From 4c87338811235fedd5f3a3bb72ce3820b662b846 Mon Sep 17 00:00:00 2001
From: Priyanka Saggu <Priyankasaggu11929@users.noreply.github.com>
Date: Fri, 8 Mar 2024 09:09:11 +0000
Subject: [PATCH] Test build for #949

---
 .github/dependabot.yml                        |   7 +
 .github/workflows/changelog_checker.yml       |  41 +
 .github/workflows/find-missing-packages.yml   |  57 ++
 .obs/workflows.yml                            |  95 +++
 _config                                       |   3 +
 base-image/README.md                          |   3 +
 base-image/_service                           |   4 +
 base-image/base-image.changes                 |   4 +
 base-image/base-image.kiwi                    |  83 ++
 base-image/config.sh                          |  84 +++
 busybox-image/README.md                       |   3 +
 busybox-image/_service                        |   4 +
 busybox-image/busybox-image.changes           |   4 +
 busybox-image/busybox-image.kiwi              |  69 ++
 busybox-image/config.sh                       |  34 +
 init-image/Dockerfile                         |  51 ++
 init-image/README.md                          |   3 +
 init-image/_service                           |   4 +
 init-image/init-image.changes                 |   4 +
 mariadb-client-image/Dockerfile               |  44 ++
 mariadb-client-image/README.md                |   3 +
 mariadb-client-image/_service                 |  10 +
 .../mariadb-client-image.changes              |   4 +
 mariadb-image/Dockerfile                      |  65 ++
 mariadb-image/README.md                       |   3 +
 mariadb-image/_constraints                    |   7 +
 mariadb-image/_service                        |  10 +
 mariadb-image/docker-entrypoint.sh            | 707 ++++++++++++++++++
 mariadb-image/mariadb-image.changes           |   4 +
 micro-image/README.md                         |   3 +
 micro-image/_service                          |   4 +
 micro-image/config.sh                         |  31 +
 micro-image/micro-image.changes               |   4 +
 micro-image/micro-image.kiwi                  |  68 ++
 minimal-image/README.md                       |   3 +
 minimal-image/_service                        |   4 +
 minimal-image/config.sh                       |  37 +
 minimal-image/minimal-image.changes           |   4 +
 minimal-image/minimal-image.kiwi              |  73 ++
 slci-kernel-module-devel-image/Dockerfile     |  43 ++
 slci-kernel-module-devel-image/README.md      |   3 +
 slci-kernel-module-devel-image/_constraints   |   7 +
 slci-kernel-module-devel-image/_service       |   4 +
 .../slci-kernel-module-devel-image.changes    |   4 +
 tomcat-10-image/Dockerfile                    |  65 ++
 tomcat-10-image/README.md                     |  79 ++
 tomcat-10-image/_service                      |  15 +
 tomcat-10-image/tomcat-10-image.changes       |   4 +
 tomcat-9-image/Dockerfile                     |  64 ++
 tomcat-9-image/README.md                      |  72 ++
 tomcat-9-image/_service                       |  15 +
 tomcat-9-image/tomcat-9-image.changes         |   4 +
 52 files changed, 2024 insertions(+)
 create mode 100644 .github/dependabot.yml
 create mode 100644 .github/workflows/changelog_checker.yml
 create mode 100644 .github/workflows/find-missing-packages.yml
 create mode 100644 .obs/workflows.yml
 create mode 100644 _config
 create mode 100644 base-image/README.md
 create mode 100644 base-image/_service
 create mode 100644 base-image/base-image.changes
 create mode 100644 base-image/base-image.kiwi
 create mode 100644 base-image/config.sh
 create mode 100644 busybox-image/README.md
 create mode 100644 busybox-image/_service
 create mode 100644 busybox-image/busybox-image.changes
 create mode 100644 busybox-image/busybox-image.kiwi
 create mode 100644 busybox-image/config.sh
 create mode 100644 init-image/Dockerfile
 create mode 100644 init-image/README.md
 create mode 100644 init-image/_service
 create mode 100644 init-image/init-image.changes
 create mode 100644 mariadb-client-image/Dockerfile
 create mode 100644 mariadb-client-image/README.md
 create mode 100644 mariadb-client-image/_service
 create mode 100644 mariadb-client-image/mariadb-client-image.changes
 create mode 100644 mariadb-image/Dockerfile
 create mode 100644 mariadb-image/README.md
 create mode 100644 mariadb-image/_constraints
 create mode 100644 mariadb-image/_service
 create mode 100644 mariadb-image/docker-entrypoint.sh
 create mode 100644 mariadb-image/mariadb-image.changes
 create mode 100644 micro-image/README.md
 create mode 100644 micro-image/_service
 create mode 100644 micro-image/config.sh
 create mode 100644 micro-image/micro-image.changes
 create mode 100644 micro-image/micro-image.kiwi
 create mode 100644 minimal-image/README.md
 create mode 100644 minimal-image/_service
 create mode 100644 minimal-image/config.sh
 create mode 100644 minimal-image/minimal-image.changes
 create mode 100644 minimal-image/minimal-image.kiwi
 create mode 100644 slci-kernel-module-devel-image/Dockerfile
 create mode 100644 slci-kernel-module-devel-image/README.md
 create mode 100644 slci-kernel-module-devel-image/_constraints
 create mode 100644 slci-kernel-module-devel-image/_service
 create mode 100644 slci-kernel-module-devel-image/slci-kernel-module-devel-image.changes
 create mode 100644 tomcat-10-image/Dockerfile
 create mode 100644 tomcat-10-image/README.md
 create mode 100644 tomcat-10-image/_service
 create mode 100644 tomcat-10-image/tomcat-10-image.changes
 create mode 100644 tomcat-9-image/Dockerfile
 create mode 100644 tomcat-9-image/README.md
 create mode 100644 tomcat-9-image/_service
 create mode 100644 tomcat-9-image/tomcat-9-image.changes

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000..900df3257
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
diff --git a/.github/workflows/changelog_checker.yml b/.github/workflows/changelog_checker.yml
new file mode 100644
index 000000000..ea2870d8d
--- /dev/null
+++ b/.github/workflows/changelog_checker.yml
@@ -0,0 +1,41 @@
+---
+name: Check the changelogs
+
+on:
+  pull_request:
+
+jobs:
+  changelog-check:
+    name: changelog check
+    runs-on: ubuntu-22.04
+    container: ghcr.io/dcermak/bci-ci:latest
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: main
+          fetch-depth: 0
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pypoetry/virtualenvs
+          key: poetry-${{ hashFiles('poetry.lock') }}
+
+      - name: install python dependencies
+        run: poetry install
+
+      - name: fix the file permissions of the repository
+        run: chown -R $(id -un):$(id -gn) .
+
+      - name: fetch all branches
+        run: git fetch
+
+      - name: check the changelog
+        run: |
+          poetry run scratch-build-bot \
+              --os-version SLCI -vvvv \
+              changelog_check \
+                  --base-ref origin/${{ github.base_ref }} \
+                  --head-ref ${{ github.event.pull_request.head.sha }}
+        env:
+          OSC_USER: "irrelevant"
diff --git a/.github/workflows/find-missing-packages.yml b/.github/workflows/find-missing-packages.yml
new file mode 100644
index 000000000..26b20b607
--- /dev/null
+++ b/.github/workflows/find-missing-packages.yml
@@ -0,0 +1,57 @@
+---
+name: Check whether packages are missing on OBS
+
+on:
+  push:
+    branches:
+      - 'SLCI'
+
+jobs:
+  create-issues-for-dan:
+    name: create an issue for Dan to create the packages in devel:BCI
+    runs-on: ubuntu-latest
+    container: ghcr.io/dcermak/bci-ci:latest
+
+    strategy:
+      fail-fast: false
+
+    steps:
+      # we need all branches for the build checks
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          ref: main
+          token: ${{ secrets.CHECKOUT_TOKEN }}
+
+      - uses: actions/cache@v3
+        with:
+          path: ~/.cache/pypoetry/virtualenvs
+          key: poetry-${{ hashFiles('poetry.lock') }}
+
+      - name: fix the file permissions of the repository
+        run: chown -R $(id -un):$(id -gn) .
+
+      - name: install python dependencies
+        run: poetry install
+
+      - name: find the packages that are missing
+        run: |
+          pkgs=$(poetry run scratch-build-bot --os-version SLCI find_missing_packages)
+          if [[ ${pkgs} = "" ]]; then
+              echo "missing_pkgs=false" >> $GITHUB_ENV
+          else
+              echo "missing_pkgs=true" >> $GITHUB_ENV
+              echo "pkgs=${pkgs}" >> $GITHUB_ENV
+          fi
+          cat test-build.env >> $GITHUB_ENV
+        env:
+          OSC_PASSWORD: ${{ secrets.OSC_PASSWORD }}
+          OSC_USER: "defolos"
+
+      - uses: JasonEtco/create-an-issue@v2
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          update_existing: true
+          filename: ".github/create-package.md"
+        if: env.missing_pkgs == 'true'
diff --git a/.obs/workflows.yml b/.obs/workflows.yml
new file mode 100644
index 000000000..787472333
--- /dev/null
+++ b/.obs/workflows.yml
@@ -0,0 +1,95 @@
+---
+staging_build:
+  steps:
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: base-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: busybox-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: init-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: mariadb-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: mariadb-client-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: micro-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: minimal-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: slci-kernel-module-devel-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: tomcat-10-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+    - branch_package:
+        source_project: home:defolos:BCI:CR:SLCI
+        source_package: tomcat-9-image
+        target_project: home:defolos:BCI:CR:SLCI:Staging
+  filters:
+    event: pull_request
+
+refresh_staging_project:
+  steps:
+    - trigger_services:
+        project: home:defolos:BCI:CR:SLCI
+        package: _project
+  filters:
+    event: push
+    branches:
+      only:
+        - SLCI
+
+
+refresh_devel_BCI:
+  steps:
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: base-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: busybox-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: init-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: mariadb-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: mariadb-client-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: micro-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: minimal-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: slci-kernel-module-devel-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: tomcat-10-image
+    - trigger_services:
+        project: devel:BCI:SLCI
+        package: tomcat-9-image
+  filters:
+    event: push
+    branches:
+      only:
+        - SLCI
diff --git a/_config b/_config
new file mode 100644
index 000000000..437f83552
--- /dev/null
+++ b/_config
@@ -0,0 +1,3 @@
+<status code="unknown_project">
+  <summary>Project not found: devel:BCI:SLCI</summary>
+</status>
diff --git a/base-image/README.md b/base-image/README.md
new file mode 100644
index 000000000..323bdb00b
--- /dev/null
+++ b/base-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI Base Container image
+
+Base container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/base-image/_service b/base-image/_service
new file mode 100644
index 000000000..bd1abb02d
--- /dev/null
+++ b/base-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/base-image/base-image.changes b/base-image/base-image.changes
new file mode 100644
index 000000000..8c5184fbe
--- /dev/null
+++ b/base-image/base-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Base BCI
diff --git a/base-image/base-image.kiwi b/base-image/base-image.kiwi
new file mode 100644
index 000000000..d19e6438b
--- /dev/null
+++ b/base-image/base-image.kiwi
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- SPDX-License-Identifier: MIT -->
+<!-- 
+    Copyright (c) 2024 SUSE LLC
+
+All modifications and additions to the file contributed by third parties
+remain the property of their copyright owners, unless otherwise agreed
+upon.
