Docker Image for ImageMagick
docker pull naoigcat/imagemagick- The image runs as an unprivileged user by default.
- The Debian base image is pinned by digest to reduce supply-chain drift.
- ImageMagick keeps its upstream policy hardening and adds container-specific limits.
- Remote URL delegates, indirect file reads, and Ghostscript-backed coders are disabled in the bundled policy.
- CI publishes SBOM and provenance attestations and runs scheduled vulnerability scans.
See imagemagick for available commands.
docker run --rm -v "$PWD":/app naoigcat/imagemagick identify image.pngIt is recommended to create an alias:
alias imagemagick='docker run --rm -v "$PWD":/app naoigcat/imagemagick'If you need files in the mounted directory to be owned by the host user, override the container user explicitly.
docker run --rm --user "$(id -u)":"$(id -g)" -v "$PWD":/app naoigcat/imagemagick identify image.pngYou can use this Docker image in your GitHub Actions workflows to process images during CI/CD.
name: Process Image
on: [push]
jobs:
generate:
runs-on: ubuntu-latest
container:
image: naoigcat/imagemagick:latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Create sample image
run: magick -size 200x100 xc:white -gravity center -pointsize 24 -annotate 0 'Sample' output.jpg
- name: Upload sample image
uses: actions/upload-artifact@v4
with:
name: image
path: output.jpgAlternatively, you can use the image with docker run in your workflow:
name: Process Image
on: [push]
jobs:
process:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v6
- name: Create sample image
run: |
docker run --rm --user "$(id -u)":"$(id -g)" -v "$PWD":/app naoigcat/imagemagick \
magick -size 200x100 xc:white -gravity center -pointsize 24 -annotate 0 'Sample' output.jpg
- name: Upload sample image
uses: actions/upload-artifact@v4
with:
name: image
path: output.jpg