# Documentation

> This project is OCI container (podman)-first. Docker specific documentation is provided in docker/docker.md

# Container Quick Reference (Podman/OCI)

## Structure

```
assets/
├── Containerfile         ← OCI production (~7MB)
└── Containerfile.alpine  ← Development (~15MB)

docs/
├── container.md          ← Main Podman guide ⭐
└── docker/               ← Docker specifics
```

## Quick Commands

```bash
# Build
podman build -t argparse-builder .

# Run rootless
podman run -d -p 8080:8080 argparse-builder

# With SELinux
podman run -d -p 8080:8080 --security-opt label=type:container_t argparse-builder

# Hardened
podman run -d -p 8080:8080 \
  --read-only \
  --cap-drop=ALL \
  --security-opt=no-new-privileges \
  --memory=128m \
  argparse-builder
```

## SELinux Volumes

```bash
# Private label (recommended)
podman run -v ./data:/data:Z argparse-builder

# Shared label
podman run -v ./shared:/shared:z argparse-builder
```

## Systemd Integration

```bash
# Generate unit
podman generate systemd --new --name argparse-builder > ~/.config/systemd/user/argparse-builder.service

# Enable
systemctl --user enable --now argparse-builder
```

## Key Features

- ✅ Rootless by default
- ✅ SELinux native support
- ✅ Daemonless operation
- ✅ OCI compliant
- ✅ Systemd integration
- ✅ ~7MB image size

## Makefile

```bash
make container-build          # Build image
make container-run           # Run rootless
make container-run-hardened  # Security hardened
make container-systemd       # Generate systemd unit
```

See **docs/container.md** for complete guide.

```

```

```

```

```

```

```

```

```

```