+
+The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+It is maintained by the BCI team and generated by
+https://github.com/SUSE/BCI-dockerfile-generator
+
+Please submit bugfixes or comments via https://bugs.opensuse.org/
+You can contact the BCI team via https://github.com/SUSE/bci/discussions
+-->
+<!-- OBS-AddTag: alp/bci/bci-base:%OS_VERSION_ID_SP% alp/bci/bci-base:%OS_VERSION_ID_SP%.%RELEASE% alp/bci/bci-base:latest -->
+<!-- OBS-Imagerepo: obsrepositories:/ -->
+
+<image schemaversion="6.5" name="base-image" xmlns:suse_label_helper="com.suse.label_helper">
+  <description type="system">
+    <author>SUSE LLC</author>
+    <contact>https://www.suse.com/</contact>
+    <specification>SLCI Project BCI Base Container Image</specification>
+  </description>
+  <preferences>
+    <type image="docker">
+      <containerconfig
+          name="alp/bci/bci-base"
+          tag="%OS_VERSION_ID_SP%"
+          maintainer="SUSE LLC (https://www.suse.com/)"
+          additionaltags="%OS_VERSION_ID_SP%.%RELEASE%,latest">
+        <labels>
+          <suse_label_helper:add_prefix prefix="com.suse.slci.bci.base">
+            <label name="org.opencontainers.image.title" value="SLCI Project BCI Base"/>
+            <label name="org.opencontainers.image.description" value="Base container based on the SUSE Adaptable Linux Platform (ALP)."/>
+            <label name="org.opencontainers.image.version" value="%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.opencontainers.image.created" value="%BUILDTIME%"/>
+            <label name="org.opencontainers.image.vendor" value="SUSE LLC"/>
+            <label name="org.opencontainers.image.source" value="%SOURCEURL%"/>
+            <label name="org.opencontainers.image.url" value="https://susealp.io/"/>
+            <label name="io.artifacthub.package.readme-url" value="%SOURCEURL%/README.md"/>
+            <label name="org.opensuse.reference" value="registry.suse.com/alp/bci/bci-base:%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.openbuildservice.disturl" value="%DISTURL%"/>
+            <label name="com.suse.supportlevel" value="techpreview"/>
+            <label name="com.suse.eula" value="sle-bci"/>
+            <label name="com.suse.release-stage" value="beta"/>
+            <label name="com.suse.lifecycle-url" value="https://www.suse.com/lifecycle"/>
+          </suse_label_helper:add_prefix>
+        </labels>
+      </containerconfig>
+    </type>
+    <version>2024</version>
+    <packagemanager>zypper</packagemanager>
+    <rpm-check-signatures>false</rpm-check-signatures>
+    <rpm-excludedocs>true</rpm-excludedocs>
+  </preferences>
+  <repository type="rpm-md">
+    <source path="obsrepositories:/"/>
+  </repository>
+  <packages type="bootstrap">
+    <package name="aaa_base"/>
+    <package name="bash"/>
+    <package name="ca-certificates"/>
+    <package name="ca-certificates-mozilla"/>
+    <package name="coreutils"/>
+    <package name="cracklib-dict-small"/>
+    <package name="curl"/>
+    <package name="filesystem"/>
+    <package name="glibc-locale-base"/>
+    <package name="gzip"/>
+    <package name="jdupes"/>
+    <package name="netcfg"/>
+    <package name="ALP-dummy-release"/>
+    <package name="openssl"/>
+    <package name="suse-build-key"/>
+    <package name="tar"/>
+    <package name="timezone"/>
+    <package name="zypper"/>
+    <package name="findutils"/>
+  </packages>
+
+</image>
\ No newline at end of file
diff --git a/base-image/config.sh b/base-image/config.sh
new file mode 100644
index 000000000..66b231436
--- /dev/null
+++ b/base-image/config.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2024 SUSE LLC
+
+set -euo pipefail
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+echo "Configure image: [$kiwi_iname]..."
+
+#============================================
+# Import repositories' keys if rpm is present
+#--------------------------------------------
+if command -v rpm > /dev/null; then
+    suseImportBuildKey
+fi
+
+echo "Configure image: [$kiwi_iname]..."
+
+# don't have multiple licenses of the same type
+jdupes -1 -L -r /usr/share/licenses
+
+#
+zypper --non-interactive rm -u jdupes
+
+# Not needed, but neither rpm nor libzypp handle rpmlib(X-CheckUnifiedSystemdir) yet
+# which would avoid it being installed by filesystem package
+rpm -e compat-usrmerge-tools
+
+# FIXME: stop hardcoding the url, use some external mechanism once available
+zypper -n ar --gpgcheck --enable 'https://updates.suse.com/SUSE/Products/ALP-Dolomite/1.0/$basearch/product/' repo-slci
+
+#======================================
+# Disable recommends
+#--------------------------------------
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+
+#======================================
+# Exclude docs installation
+#--------------------------------------
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+
+#======================================
+# Remove locale files
+#--------------------------------------
+shopt -s globstar
+rm -f /usr/share/locale/**/*.mo
+
+# Remove zypp uuid (bsc#1098535)
+rm -f /var/lib/zypp/AnonymousUniqueId
+
+# Remove various log files. While it's possible to just rm -rf /var/log/*, that
+# would also remove some package owned directories (not %ghost) and some files
+# are actually wanted, like lastlog in the !docker case.
+# For those wondering about YaST2 here: Kiwi writes /etc/hosts, so the version
+# from the netcfg package ends up as /etc/hosts.rpmnew, which zypper writes a
+# letter about to /var/log/YaST2/config_diff_2022_03_06.log. Kiwi fixes this,
+# but the log file remains.
+rm -rf /var/log/{zypper.log,zypp/history,YaST2}
+
+# Remove the entire zypper cache content (not the dir itself, owned by libzypp)
+rm -rf /var/cache/zypp/*
+
+# Assign a fixed architecture in zypp.conf, to use the container's arch even if
+# the host arch differs (e.g. docker with --platform doesn't affect uname)
+arch=$(rpm -q --qf %{arch} glibc)
+if [ "$arch" = "i586" ] || [ "$arch" = "i686" ]; then
+	sed -i "s/^# arch =.*\$/arch = i686/" /etc/zypp/zypp.conf
+	# Verify that it's applied
+	grep -q '^arch =' /etc/zypp/zypp.conf
+fi
+
+
+#=======================================
+# Clean up after zypper if it is present
+#---------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean
+fi
+
+rm -rf /var/log/zypp
+
+exit 0
diff --git a/busybox-image/README.md b/busybox-image/README.md
new file mode 100644
index 000000000..8019e98df
--- /dev/null
+++ b/busybox-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI Adaptable Linux Platform BusyBox Container image
+
+Adaptable Linux Platform BusyBox container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/busybox-image/_service b/busybox-image/_service
new file mode 100644
index 000000000..bd1abb02d
--- /dev/null
+++ b/busybox-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/busybox-image/busybox-image.changes b/busybox-image/busybox-image.changes
new file mode 100644
index 000000000..1041fc3dc
--- /dev/null
+++ b/busybox-image/busybox-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Adaptable Linux Platform BusyBox BCI
diff --git a/busybox-image/busybox-image.kiwi b/busybox-image/busybox-image.kiwi
new file mode 100644
index 000000000..9d25f64e8
--- /dev/null
+++ b/busybox-image/busybox-image.kiwi
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- SPDX-License-Identifier: MIT -->
+<!-- 
+    Copyright (c) 2024 SUSE LLC
+
+All modifications and additions to the file contributed by third parties
+remain the property of their copyright owners, unless otherwise agreed
+upon.
