ci: build minimal and standard images (#135)

Build images without barman-cloud, to be used with backup plugins.

Other changes:

- Implement timestamp-based versioning for images
- Simplify build workflows for enhanced local testing and contribution
- Adopt OCI annotations and generate SBOMs for improved transparency

Closes #132

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Niccolò Fei <niccolo.fei@enterprisedb.com>

README.md

@@ -1,20 +1,133 @@
-# PostgreSQL Container Images
+> **IMPORTANT:** As of January 2025, we have transitioned to a new image build
+> process (see issue [#132](https://github.com/cloudnative-pg/postgres-containers/issues/132)
+> for details). Previously, the images were based on the
+> [Official Postgres image](https://hub.docker.com/_/postgres), maintained by the
+> [PostgreSQL Docker Community](https://github.com/docker-library/postgres),
+> and included Barman Cloud built from source.
+> This legacy approach, referred to as `system` images, will remain available
+> for backward compatibility but is planned for a future deprecation.
 
-Maintenance scripts to generate Immutable Application Containers
-for all available PostgreSQL versions (13 to 17) to be used as
-operands with the [CloudNativePG operator](https://cloudnative-pg.io)
-for Kubernetes.
+---
 
-These images are built on top of the [Official Postgres image](https://hub.docker.com/_/postgres)
-maintained by the [PostgreSQL Docker Community](https://github.com/docker-library/postgres),
-by adding the following software:
+# CNPG PostgreSQL Container Images
+
+This repository provides maintenance scripts for generating immutable
+application containers for all supported PostgreSQL versions (13 to 17).
+These containers are designed to serve as operands for the
+[CloudNativePG (CNPG) operator](https://cloudnative-pg.io) in Kubernetes
+environments.
+
+## Key Features
+
+The CNPG PostgreSQL Container Images:
+
+- Are based on Debian Linux `stable` and `oldstable`
+- Support **multi-architecture builds**, including `linux/amd64` and
+  `linux/arm64`.
+- Include **build attestations**, such as Software Bills of Materials (SBOMs)
+  and provenance metadata.
+- Are published on the
+  [CloudNativePG GitHub Container Registry](https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql).
+- Are **automatically rebuilt weekly** (every Monday) to ensure they remain
+  up-to-date.
+
+## Image Types
+
+We currently build and support two primary types of PostgreSQL images:
+
+- [`minimal`](#minimal-images)
+- [`standard`](#standard-images)
+
+Both `minimal` and `standard` images are intended to be used with backup
+plugins, such as [Barman Cloud](https://github.com/cloudnative-pg/plugin-barman-cloud).
+
+> **Note:** for backward compatibility, we also maintain the
+> [`system`](#system-images) image type. Switching from `system` images to
+> `minimal` or `standard` images on an existing cluster is not supported.
+
+### Minimal Images
+
+Minimal images are lightweight and built on top of the
+[official Debian images](https://hub.docker.com/_/debian).
+They use the [APT PostgreSQL packages](https://wiki.postgresql.org/wiki/Apt)
+maintained by the PostgreSQL Global Development Group (PGDG).
+
+These images are identified by the inclusion of `minimal` in their tag names,
+for example: `17.2-minimal-bookworm`.
+
+### Standard Images
+
+Standard images are an extension of the `minimal` images, enhanced with the
+following additional features:
+
+- PGAudit
+- Postgres Failover Slots
+- pgvector
+- All Locales
+
+Standard images are identifiable by the `standard` tag in their names, such as:
+`17.2-standard-bookworm`.
+
+> **Note:** Standard images are designed to offer functionality equivalent to
+> the legacy `system` images when used with CloudNativePG. To achieve parity,
+> you must use the [Barman Cloud Plugin](https://github.com/cloudnative-pg/plugin-barman-cloud)
+> as a replacement for the native Barman Cloud support in `system` images.
+
+### System Images
+
+System images are based on the [Official Postgres image](https://hub.docker.com/_/postgres),
+maintained by the
+[PostgreSQL Docker Community](https://github.com/docker-library/postgres).
+These images include additional software to extend PostgreSQL functionality:
 
 - Barman Cloud
 - PGAudit
 - Postgres Failover Slots
 - pgvector
 
-Currently, images are automatically rebuilt once a week (Monday).
+The [`Debian`](Debian) folder contains image catalogs, which can be used as:
+- [`ClusterImageCatalog`](https://cloudnative-pg.io/documentation/current/image_catalog/)
+- [`ImageCatalog`](https://cloudnative-pg.io/documentation/current/image_catalog/)
+
+> **Deprecation Notice:** System images and the associated Debian-based image
+> catalogs will be deprecated in future releases of CloudNativePG and
+> eventually removed. Users are encouraged to migrate to `minimal` or
+> `standard` images for new clusters as soon as feasible.
+
+## Build Attestations
+
+CNPG PostgreSQL Container Images are built with the following attestations to
+ensure transparency and traceability:
+
+- **[Software Bill of Materials
+  (SBOM)](https://docs.docker.com/build/metadata/attestations/sbom/):** A
+  comprehensive list of software artifacts included in the image or used during
+  its build process, formatted using the [in-toto SPDX predicate standard](https://github.com/in-toto/attestation/blob/main/spec/predicates/spdx.md).
+
+- **[Provenance](https://docs.docker.com/build/metadata/attestations/slsa-provenance/):**
+  Metadata detailing how the image was built, following the [SLSA Provenance](https://slsa.dev)
+  framework.
+
+For example, you can retrieve the SBOM for a specific image using the following
+command:
+
+```bash
+docker buildx imagetools inspect <IMAGE> --format "{{ json .SBOM.SPDX }}"
+```
+
+This command outputs the SBOM in JSON format, providing a detailed view of the
+software components and build dependencies.
+
+## Building Images
+
+For detailed instructions on building PostgreSQL container images, refer to the
+[BUILD.md](BUILD.md) file.
+
+## License and copyright
+
+This software is available under [Apache License 2.0](LICENSE).
+
+Copyright The CloudNativePG Contributors.
 
 Barman Cloud is distributed by EnterpriseDB under the
 [GNU GPL 3 License](https://github.com/EnterpriseDB/barman/blob/master/LICENSE).
@@ -28,18 +141,8 @@ Postgres Failover Slots is distributed by EnterpriseDB under the
 pgvector is distributed under the
 [PostgreSQL License](https://github.com/pgvector/pgvector/blob/master/LICENSE).
 
-Images are available via
-[GitHub Container Registry](https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql).
-
-## License and copyright
-
-This software is available under [Apache License 2.0](LICENSE).
-
-Copyright The CloudNativePG Contributors.
-
 ## Trademarks
 
 *[Postgres, PostgreSQL and the Slonik Logo](https://www.postgresql.org/about/policies/trademarks/)
 are trademarks or registered trademarks of the PostgreSQL Community Association
 of Canada, and used with their permission.*
-