ContainerForge
An opinionated collection of container images
Welcome to our container images! If you are looking for a container, start by browsing the GitHub Packages page for this repository’s packages.
Mission Statement
Section titled “Mission Statement”Our goal is to provide semantically versioned, rootless, and multi-architecture containers for various applications.
We adhere to the KISS principle, logging to stdout, maintaining one process per container, avoiding tools like s6-overlay, and building all images on top of Ubuntu.
We believe in not doing work twice without good reason. That is why we aim to follow the CI standards set by the home-operations community repository
Features
Section titled “Features”Tag Immutability
Section titled “Tag Immutability”Containers built here do not use immutable tags in the traditional sense, as seen with linuxserver.io or Bitnami. Instead, we insist on pinning to the sha256 digest of the image. While this approach is less visually appealing, it ensures functionality and immutability.
| Container | Immutable |
|---|---|
ghcr.io/trueforge-org/home-assistant:rolling | ❌ |
ghcr.io/trueforge-org/home-assistant:2025.5.1 | ❌ |
ghcr.io/trueforge-org/home-assistant:rolling@sha256:8053... | ✅ |
ghcr.io/trueforge-org/home-assistant:2025.5.1@sha256:8053... | ✅ |
If pinning an image to the sha256 digest, tools like Renovate can update containers based on digest or version changes.
TrueNAS Update Compatible
Section titled “TrueNAS Update Compatible”We have by-default ensured that, by default, all our containers use the TrueNAS Apps user when ran. Even when this is not specifically set!
On top of that TrueNAS can automatically update your container digests.
By picking one of the specific tags you can limit this to:
Digest Updates only Major.Minor.Patch
Patch and Digest Updates: Major.Minor
Patch, Minor and Digest Updates: Major
Every update: Rolling
This gives you full control of which Update TrueNAS will offer!
Rootless
Section titled “Rootless”By default the majority of our containers run as a non-root user (568:568), you are able to change the user/group by updating your configuration files.
However, for simplicity reasons we cannot give guarantees that changes to the user or group would be bug free.
Standardised Base Images
Section titled “Standardised Base Images”We aim to base all our containers on-top of our standardised Ubuntu base image. The following base images are available:
- Ubuntu
- Python
- Golang
- Node
- Java17
- Java21
To Be Announced:
- SteamCMD
in some case-by-case basis, we might instead use an external base. Our aim will always be to replace those with ours in due time
Docker Compose
Section titled “Docker Compose”services: home-assistant: image: ghcr.io/trueforge-org/home-assistant:2025.5.1 container_name: home-assistant user: 1000:1000 # The data volume permissions must match this user:group read_only: true # May require mounting in additional dirs as tmpfs tmpfs: - /tmp:rw # ...Kubernetes
Section titled “Kubernetes”For using our containers on kubernetes, we would advice using our sister-project TrueCharts. That way you get the full benefit of much additional testing prior to deployment.
Passing Arguments to Applications
Section titled “Passing Arguments to Applications”Some applications only allow certain configurations via command-line arguments rather than environment variables. For such cases, refer to the Kubernetes documentation on defining commands and arguments for a container. Then, specify the desired arguments as shown below:
args: - --port - "8080"Configuration Volume
Section titled “Configuration Volume”For applications requiring persistent configuration data, the configuration volume is hardcoded to /config within the container, whenever reasonably possible. In most cases, this path cannot be changed.
However some applications might require other paths.
Verify Image Signature
Section titled “Verify Image Signature”These container images are signed using the attest-build-provenance action.
To verify that the image was built by GitHub CI, use the following command:
gh attestation verify --repo trueforge-org/containers oci://oci.trueforge.org/containerforge/${APP}:${TAG}or by using cosign:
cosign verify-attestation --new-bundle-format --type slsaprovenance1 \ --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ --certificate-identity-regexp "^https://github.com/trueforge-org/containers/.github/workflows/app-builder.yaml@refs/heads/main" \ oci.trueforge.org/containerforge/${APP}:${TAG}Eschewed Features
Section titled “Eschewed Features”This repository does not support multiple “channels” for the same application. For example:
- Prowlarr, Radarr, and Sonarr only publish the develop branch, not the master (stable) branch.
- Lidarr only publishes the plugins branch
- qBittorrent is only published with LibTorrent 2.x.
This approach ensures consistency and focuses on streamlined builds.
Contributing
Section titled “Contributing”We encourage contributions of any time.
Deprecations
Section titled “Deprecations”Containers in this repository may be deprecated for the following reasons:
- The upstream application is no longer actively maintained and failing build.
- The maintenance burden is unsustainable, such as frequent build failures or instability.
- The applicaitons cannot reasonably be made to fit the Mission Statement
Note: Deprecated containers will be announced with a release and remain available in the registry for as long as reasonably possible
Difference with Home-Operations
Section titled “Difference with Home-Operations”Some might ask how our repository differs from [home-operations]https://github.com/home-operations), which we forked and follow. Our repository goals differ in the following areas:
-
We aim to include any containers, even if a good upstream is available. Comparable with linuxserver.io
-
We keep applications even if an application is deprecated, as long as it keeps building. This ensures some updates to dependencies.
-
We also host containers specifically designed for our community projects, such as TrueCharts
-
We use a different user “apps:apps” with uid/gid 568:568
Which repository should I follow? Whichever rocks your boat!
Licence
Section titled “Licence”
Truecharts, is primarily based on a AGPL-v3 license, this ensures almost everyone can use and modify our charts. Licences can vary on a per-Chart basis. This can easily be seen by the presence of a “LICENSE” file in said folder.
An exception to this, has been made for every document inside folders labeled as docs or doc and their subfolders: those folders are not licensed under AGPL-v3 and are considered “all rights reserved”. Said content can be modified and changes submitted per PR, in accordance to the github End User License Agreement.
SPDX-License-Identifier: AGPL-3.0
Credits
Section titled “Credits”This repository draws inspiration and ideas from the [home-operations]https://github.com/home-operations), hotio.dev, and linuxserver.io contributors.