+
+The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+It is maintained by the BCI team and generated by
+https://github.com/SUSE/BCI-dockerfile-generator
+
+Please submit bugfixes or comments via https://bugs.opensuse.org/
+You can contact the BCI team via https://github.com/SUSE/bci/discussions
+-->
+<!-- OBS-AddTag: alp/bci/bci-busybox:%OS_VERSION_ID_SP% alp/bci/bci-busybox:%OS_VERSION_ID_SP%.%RELEASE% alp/bci/bci-busybox:latest -->
+<!-- OBS-Imagerepo: obsrepositories:/ -->
+
+<image schemaversion="6.5" name="busybox-image" xmlns:suse_label_helper="com.suse.label_helper">
+  <description type="system">
+    <author>SUSE LLC</author>
+    <contact>https://www.suse.com/</contact>
+    <specification>SLCI Project BCI Adaptable Linux Platform BusyBox Container Image</specification>
+  </description>
+  <preferences>
+    <type image="docker">
+      <containerconfig
+          name="alp/bci/bci-busybox"
+          tag="%OS_VERSION_ID_SP%"
+          maintainer="SUSE LLC (https://www.suse.com/)"
+          additionaltags="%OS_VERSION_ID_SP%.%RELEASE%,latest">
+        <labels>
+          <suse_label_helper:add_prefix prefix="com.suse.slci.bci.busybox">
+            <label name="org.opencontainers.image.title" value="SLCI Project BCI Adaptable Linux Platform BusyBox"/>
+            <label name="org.opencontainers.image.description" value="Adaptable Linux Platform BusyBox container based on the SUSE Adaptable Linux Platform (ALP)."/>
+            <label name="org.opencontainers.image.version" value="%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.opencontainers.image.created" value="%BUILDTIME%"/>
+            <label name="org.opencontainers.image.vendor" value="SUSE LLC"/>
+            <label name="org.opencontainers.image.source" value="%SOURCEURL%"/>
+            <label name="org.opencontainers.image.url" value="https://susealp.io/"/>
+            <label name="io.artifacthub.package.readme-url" value="%SOURCEURL%/README.md"/>
+            <label name="org.opensuse.reference" value="registry.suse.com/alp/bci/bci-busybox:%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.openbuildservice.disturl" value="%DISTURL%"/>
+            <label name="com.suse.supportlevel" value="l3"/>
+            <label name="com.suse.eula" value="sle-bci"/>
+            <label name="com.suse.release-stage" value="beta"/>
+            <label name="com.suse.lifecycle-url" value="https://www.suse.com/lifecycle"/>
+          </suse_label_helper:add_prefix>
+        </labels>
+        <subcommand execute="/bin/sh"/>
+      </containerconfig>
+    </type>
+    <version>2024</version>
+    <packagemanager>zypper</packagemanager>
+    <rpm-check-signatures>false</rpm-check-signatures>
+    <rpm-excludedocs>true</rpm-excludedocs>
+  </preferences>
+  <repository type="rpm-md">
+    <source path="obsrepositories:/"/>
+  </repository>
+  <packages type="bootstrap">
+    <package name="ALP-dummy-release"/>
+    <package name="busybox"/>
+    <package name="busybox-links"/>
+    <package name="ca-certificates-mozilla-prebuilt"/>
+  </packages>
+
+</image>
\ No newline at end of file
diff --git a/busybox-image/config.sh b/busybox-image/config.sh
new file mode 100644
index 000000000..0fbbcd72e
--- /dev/null
+++ b/busybox-image/config.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2024 SUSE LLC
+
+set -euo pipefail
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+echo "Configure image: [$kiwi_iname]..."
+
+#============================================
+# Import repositories' keys if rpm is present
+#--------------------------------------------
+if command -v rpm > /dev/null; then
+    suseImportBuildKey
+fi
+
+
+sed -i 's|/bin/bash|/bin/sh|' /etc/passwd
+# Will be recreated by the next rpm(1) run as root user
+rm -v /usr/lib/sysimage/rpm/Index.db
+
+
+#=======================================
+# Clean up after zypper if it is present
+#---------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean
+fi
+
+rm -rf /var/log/zypp
+
+exit 0
diff --git a/init-image/Dockerfile b/init-image/Dockerfile
new file mode 100644
index 000000000..1ffd1dd96
--- /dev/null
+++ b/init-image/Dockerfile
@@ -0,0 +1,51 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: alp/bci/bci-init:%OS_VERSION_ID_SP%
+#!BuildTag: alp/bci/bci-init:%OS_VERSION_ID_SP%.%RELEASE%
+#!BuildTag: alp/bci/bci-init:latest
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.bci.init
+LABEL org.opencontainers.image.title="SLCI Project BCI Adaptable Linux Platform Init"
+LABEL org.opencontainers.image.description="Systemd environment for containers based on the SUSE Adaptable Linux Platform (ALP). This container is only supported with podman."
+LABEL org.opencontainers.image.version="%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL org.opensuse.reference="registry.suse.com/alp/bci/bci-init:%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="l3"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+LABEL usage="This container should only be used to build containers for daemons. Add your packages and enable services using systemctl."
+
+RUN set -euo pipefail; zypper -n in --no-recommends systemd gzip; zypper -n clean; rm -rf /var/log/*
+CMD ["/usr/lib/systemd/systemd"]
+
+RUN mkdir -p /etc/systemd/system.conf.d/ && \
+    printf "[Manager]\nLogColor=no" > \
+        /etc/systemd/system.conf.d/01-sle-bci-nocolor.conf
+RUN systemctl disable getty@tty1.service
+HEALTHCHECK --interval=5s --timeout=5s --retries=5 CMD ["/usr/bin/systemctl", "is-active", "multi-user.target"]
diff --git a/init-image/README.md b/init-image/README.md
new file mode 100644
index 000000000..d608d7f0f
--- /dev/null
+++ b/init-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI Adaptable Linux Platform Init Container image
+
+Systemd environment for containers based on the SUSE Adaptable Linux Platform (ALP). This container is only supported with podman.
diff --git a/init-image/_service b/init-image/_service
new file mode 100644
index 000000000..053a4f4f8
--- /dev/null
+++ b/init-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/init-image/init-image.changes b/init-image/init-image.changes
new file mode 100644
index 000000000..7612eec16
--- /dev/null
+++ b/init-image/init-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Adaptable Linux Platform Init BCI
diff --git a/mariadb-client-image/Dockerfile b/mariadb-client-image/Dockerfile
new file mode 100644
index 000000000..df0bac66a
--- /dev/null
+++ b/mariadb-client-image/Dockerfile
@@ -0,0 +1,44 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: suse/mariadb-client:%%mariadb_version%%
+#!BuildTag: suse/mariadb-client:%%mariadb_version%%-%RELEASE%
+#!BuildTag: suse/mariadb-client:latest
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.application.mariadb-client
+LABEL org.opencontainers.image.title="SLCI Project MariaDB Client"
+LABEL org.opencontainers.image.description="MariaDB Client container based on the SUSE Adaptable Linux Platform (ALP)."
+LABEL org.opencontainers.image.version="%%mariadb_version%%"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL org.opensuse.reference="registry.suse.com/suse/mariadb-client:%%mariadb_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="l3"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+
+RUN set -euo pipefail; zypper -n in --no-recommends mariadb-client; zypper -n clean; rm -rf /var/log/*
+CMD ["mariadb"]
diff --git a/mariadb-client-image/README.md b/mariadb-client-image/README.md
new file mode 100644
index 000000000..69f0132d0
--- /dev/null
+++ b/mariadb-client-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project MariaDB Client Container image
+
+MariaDB Client container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/mariadb-client-image/_service b/mariadb-client-image/_service
new file mode 100644
index 000000000..6137d451b
--- /dev/null
+++ b/mariadb-client-image/_service
@@ -0,0 +1,10 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%mariadb_version%%</param>
+    <param name="package">mariadb-client</param>
+    <param name="parse-version">minor</param>
+  </service>
+</services>
\ No newline at end of file
diff --git a/mariadb-client-image/mariadb-client-image.changes b/mariadb-client-image/mariadb-client-image.changes
new file mode 100644
index 000000000..a3a1e9f13
--- /dev/null
+++ b/mariadb-client-image/mariadb-client-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the MariaDB Client BCI
diff --git a/mariadb-image/Dockerfile b/mariadb-image/Dockerfile
new file mode 100644
index 000000000..13dca40df
--- /dev/null
+++ b/mariadb-image/Dockerfile
@@ -0,0 +1,65 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: suse/mariadb:%%mariadb_version%%
+#!BuildTag: suse/mariadb:%%mariadb_version%%-%RELEASE%
+#!BuildTag: suse/mariadb:latest
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.application.mariadb
+LABEL org.opencontainers.image.title="SLCI Project MariaDB Server"
+LABEL org.opencontainers.image.description="MariaDB Server container based on the SUSE Adaptable Linux Platform (ALP)."
+LABEL org.opencontainers.image.version="%%mariadb_version%%"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL org.opensuse.reference="registry.suse.com/suse/mariadb:%%mariadb_version%%-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="l3"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+
+RUN set -euo pipefail; zypper -n in --no-recommends mariadb mariadb-tools gawk timezone util-linux; zypper -n clean; rm -rf /var/log/*
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["mariadbd"]
+EXPOSE 3306
+RUN set -euo pipefail; mkdir /docker-entrypoint-initdb.d
+
+# docker-entrypoint from https://github.com/MariaDB/mariadb-docker.git
+COPY docker-entrypoint.sh /usr/local/bin/
+RUN set -euo pipefail; chmod 755 /usr/local/bin/docker-entrypoint.sh
+RUN set -euo pipefail; ln -s usr/local/bin/docker-entrypoint.sh / # backwards compat
+
+RUN set -euo pipefail; sed -i -e 's,exec gosu mysql ,exec setpriv --reuid=mysql --regid=mysql --clear-groups -- /bin/bash ,g' /usr/local/bin/docker-entrypoint.sh
+RUN set -euo pipefail; sed -i -e 's,$(pwgen .*),$(openssl rand -base64 36),' /usr/local/bin/docker-entrypoint.sh
+
+# Ensure all logs goes to stdout
+RUN set -euo pipefail; sed -i 's/^log/#log/g' /etc/my.cnf
+
+# Disable binding to localhost only, doesn't make sense in a container
+RUN set -euo pipefail; sed -i -e 's|^\(bind-address.*\)|#\1|g' /etc/my.cnf
+
+RUN set -euo pipefail; mkdir /run/mysql
+
+VOLUME /var/lib/mysql
diff --git a/mariadb-image/README.md b/mariadb-image/README.md
new file mode 100644
index 000000000..94bf92b36
--- /dev/null
+++ b/mariadb-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project MariaDB Server Container image
+
+MariaDB Server container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/mariadb-image/_constraints b/mariadb-image/_constraints
new file mode 100644
index 000000000..bc515be79
--- /dev/null
+++ b/mariadb-image/_constraints
@@ -0,0 +1,7 @@
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">11</size>
+    </disk>
+  </hardware>
+</constraints>
diff --git a/mariadb-image/_service b/mariadb-image/_service
new file mode 100644
index 000000000..43bdff660
--- /dev/null
+++ b/mariadb-image/_service
@@ -0,0 +1,10 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%mariadb_version%%</param>
+    <param name="package">mariadb</param>
+    <param name="parse-version">minor</param>
+  </service>
+</services>
\ No newline at end of file
diff --git a/mariadb-image/docker-entrypoint.sh b/mariadb-image/docker-entrypoint.sh
new file mode 100644
index 000000000..9bf762350
--- /dev/null
+++ b/mariadb-image/docker-entrypoint.sh
@@ -0,0 +1,707 @@
+#!/bin/bash
+set -eo pipefail
+shopt -s nullglob
+
+# logging functions
+mysql_log() {
+	local type="$1"; shift
+	printf '%s [%s] [Entrypoint]: %s\n' "$(date --rfc-3339=seconds)" "$type" "$*"
+}
+mysql_note() {
+	mysql_log Note "$@"
+}
+mysql_warn() {
+	mysql_log Warn "$@" >&2
+}
+mysql_error() {
+	mysql_log ERROR "$@" >&2
+	exit 1
+}
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_DB_PASSWORD' 'example'
+# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		mysql_error "Both $var and $fileVar are set (but are exclusive)"
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+# set MARIADB_xyz from MYSQL_xyz when MARIADB_xyz is unset
+# and make them the same value (so user scripts can use either)
+_mariadb_file_env() {
+	local var="$1"; shift
+	local maria="MARIADB_${var#MYSQL_}"
+	file_env "$var" "$@"
+	file_env "$maria" "${!var}"
+	if [ "${!maria:-}" ]; then
+		export "$var"="${!maria}"
+	fi
+}
+
+# check to see if this file is being run or sourced from another script
+_is_sourced() {
+	# https://unix.stackexchange.com/a/215279
+	[ "${#FUNCNAME[@]}" -ge 2 ] \
+		&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
+		&& [ "${FUNCNAME[1]}" = 'source' ]
+}
+
+# usage: docker_process_init_files [file [file [...]]]
