupId="registry-methods"> <Tabs groupId="registry-methods">
<TabItem value="ghcr" label="GHCR"> <TabItem value="ghcr" label="GHCR">
@@ -171,11 +176,11 @@ The wildcard `v.*` ensures verification works for any versioned release that `la
--- ---
## Verifying SBOM Attestations ### Verifying SBOM Attestations
Each image includes a CycloneDX SBOM attestation. Each image includes a CycloneDX SBOM attestation.
### Verify the Attestation #### Verify the Attestation
```bash ```bash
cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \ cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
@@ -193,7 +198,7 @@ The following checks were performed:
- Certificate issued by Fulcio to the expected workflow identity - Certificate issued by Fulcio to the expected workflow identity
::: :::
### Extract the SBOM for Inspection #### Extract the SBOM for Inspection
```bash ```bash
cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \ cosign verify-attestation ghcr.io/seerr-team/seerr@sha256:abcd1234... \
@@ -206,7 +211,7 @@ You can open `sbom.json` in a CycloneDX viewer or analyse it with [Trivy](https:
--- ---
## Expected Certificate Identity ### Expected Certificate Identity
The expected certificate identity for all signed Seerr images is: The expected certificate identity for all signed Seerr images is:
@@ -222,7 +227,7 @@ This confirms that the image was:
--- ---
## Troubleshooting ### Troubleshooting
| Issue | Likely Cause | Suggested Fix | | Issue | Likely Cause | Suggested Fix |
|-------|---------------|----------------| |-------|---------------|----------------|
@@ -233,7 +238,7 @@ This confirms that the image was:
--- ---
## Example: Full Verification Flow ### Example: Full Verification Flow
<Tabs groupId="verify-examples"> <Tabs groupId="verify-examples">
<TabItem value="docker" label="Docker"> <TabItem value="docker" label="Docker">