+#    ie: docker_process_init_files /always-initdb.d/*
+# process initializer files, based on file extensions
+docker_process_init_files() {
+	# mysql here for backwards compatibility "${mysql[@]}"
+	# ShellCheck: mysql appears unused. Verify use (or export if used externally)
+	# shellcheck disable=SC2034
+	mysql=( docker_process_sql )
+
+	echo
+	local f
+	for f; do
+		case "$f" in
+			*.sh)
+				# https://github.com/docker-library/postgres/issues/450#issuecomment-393167936
+				# https://github.com/docker-library/postgres/pull/452
+				if [ -x "$f" ]; then
+					mysql_note "$0: running $f"
+					"$f"
+				else
+					mysql_note "$0: sourcing $f"
+					# ShellCheck can't follow non-constant source. Use a directive to specify location.
+					# shellcheck disable=SC1090
+					. "$f"
+				fi
+				;;
+			*.sql)     mysql_note "$0: running $f"; docker_process_sql < "$f"; echo ;;
+			*.sql.gz)  mysql_note "$0: running $f"; gunzip -c "$f" | docker_process_sql; echo ;;
+			*.sql.xz)  mysql_note "$0: running $f"; xzcat "$f" | docker_process_sql; echo ;;
+			*.sql.zst) mysql_note "$0: running $f"; zstd -dc "$f" | docker_process_sql; echo ;;
+			*)         mysql_warn "$0: ignoring $f" ;;
+		esac
+		echo
+	done
+}
+
+# arguments necessary to run "mysqld --verbose --help" successfully (used for testing configuration validity and for extracting default/configured values)
+_verboseHelpArgs=(
+	--verbose --help
+)
+
+mysql_check_config() {
+	local toRun=( "$@" "${_verboseHelpArgs[@]}" ) errors
+	if ! errors="$("${toRun[@]}" 2>&1 >/dev/null)"; then
+		mysql_error $'mysqld failed while attempting to check config\n\tcommand was: '"${toRun[*]}"$'\n\t'"$errors"
+	fi
+}
+
+# Fetch value from server config
+# We use mysqld --verbose --help instead of my_print_defaults because the
+# latter only show values present in config files, and not server defaults
+mysql_get_config() {
+	local conf="$1"; shift
+	"$@" "${_verboseHelpArgs[@]}" 2>/dev/null \
+		| awk -v conf="$conf" '$1 == conf && /^[^ \t]/ { sub(/^[^ \t]+[ \t]+/, ""); print; exit }'
+	# match "datadir      /some/path with/spaces in/it here" but not "--xyz=abc\n     datadir (xyz)"
+}
+
+# Do a temporary startup of the MariaDB server, for init purposes
+docker_temp_server_start() {
+	"$@" --skip-networking --default-time-zone=SYSTEM --socket="${SOCKET}" --wsrep_on=OFF \
+		--expire-logs-days=0 \
+		--loose-innodb_buffer_pool_load_at_startup=0 &
+	declare -g MARIADB_PID
+	MARIADB_PID=$!
+	mysql_note "Waiting for server startup"
+	# only use the root password if the database has already been initialized
+	# so that it won't try to fill in a password file when it hasn't been set yet
+	extraArgs=()
+	if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+		extraArgs+=( '--dont-use-mysql-root-password' )
+	fi
+	local i
+	for i in {30..0}; do
+		if docker_process_sql "${extraArgs[@]}" --database=mysql <<<'SELECT 1' &> /dev/null; then
+			break
+		fi
+		sleep 1
+	done
+	if [ "$i" = 0 ]; then
+		mysql_error "Unable to start server."
+	fi
+}
+
+# Stop the server. When using a local socket file mysqladmin will block until
+# the shutdown is complete.
+docker_temp_server_stop() {
+	kill "$MARIADB_PID"
+	wait "$MARIADB_PID"
+}
+
+# Verify that the minimally required password settings are set for new databases.
+docker_verify_minimum_env() {
+	# Restoring from backup requires no environment variables
+	declare -g DATABASE_INIT_FROM_BACKUP
+	for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
+		if [ -f "${file}" ]; then
+			DATABASE_INIT_FROM_BACKUP='true'
+			return
+		fi
+	done
+	if [ -z "$MARIADB_ROOT_PASSWORD" ] && [ -z "$MARIADB_ROOT_PASSWORD_HASH" ] && [ -z "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] && [ -z "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
+		mysql_error $'Database is uninitialized and password option is not specified\n\tYou need to specify one of MARIADB_ROOT_PASSWORD, MARIADB_ROOT_PASSWORD_HASH, MARIADB_ALLOW_EMPTY_ROOT_PASSWORD and MARIADB_RANDOM_ROOT_PASSWORD'
+	fi
+	# More preemptive exclusions of combinations should have been made before *PASSWORD_HASH was added, but for now we don't enforce due to compatibility.
+	if [ -n "$MARIADB_ROOT_PASSWORD" ] || [ -n "$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" ] || [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ] && [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
+		mysql_error "Cannot specify MARIADB_ROOT_PASSWORD_HASH and another MARIADB_ROOT_PASSWORD* option."
+	fi
+	if [ -n "$MARIADB_PASSWORD" ] && [ -n "$MARIADB_PASSWORD_HASH" ]; then
+		mysql_error "Cannot specify MARIADB_PASSWORD_HASH and MARIADB_PASSWORD option."
+	fi
+	if [ -n "$MARIADB_REPLICATION_USER" ]; then
+		if [ -z "$MARIADB_MASTER_HOST" ]; then
+			# its a master, we're creating a user
+			if [ -z "$MARIADB_REPLICATION_PASSWORD" ] && [ -z "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
+				mysql_error "MARIADB_REPLICATION_PASSWORD or MARIADB_REPLICATION_PASSWORD_HASH not found to create replication user for master"
+			fi
+		else
+			# its a replica
+			if [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; then
+				mysql_error "MARIADB_REPLICATION_PASSWORD is mandatory to specify the replication on the replica image."
+			fi
+			if [ -n "$MARIADB_REPLICATION_PASSWORD_HASH" ] ; then
+				mysql_warn "MARIADB_REPLICATION_PASSWORD_HASH cannot be specified on a replica"
+			fi
+		fi
+	fi
+	if [ -n "$MARIADB_MASTER_HOST" ] && { [ -z "$MARIADB_REPLICATION_USER" ] || [ -z "$MARIADB_REPLICATION_PASSWORD" ] ; }; then
+		mysql_error "For a replica, MARIADB_REPLICATION_USER and MARIADB_REPLICATION is mandatory."
+	fi
+}
+
+# creates folders for the database
+# also ensures permission for user mysql of run as root
+docker_create_db_directories() {
+	local user; user="$(id -u)"
+
+	# TODO other directories that are used by default? like /var/lib/mysql-files
+	# see https://github.com/docker-library/mysql/issues/562
+	mkdir -p "$DATADIR"
+
+	if [ "$user" = "0" ]; then
+		# this will cause less disk access than `chown -R`
+		find "$DATADIR" \! -user mysql -exec chown mysql: '{}' +
+		# See https://github.com/MariaDB/mariadb-docker/issues/363
+		find "${SOCKET%/*}" -maxdepth 0 \! -user mysql -exec chown mysql: '{}' \;
+
+		# memory.pressure
+		local cgroup; cgroup=$(</proc/self/cgroup)
+		local mempressure="/sys/fs/cgroup/${cgroup:3}/memory.pressure"
+		if [ -w "$mempressure" ]; then
+			chown mysql: "$mempressure" || mysql_warn "unable to change ownership of $mempressure, functionality unavailable to MariaDB"
+		else
+			mysql_warn "$mempressure not writable, functionality unavailable to MariaDB"
+		fi
+	fi
+}
+
+_mariadb_version() {
+        local mariaVersion="${MARIADB_VERSION##*:}"
+        mariaVersion="${mariaVersion%%[-+~]*}"
+	echo -n "${mariaVersion}-MariaDB"
+}
+
+# initializes the database directory
+docker_init_database_dir() {
+	mysql_note "Initializing database files"
+	installArgs=( --datadir="$DATADIR" --rpm --auth-root-authentication-method=normal )
+	# "Other options are passed to mysqld." (so we pass all "mysqld" arguments directly here)
+	mysql_install_db "${installArgs[@]}" "${@:2}" \
+		--skip-test-db \
+		--old-mode='UTF8_IS_UTF8MB3' \
+		--default-time-zone=SYSTEM --enforce-storage-engine= \
+		--skip-log-bin \
+		--expire-logs-days=0 \
+		--loose-innodb_buffer_pool_load_at_startup=0 \
+		--loose-innodb_buffer_pool_dump_at_shutdown=0
+	mysql_note "Database files initialized"
+}
+
+# Loads various settings that are used elsewhere in the script
+# This should be called after mysql_check_config, but before any other functions
+docker_setup_env() {
+	# Get config
+	declare -g DATADIR SOCKET PORT
+	DATADIR="$(mysql_get_config 'datadir' "$@")"
+	SOCKET="$(mysql_get_config 'socket' "$@")"
+	PORT="$(mysql_get_config 'port' "$@")"
+
+
+	# Initialize values that might be stored in a file
+	_mariadb_file_env 'MYSQL_ROOT_HOST' '%'
+	_mariadb_file_env 'MYSQL_DATABASE'
+	_mariadb_file_env 'MYSQL_USER'
+	_mariadb_file_env 'MYSQL_PASSWORD'
+	_mariadb_file_env 'MYSQL_ROOT_PASSWORD'
+	# No MYSQL_ compatibility needed for new variables
+	file_env 'MARIADB_PASSWORD_HASH'
+	file_env 'MARIADB_ROOT_PASSWORD_HASH'
+	# env variables related to replication
+	file_env 'MARIADB_REPLICATION_USER'
+	file_env 'MARIADB_REPLICATION_PASSWORD'
+	file_env 'MARIADB_REPLICATION_PASSWORD_HASH'
+	# env variables related to master
+	file_env 'MARIADB_MASTER_HOST'
+	file_env 'MARIADB_MASTER_PORT' 3306
+
+	# set MARIADB_ from MYSQL_ when it is unset and then make them the same value
+	: "${MARIADB_ALLOW_EMPTY_ROOT_PASSWORD:=${MYSQL_ALLOW_EMPTY_PASSWORD:-}}"
+	export MYSQL_ALLOW_EMPTY_PASSWORD="$MARIADB_ALLOW_EMPTY_ROOT_PASSWORD" MARIADB_ALLOW_EMPTY_ROOT_PASSWORD
+	: "${MARIADB_RANDOM_ROOT_PASSWORD:=${MYSQL_RANDOM_ROOT_PASSWORD:-}}"
+	export MYSQL_RANDOM_ROOT_PASSWORD="$MARIADB_RANDOM_ROOT_PASSWORD" MARIADB_RANDOM_ROOT_PASSWORD
+	: "${MARIADB_INITDB_SKIP_TZINFO:=${MYSQL_INITDB_SKIP_TZINFO:-}}"
+	export MYSQL_INITDB_SKIP_TZINFO="$MARIADB_INITDB_SKIP_TZINFO" MARIADB_INITDB_SKIP_TZINFO
+
+	declare -g DATABASE_ALREADY_EXISTS
+	if [ -d "$DATADIR/mysql" ]; then
+		DATABASE_ALREADY_EXISTS='true'
+	fi
+}
+
+# Execute the client, use via docker_process_sql to handle root password
+docker_exec_client() {
+	# args sent in can override this db, since they will be later in the command
+	if [ -n "$MYSQL_DATABASE" ]; then
+		set -- --database="$MYSQL_DATABASE" "$@"
+	fi
+	mysql --protocol=socket -uroot -hlocalhost --socket="${SOCKET}" "$@"
+}
+
+# Execute sql script, passed via stdin
+# usage: docker_process_sql [--dont-use-mysql-root-password] [mysql-cli-args]
+#    ie: docker_process_sql --database=mydb <<<'INSERT ...'
+#    ie: docker_process_sql --dont-use-mysql-root-password --database=mydb <my-file.sql
+docker_process_sql() {
+	if [ '--dont-use-mysql-root-password' = "$1" ]; then
+		shift
+		MYSQL_PWD='' docker_exec_client "$@"
+	else
+		MYSQL_PWD=$MARIADB_ROOT_PASSWORD docker_exec_client "$@"
+	fi
+}
+
+# SQL escape the string $1 to be placed in a string literal.
+# escape, \ followed by '
+docker_sql_escape_string_literal() {
+	local newline=$'\n'
+	local escaped=${1//\\/\\\\}
+	escaped="${escaped//$newline/\\n}"
+	echo "${escaped//\'/\\\'}"
+}
+
+# Creates replication user
+create_replica_user() {
+	if [ -n  "$MARIADB_REPLICATION_PASSWORD_HASH" ]; then
+		echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_REPLICATION_PASSWORD_HASH';"
+	else
+		# SQL escape the user password, \ followed by '
+		local userPasswordEscaped
+		userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
+		echo "CREATE USER '$MARIADB_REPLICATION_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
+	fi
+	echo "GRANT REPLICATION REPLICA ON *.* TO '$MARIADB_REPLICATION_USER'@'%';"
+}
+
+# Create healthcheck users
+create_healthcheck_users() {
+	local healthCheckGrant=USAGE
+	local healthCheckConnectPass
+	local healthCheckConnectPassEscaped
+	healthCheckConnectPass="$(pwgen --numerals --capitalize --symbols --remove-chars="=#'\\" -1 32)"
+	healthCheckConnectPassEscaped=$(docker_sql_escape_string_literal "${healthCheckConnectPass}")
+	if [ -n "$MARIADB_HEALTHCHECK_GRANTS" ]; then
+		healthCheckGrant="$MARIADB_HEALTHCHECK_GRANTS"
+	fi
+	for host in 127.0.0.1 ::1 localhost; do
+		echo "CREATE USER IF NOT EXISTS healthcheck@'$host' IDENTIFIED BY '$healthCheckConnectPassEscaped';"
+		# doing this so if the users exists, we're just setting the password, and not replacing the existing grants
+		echo "SET PASSWORD FOR healthcheck@'$host' = PASSWORD('$healthCheckConnectPassEscaped');"
+		echo "GRANT $healthCheckGrant ON *.* TO healthcheck@'$host';"
+	done
+	local maskPreserve
+	maskPreserve=$(umask -p)
+	umask 0077
+	echo -e "[mariadb-client]\\nport=$PORT\\nsocket=$SOCKET\\nuser=healthcheck\\npassword=$healthCheckConnectPass\\nprotocol=tcp\\n" > "$DATADIR"/.my-healthcheck.cnf
+	$maskPreserve
+}
+
+# Initializes database with timezone info and root password, plus optional extra db/user
+docker_setup_db() {
+	# Load timezone info into database
+	if [ -z "$MARIADB_INITDB_SKIP_TZINFO" ]; then
+		# --skip-write-binlog usefully disables binary logging
+		# but also outputs LOCK TABLES to improve the IO of
+		# Aria (MDEV-23326) for 10.4+.
+		mysql_tzinfo_to_sql --skip-write-binlog /usr/share/zoneinfo \
+			| docker_process_sql --dont-use-mysql-root-password --database=mysql
+		# tell docker_process_sql to not use MYSQL_ROOT_PASSWORD since it is not set yet
+	fi
+	# Generate random root password
+	if [ -n "$MARIADB_RANDOM_ROOT_PASSWORD" ]; then
+		MARIADB_ROOT_PASSWORD="$(pwgen --numerals --capitalize --symbols --remove-chars="'\\" -1 32)"
+		export MARIADB_ROOT_PASSWORD MYSQL_ROOT_PASSWORD=$MARIADB_ROOT_PASSWORD
+		mysql_note "GENERATED ROOT PASSWORD: $MARIADB_ROOT_PASSWORD"
+	fi
+
+	# Creates root users for non-localhost hosts
+	local rootCreate=
+	local rootPasswordEscaped=
+	if [ -n "$MARIADB_ROOT_PASSWORD" ]; then
+		# Sets root password and creates root users for non-localhost hosts
+		rootPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_ROOT_PASSWORD}")
+	fi
+
+	# default root to listen for connections from anywhere
+	if [ -n "$MARIADB_ROOT_HOST" ] && [ "$MARIADB_ROOT_HOST" != 'localhost' ]; then
+		# ref "read -d ''", no, we don't care if read finds a terminating character in this heredoc
+		# https://unix.stackexchange.com/questions/265149/why-is-set-o-errexit-breaking-this-read-heredoc-expression/265151#265151
+		if [ -n "$MARIADB_ROOT_PASSWORD_HASH" ]; then
+			read -r -d '' rootCreate <<-EOSQL || true
+				CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY PASSWORD '${MARIADB_ROOT_PASSWORD_HASH}' ;
+				GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
+				GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
+			EOSQL
+		else
+			read -r -d '' rootCreate <<-EOSQL || true
+				CREATE USER 'root'@'${MARIADB_ROOT_HOST}' IDENTIFIED BY '${rootPasswordEscaped}' ;
+				GRANT ALL ON *.* TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION ;
+				GRANT PROXY ON ''@'%' TO 'root'@'${MARIADB_ROOT_HOST}' WITH GRANT OPTION;
+			EOSQL
+		fi
+	fi
+
+	local mysqlAtLocalhost=
+	local mysqlAtLocalhostGrants=
+	# Install mysql@localhost user
+	if [ -n "$MARIADB_MYSQL_LOCALHOST_USER" ]; then
+		read -r -d '' mysqlAtLocalhost <<-EOSQL || true
+		CREATE USER mysql@localhost IDENTIFIED VIA unix_socket;
+		EOSQL
+		if [ -n "$MARIADB_MYSQL_LOCALHOST_GRANTS" ]; then
+			if [ "$MARIADB_MYSQL_LOCALHOST_GRANTS" != USAGE ]; then
+				mysql_warn "Excessive privileges ON *.* TO mysql@localhost facilitates risks to the confidentiality, integrity and availability of data stored"
+			fi
+			mysqlAtLocalhostGrants="GRANT ${MARIADB_MYSQL_LOCALHOST_GRANTS} ON *.* TO mysql@localhost;";
+		fi
+	fi
+
+	local createHealthCheckUsers
+	createHealthCheckUsers=$(create_healthcheck_users)
+
+	local rootLocalhostPass=
+	if [ -z "$MARIADB_ROOT_PASSWORD_HASH" ]; then
+		# handle MARIADB_ROOT_PASSWORD_HASH for root@localhost after /docker-entrypoint-initdb.d
+		rootLocalhostPass="SET PASSWORD FOR 'root'@'localhost'= PASSWORD('${rootPasswordEscaped}');"
+	fi
+
+	local createDatabase=
+	# Creates a custom database and user if specified
+	if [ -n "$MARIADB_DATABASE" ]; then
+		mysql_note "Creating database ${MARIADB_DATABASE}"
+		createDatabase="CREATE DATABASE IF NOT EXISTS \`$MARIADB_DATABASE\`;"
+	fi
+
+	local createUser=
+	local userGrants=
+	if  [ -n "$MARIADB_PASSWORD" ] || [ -n "$MARIADB_PASSWORD_HASH" ] && [ -n "$MARIADB_USER" ]; then
+		mysql_note "Creating user ${MARIADB_USER}"
+		if [ -n "$MARIADB_PASSWORD_HASH" ]; then
+			createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY PASSWORD '$MARIADB_PASSWORD_HASH';"
+		else
+			# SQL escape the user password, \ followed by '
+			local userPasswordEscaped
+			userPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_PASSWORD}")
+			createUser="CREATE USER '$MARIADB_USER'@'%' IDENTIFIED BY '$userPasswordEscaped';"
+		fi
+
+		if [ -n "$MARIADB_DATABASE" ]; then
+			mysql_note "Giving user ${MARIADB_USER} access to schema ${MARIADB_DATABASE}"
+			userGrants="GRANT ALL ON \`${MARIADB_DATABASE//_/\\_}\`.* TO '$MARIADB_USER'@'%';"
+		fi
+	fi
+
+	# To create replica user
+	local createReplicaUser=
+	local changeMasterTo=
+	local startReplica=
+	if  [ -n "$MARIADB_REPLICATION_USER" ] ; then
+		if [ -z "$MARIADB_MASTER_HOST" ]; then
+			# on master
+			mysql_note "Creating user ${MARIADB_REPLICATION_USER}"
+			createReplicaUser=$(create_replica_user)
+		else
+			# on replica
+			local rplPasswordEscaped
+			rplPasswordEscaped=$(docker_sql_escape_string_literal "${MARIADB_REPLICATION_PASSWORD}")
+			# SC cannot follow how MARIADB_MASTER_PORT is assigned a default value.
+			# shellcheck disable=SC2153
+			changeMasterTo="CHANGE MASTER TO MASTER_HOST='$MARIADB_MASTER_HOST', MASTER_USER='$MARIADB_REPLICATION_USER', MASTER_PASSWORD='$rplPasswordEscaped', MASTER_PORT=$MARIADB_MASTER_PORT, MASTER_CONNECT_RETRY=10;"
+			startReplica="START REPLICA;"
+		fi
+	fi
+
+	mysql_note "Securing system users (equivalent to running mysql_secure_installation)"
+	# tell docker_process_sql to not use MARIADB_ROOT_PASSWORD since it is just now being set
+	# --binary-mode to save us from the semi-mad users go out of their way to confuse the encoding.
+	docker_process_sql --dont-use-mysql-root-password --database=mysql --binary-mode <<-EOSQL
+		-- Securing system users shouldn't be replicated
+		SET @orig_sql_log_bin= @@SESSION.SQL_LOG_BIN;
+		SET @@SESSION.SQL_LOG_BIN=0;
+                -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
+		SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
+
+		DROP USER IF EXISTS root@'127.0.0.1', root@'::1';
+		EXECUTE IMMEDIATE CONCAT('DROP USER IF EXISTS root@\'', @@hostname,'\'');
+
+		${rootLocalhostPass}
+		${rootCreate}
+		${mysqlAtLocalhost}
+		${mysqlAtLocalhostGrants}
+		${createHealthCheckUsers}
+		-- end of securing system users, rest of init now...
+		SET @@SESSION.SQL_LOG_BIN=@orig_sql_log_bin;
+		-- create users/databases
+		${createDatabase}
+		${createUser}
+		${createReplicaUser}
+		${userGrants}
+
+		${changeMasterTo}
+		${startReplica}
+	EOSQL
+}
+
+# create a new installation
+docker_mariadb_init()
+{
+
+	# check dir permissions to reduce likelihood of half-initialized database
+	ls /docker-entrypoint-initdb.d/ > /dev/null
+
+	if [ -n "$DATABASE_INIT_FROM_BACKUP" ]; then
+		shopt -s dotglob
+		for file in /docker-entrypoint-initdb.d/*.tar{.gz,.xz,.zst}; do
+			mkdir -p "$DATADIR"/.init
+			tar --auto-compress --extract --file "$file" --directory="$DATADIR"/.init
+			mariadb-backup --target-dir="$DATADIR"/.init --datadir="$DATADIR"/.restore --move-back
+
+			mv "$DATADIR"/.restore/** "$DATADIR"/
+			if [ -f "$DATADIR/.init/backup-my.cnf" ]; then
+				mv "$DATADIR/.init/backup-my.cnf" "$DATADIR/.my.cnf"
+				mysql_note "Adding startup configuration:"
+				my_print_defaults --defaults-file="$DATADIR/.my.cnf" --mysqld
+			fi
+			rm -rf "$DATADIR"/.init "$DATADIR"/.restore
+			if [ "$(id -u)" = "0" ]; then
+				# this will cause less disk access than `chown -R`
+				find "$DATADIR" \! -user mysql -exec chown mysql: '{}' +
+			fi
+		done
+		if _check_if_upgrade_is_needed; then
+			docker_mariadb_upgrade "$@"
+		fi
+		return
+	fi
+	docker_init_database_dir "$@"
+
+	mysql_note "Starting temporary server"
+	docker_temp_server_start "$@"
+	mysql_note "Temporary server started."
+
+	docker_setup_db
+	docker_process_init_files /docker-entrypoint-initdb.d/*
+	# Wait until after /docker-entrypoint-initdb.d is performed before setting
+	# root@localhost password to a hash we don't know the password for.
+	if [ -n "${MARIADB_ROOT_PASSWORD_HASH}" ]; then
+		mysql_note "Setting root@localhost password hash"
+		docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
+			SET @@SESSION.SQL_LOG_BIN=0;
+			SET PASSWORD FOR 'root'@'localhost'= '${MARIADB_ROOT_PASSWORD_HASH}';
+		EOSQL
+	fi
+
+	mysql_note "Stopping temporary server"
+	docker_temp_server_stop
+	mysql_note "Temporary server stopped"
+
+	echo
+	mysql_note "MariaDB init process done. Ready for start up."
+	echo
+}
+
+# backup the mysql database
+docker_mariadb_backup_system()
+{
+	if [ -n "$MARIADB_DISABLE_UPGRADE_BACKUP" ] \
+		&& [ "$MARIADB_DISABLE_UPGRADE_BACKUP" = 1 ]; then
+		mysql_note "MariaDB upgrade backup disabled due to \$MARIADB_DISABLE_UPGRADE_BACKUP=1 setting"
+		return
+	fi
+	local backup_db="system_mysql_backup_unknown_version.sql.zst"
+	local oldfullversion="unknown_version"
+	if [ -r "$DATADIR"/mysql_upgrade_info ]; then
+		read -r -d '' oldfullversion < "$DATADIR"/mysql_upgrade_info || true
+		if [ -n "$oldfullversion" ]; then
+			backup_db="system_mysql_backup_${oldfullversion}.sql.zst"
+		fi
+	fi
+
+	mysql_note "Backing up system database to $backup_db"
+	if ! mysqldump --skip-lock-tables --replace --databases mysql --socket="${SOCKET}" | zstd > "${DATADIR}/${backup_db}"; then
+		mysql_error "Unable backup system database for upgrade from $oldfullversion."
+	fi
+	mysql_note "Backing up complete"
+}
+
+# perform mariadb-upgrade
+# backup the mysql database if this is a major upgrade
+docker_mariadb_upgrade() {
+	if [ -z "$MARIADB_AUTO_UPGRADE" ] \
+		|| [ "$MARIADB_AUTO_UPGRADE" = 0 ]; then
+		mysql_note "MariaDB upgrade (mysql_upgrade or creating healthcheck users) required, but skipped due to \$MARIADB_AUTO_UPGRADE setting"
+		return
+	fi
+	mysql_note "Starting temporary server"
+	docker_temp_server_start "$@" --skip-grant-tables \
+		--loose-innodb_buffer_pool_dump_at_shutdown=0 \
+		--skip-slave-start
+	mysql_note "Temporary server started."
+
+	docker_mariadb_backup_system
+
+	if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
+		mysql_note "Creating healthcheck users"
+		local createHealthCheckUsers
+		createHealthCheckUsers=$(create_healthcheck_users)
+		docker_process_sql --dont-use-mysql-root-password --binary-mode <<-EOSQL
+		-- Healthcheck users shouldn't be replicated
+		SET @@SESSION.SQL_LOG_BIN=0;
+                -- we need the SQL_MODE NO_BACKSLASH_ESCAPES mode to be clear for the password to be set
+		SET @@SESSION.SQL_MODE=REPLACE(@@SESSION.SQL_MODE, 'NO_BACKSLASH_ESCAPES', '');
+		FLUSH PRIVILEGES;
+		$createHealthCheckUsers
+EOSQL
+		mysql_note "Stopping temporary server"
+		docker_temp_server_stop
+		mysql_note "Temporary server stopped"
+
+		if _check_if_upgrade_is_needed; then
+			# need a restart as FLUSH PRIVILEGES isn't reversable
+			mysql_note "Restarting temporary server for upgrade"
+			docker_temp_server_start "$@" --skip-grant-tables \
+				--loose-innodb_buffer_pool_dump_at_shutdown=0 \
+				--skip-slave-start
+		else
+			return 0
+		fi
+	fi
+
+	mysql_note "Starting mariadb-upgrade"
+	mysql_upgrade --upgrade-system-tables
+	mysql_note "Finished mariadb-upgrade"
+
+	mysql_note "Stopping temporary server"
+	docker_temp_server_stop
+	mysql_note "Temporary server stopped"
+}
+
+
+_check_if_upgrade_is_needed() {
+	if [ ! -f "$DATADIR"/mysql_upgrade_info ]; then
+		mysql_note "MariaDB upgrade information missing, assuming required"
+		return 0
+	fi
+	local mariadbVersion
+	mariadbVersion="$(_mariadb_version)"
+	IFS='.-' read -ra newversion <<<"$mariadbVersion"
+	IFS='.-' read -ra oldversion < "$DATADIR"/mysql_upgrade_info || true
+
+	if [[ ${#newversion[@]} -lt 2 ]] || [[ ${#oldversion[@]} -lt 2 ]] \
+		|| [[ ${oldversion[0]} -lt ${newversion[0]} ]] \
+		|| [[ ${oldversion[0]} -eq ${newversion[0]} && ${oldversion[1]} -lt ${newversion[1]} ]]; then
+		return 0
+	fi
+	if [ ! -f "$DATADIR"/.my-healthcheck.cnf ]; then
+		mysql_note "MariaDB heathcheck configation file missing, assuming desirable"
+		return 0
+	fi
+	mysql_note "MariaDB upgrade not required"
+	return 1
+}
+
+# check arguments for an option that would cause mysqld to stop
+# return true if there is one
+_mysql_want_help() {
+	local arg
+	for arg; do
+		case "$arg" in
+			-'?'|--help|--print-defaults|-V|--version)
+				return 0
+				;;
+		esac
+	done
+	return 1
+}
+
+_main() {
+	# if command starts with an option, prepend mysqld
+	if [ "${1:0:1}" = '-' ]; then
+		set -- mysqld "$@"
+	fi
+
+	#ENDOFSUBSTITUTIONS
+	# skip setup if they aren't running mysqld or want an option that stops mysqld
+	if [ "$1" = 'mariadbd' ] || [ "$1" = 'mysqld' ] && ! _mysql_want_help "$@"; then
+		mysql_note "Entrypoint script for MariaDB Server ${MARIADB_VERSION} started."
+
+		mysql_check_config "$@"
+		# Load various environment variables
+		docker_setup_env "$@"
+		docker_create_db_directories
+
+		# If container is started as root user, restart as dedicated mysql user
+		if [ "$(id -u)" = "0" ]; then
+			mysql_note "Switching to dedicated user 'mysql'"
+			exec gosu mysql "${BASH_SOURCE[0]}" "$@"
+		fi
+
+		# there's no database, so it needs to be initialized
+		if [ -z "$DATABASE_ALREADY_EXISTS" ]; then
+			docker_verify_minimum_env
+
+			docker_mariadb_init "$@"
+		# MDEV-27636 mariadb_upgrade --check-if-upgrade-is-needed cannot be run offline
+		#elif mysql_upgrade --check-if-upgrade-is-needed; then
+		elif _check_if_upgrade_is_needed; then
+			docker_mariadb_upgrade "$@"
+		fi
+	fi
+	exec "$@"
+}
+
+# If we are sourced from elsewhere, don't perform any further actions
+if ! _is_sourced; then
+	_main "$@"
+fi
diff --git a/mariadb-image/mariadb-image.changes b/mariadb-image/mariadb-image.changes
new file mode 100644
index 000000000..66ec56b21
--- /dev/null
+++ b/mariadb-image/mariadb-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the MariaDB Server BCI
diff --git a/micro-image/README.md b/micro-image/README.md
new file mode 100644
index 000000000..5e274c5f9
--- /dev/null
+++ b/micro-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI Adaptable Linux Platform Micro Container image
+
+A micro environment for containers based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/micro-image/_service b/micro-image/_service
new file mode 100644
index 000000000..bd1abb02d
--- /dev/null
+++ b/micro-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/micro-image/config.sh b/micro-image/config.sh
new file mode 100644
index 000000000..9e94c6e0d
--- /dev/null
+++ b/micro-image/config.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2024 SUSE LLC
+
+set -euo pipefail
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+echo "Configure image: [$kiwi_iname]..."
+
+#============================================
+# Import repositories' keys if rpm is present
+#--------------------------------------------
+if command -v rpm > /dev/null; then
+    suseImportBuildKey
+fi
+
+
+
+
+#=======================================
+# Clean up after zypper if it is present
+#---------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean
+fi
+
+rm -rf /var/log/zypp
+
+exit 0
diff --git a/micro-image/micro-image.changes b/micro-image/micro-image.changes
new file mode 100644
index 000000000..b354efc92
--- /dev/null
+++ b/micro-image/micro-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Adaptable Linux Platform Micro BCI
diff --git a/micro-image/micro-image.kiwi b/micro-image/micro-image.kiwi
new file mode 100644
index 000000000..2088d2876
--- /dev/null
+++ b/micro-image/micro-image.kiwi
@@ -0,0 +1,68 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- SPDX-License-Identifier: MIT -->
+<!-- 
+    Copyright (c) 2024 SUSE LLC
+
+All modifications and additions to the file contributed by third parties
+remain the property of their copyright owners, unless otherwise agreed
+upon.
+
+The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+It is maintained by the BCI team and generated by
+https://github.com/SUSE/BCI-dockerfile-generator
+
+Please submit bugfixes or comments via https://bugs.opensuse.org/
+You can contact the BCI team via https://github.com/SUSE/bci/discussions
+-->
+<!-- OBS-AddTag: alp/bci/bci-micro:%OS_VERSION_ID_SP% alp/bci/bci-micro:%OS_VERSION_ID_SP%.%RELEASE% alp/bci/bci-micro:latest -->
+<!-- OBS-Imagerepo: obsrepositories:/ -->
+
+<image schemaversion="6.5" name="micro-image" xmlns:suse_label_helper="com.suse.label_helper">
+  <description type="system">
+    <author>SUSE LLC</author>
+    <contact>https://www.suse.com/</contact>
+    <specification>SLCI Project BCI Adaptable Linux Platform Micro Container Image</specification>
+  </description>
+  <preferences>
+    <type image="docker">
+      <containerconfig
+          name="alp/bci/bci-micro"
+          tag="%OS_VERSION_ID_SP%"
+          maintainer="SUSE LLC (https://www.suse.com/)"
+          additionaltags="%OS_VERSION_ID_SP%.%RELEASE%,latest">
+        <labels>
+          <suse_label_helper:add_prefix prefix="com.suse.slci.bci.micro">
+            <label name="org.opencontainers.image.title" value="SLCI Project BCI Adaptable Linux Platform Micro"/>
+            <label name="org.opencontainers.image.description" value="A micro environment for containers based on the SUSE Adaptable Linux Platform (ALP)."/>
+            <label name="org.opencontainers.image.version" value="%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.opencontainers.image.created" value="%BUILDTIME%"/>
+            <label name="org.opencontainers.image.vendor" value="SUSE LLC"/>
+            <label name="org.opencontainers.image.source" value="%SOURCEURL%"/>
+            <label name="org.opencontainers.image.url" value="https://susealp.io/"/>
+            <label name="io.artifacthub.package.readme-url" value="%SOURCEURL%/README.md"/>
+            <label name="org.opensuse.reference" value="registry.suse.com/alp/bci/bci-micro:%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.openbuildservice.disturl" value="%DISTURL%"/>
+            <label name="com.suse.supportlevel" value="l3"/>
+            <label name="com.suse.eula" value="sle-bci"/>
+            <label name="com.suse.release-stage" value="beta"/>
+            <label name="com.suse.lifecycle-url" value="https://www.suse.com/lifecycle"/>
+          </suse_label_helper:add_prefix>
+        </labels>
+      </containerconfig>
+    </type>
+    <version>2024</version>
+    <packagemanager>zypper</packagemanager>
+    <rpm-check-signatures>false</rpm-check-signatures>
+    <rpm-excludedocs>true</rpm-excludedocs>
+  </preferences>
+  <repository type="rpm-md">
+    <source path="obsrepositories:/"/>
+  </repository>
+  <packages type="bootstrap">
+    <package name="bash"/>
+    <package name="ca-certificates-mozilla-prebuilt"/>
+    <package name="coreutils"/>
+    <package name="ALP-dummy-release"/>
+  </packages>
+
+</image>
\ No newline at end of file
diff --git a/minimal-image/README.md b/minimal-image/README.md
new file mode 100644
index 000000000..d689c0f69
--- /dev/null
+++ b/minimal-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI Adaptable Linux Platform Minimal Container image
+
+Adaptable Linux Platform Minimal container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/minimal-image/_service b/minimal-image/_service
new file mode 100644
index 000000000..bd1abb02d
--- /dev/null
+++ b/minimal-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="kiwi_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/minimal-image/config.sh b/minimal-image/config.sh
new file mode 100644
index 000000000..a1c9543d2
--- /dev/null
+++ b/minimal-image/config.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+# SPDX-FileCopyrightText: (c) 2022-2024 SUSE LLC
+
+set -euo pipefail
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+echo "Configure image: [$kiwi_iname]..."
+
+#============================================
+# Import repositories' keys if rpm is present
+#--------------------------------------------
+if command -v rpm > /dev/null; then
+    suseImportBuildKey
+fi
+
+
+#==========================================
+# Remove compat-usrmerge-tools if installed
+#------------------------------------------
+if rpm -q compat-usrmerge-tools; then
+    rpm -e compat-usrmerge-tools
+fi
+
+
+#=======================================
+# Clean up after zypper if it is present
+#---------------------------------------
+if command -v zypper > /dev/null; then
+    zypper -n clean
+fi
+
+rm -rf /var/log/zypp
+
+exit 0
diff --git a/minimal-image/minimal-image.changes b/minimal-image/minimal-image.changes
new file mode 100644
index 000000000..72676b0f6
--- /dev/null
+++ b/minimal-image/minimal-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Adaptable Linux Platform Minimal BCI
diff --git a/minimal-image/minimal-image.kiwi b/minimal-image/minimal-image.kiwi
new file mode 100644
index 000000000..4121e8968
--- /dev/null
+++ b/minimal-image/minimal-image.kiwi
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- SPDX-License-Identifier: MIT -->
+<!-- 
+    Copyright (c) 2024 SUSE LLC
+
+All modifications and additions to the file contributed by third parties
+remain the property of their copyright owners, unless otherwise agreed
+upon.
+
+The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+It is maintained by the BCI team and generated by
+https://github.com/SUSE/BCI-dockerfile-generator
+
+Please submit bugfixes or comments via https://bugs.opensuse.org/
+You can contact the BCI team via https://github.com/SUSE/bci/discussions
+-->
+<!-- OBS-AddTag: alp/bci/bci-minimal:%OS_VERSION_ID_SP% alp/bci/bci-minimal:%OS_VERSION_ID_SP%.%RELEASE% alp/bci/bci-minimal:latest -->
+<!-- OBS-Imagerepo: obsrepositories:/ -->
+
+<image schemaversion="6.5" name="minimal-image" xmlns:suse_label_helper="com.suse.label_helper">
+  <description type="system">
+    <author>SUSE LLC</author>
+    <contact>https://www.suse.com/</contact>
+    <specification>SLCI Project BCI Adaptable Linux Platform Minimal Container Image</specification>
+  </description>
+  <preferences>
+    <type image="docker" derived_from="obsrepositories:/alp/bci/bci-micro#latest">
+      <containerconfig
+          name="alp/bci/bci-minimal"
+          tag="%OS_VERSION_ID_SP%"
+          maintainer="SUSE LLC (https://www.suse.com/)"
+          additionaltags="%OS_VERSION_ID_SP%.%RELEASE%,latest">
+        <labels>
+          <suse_label_helper:add_prefix prefix="com.suse.slci.bci.minimal">
+            <label name="org.opencontainers.image.title" value="SLCI Project BCI Adaptable Linux Platform Minimal"/>
+            <label name="org.opencontainers.image.description" value="Adaptable Linux Platform Minimal container based on the SUSE Adaptable Linux Platform (ALP)."/>
+            <label name="org.opencontainers.image.version" value="%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.opencontainers.image.created" value="%BUILDTIME%"/>
+            <label name="org.opencontainers.image.vendor" value="SUSE LLC"/>
+            <label name="org.opencontainers.image.source" value="%SOURCEURL%"/>
+            <label name="org.opencontainers.image.url" value="https://susealp.io/"/>
+            <label name="io.artifacthub.package.readme-url" value="%SOURCEURL%/README.md"/>
+            <label name="org.opensuse.reference" value="registry.suse.com/alp/bci/bci-minimal:%OS_VERSION_ID_SP%.%RELEASE%"/>
+            <label name="org.openbuildservice.disturl" value="%DISTURL%"/>
+            <label name="com.suse.supportlevel" value="l3"/>
+            <label name="com.suse.eula" value="sle-bci"/>
+            <label name="com.suse.release-stage" value="beta"/>
+            <label name="com.suse.lifecycle-url" value="https://www.suse.com/lifecycle"/>
+          </suse_label_helper:add_prefix>
+        </labels>
+      </containerconfig>
+    </type>
+    <version>2024</version>
+    <packagemanager>zypper</packagemanager>
+    <rpm-check-signatures>false</rpm-check-signatures>
+    <rpm-excludedocs>true</rpm-excludedocs>
+  </preferences>
+  <repository type="rpm-md">
+    <source path="obsrepositories:/"/>
+  </repository>
+  <packages type="delete">
+    <package name="grep"/>
+    <package name="diffutils"/>
+    <package name="info"/>
+    <package name="fillup"/>
+    <package name="libzio1"/>
+  </packages>
+  <packages type="bootstrap">
+    <package name="ALP-dummy-release"/>
+    <package name="rpm"/>
+  </packages>
+
+</image>
\ No newline at end of file
diff --git a/slci-kernel-module-devel-image/Dockerfile b/slci-kernel-module-devel-image/Dockerfile
new file mode 100644
index 000000000..cc9420269
--- /dev/null
+++ b/slci-kernel-module-devel-image/Dockerfile
@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: alp/bci/bci-slci-kernel-module-devel:%OS_VERSION_ID_SP%
+#!BuildTag: alp/bci/bci-slci-kernel-module-devel:%OS_VERSION_ID_SP%.%RELEASE%
+#!BuildTag: alp/bci/bci-slci-kernel-module-devel:latest
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.bci.slci-kernel-module-devel
+LABEL org.opencontainers.image.title="SLCI Project BCI SLCI Kernel Module Development"
+LABEL org.opencontainers.image.description="SLCI Kernel Module Development container based on the SUSE Adaptable Linux Platform (ALP)."
+LABEL org.opencontainers.image.version="%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL org.opensuse.reference="registry.suse.com/alp/bci/bci-slci-kernel-module-devel:%OS_VERSION_ID_SP%.%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+
+RUN set -euo pipefail; zypper -n in --no-recommends kernel-devel kernel-syms gcc kmod-compat make patch awk rpm-build ALP-dummy-release; zypper -n clean; rm -rf /var/log/*
diff --git a/slci-kernel-module-devel-image/README.md b/slci-kernel-module-devel-image/README.md
new file mode 100644
index 000000000..7b9c31ab8
--- /dev/null
+++ b/slci-kernel-module-devel-image/README.md
@@ -0,0 +1,3 @@
+# The SLCI Project BCI SLCI Kernel Module Development Container image
+
+SLCI Kernel Module Development container based on the SUSE Adaptable Linux Platform (ALP).
diff --git a/slci-kernel-module-devel-image/_constraints b/slci-kernel-module-devel-image/_constraints
new file mode 100644
index 000000000..6213041ce
--- /dev/null
+++ b/slci-kernel-module-devel-image/_constraints
@@ -0,0 +1,7 @@
+<constraints>
+  <hardware>
+    <disk>
+      <size unit="G">8</size>
+    </disk>
+  </hardware>
+</constraints>
diff --git a/slci-kernel-module-devel-image/_service b/slci-kernel-module-devel-image/_service
new file mode 100644
index 000000000..053a4f4f8
--- /dev/null
+++ b/slci-kernel-module-devel-image/_service
@@ -0,0 +1,4 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+</services>
\ No newline at end of file
diff --git a/slci-kernel-module-devel-image/slci-kernel-module-devel-image.changes b/slci-kernel-module-devel-image/slci-kernel-module-devel-image.changes
new file mode 100644
index 000000000..ee1e7a1a1
--- /dev/null
+++ b/slci-kernel-module-devel-image/slci-kernel-module-devel-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the SLCI Kernel Module Development BCI
diff --git a/tomcat-10-image/Dockerfile b/tomcat-10-image/Dockerfile
new file mode 100644
index 000000000..54ebbb6e0
--- /dev/null
+++ b/tomcat-10-image/Dockerfile
@@ -0,0 +1,65 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: suse/tomcat:10
+#!BuildTag: suse/tomcat:10-%RELEASE%
+#!BuildTag: suse/tomcat:%%tomcat_version%%
+#!BuildTag: suse/tomcat:%%tomcat_version%%-%RELEASE%
+#!BuildTag: suse/tomcat:%%tomcat_minor%%
+#!BuildTag: suse/tomcat:%%tomcat_minor%%-%RELEASE%
+#!BuildTag: suse/tomcat:latest
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.application.tomcat
+LABEL org.opencontainers.image.title="SLCI Project Apache Tomcat 10"
+LABEL org.opencontainers.image.description="Apache Tomcat 10 container based on the SUSE Adaptable Linux Platform (ALP)."
+LABEL org.opencontainers.image.version="10"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL io.artifacthub.package.logo-url="https://tomcat.apache.org/res/images/tomcat.png"
+LABEL org.opensuse.reference="registry.suse.com/suse/tomcat:10-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+
+RUN set -euo pipefail; zypper -n in --no-recommends tomcat10; zypper -n clean; rm -rf /var/log/*
+ENV TOMCAT_MAJOR="10"
+ENV TOMCAT_VERSION="%%tomcat_version%%"
+ENV CATALINA_HOME="/usr/share/tomcat"
+ENV CATALINA_BASE="/usr/share/tomcat"
+ENV PATH="/usr/share/tomcat/bin:$PATH"
+
+CMD ["/usr/libexec/tomcat/server", "start"]
+EXPOSE 8080
+RUN set -euo pipefail; mkdir -p /var/log/tomcat; chown --recursive tomcat:tomcat /var/log/tomcat;
+RUN set -euo pipefail; \
+    sed -i /etc/tomcat/logging.properties \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler|' \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler|' \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/host-manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler|'
+
+WORKDIR $CATALINA_HOME
+USER tomcat
diff --git a/tomcat-10-image/README.md b/tomcat-10-image/README.md
new file mode 100644
index 000000000..daf339016
--- /dev/null
+++ b/tomcat-10-image/README.md
@@ -0,0 +1,79 @@
+# Tomcat 10 Container Image
+​
+Apache Tomcat (Tomcat for short) is a free and open-source implementation of the
+Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. It
+provides a pure Java HTTP web server environment that can run Java code. It is a
+Java web application server and not a complete JEE application server.
+​
+​
+## How to use the image
+​
+By default, the image launches Tomcat with the same configuration as the one
+that comes with SUSE Linux Enterprise Server. The difference is that logging is
+sent to stdout, meaning that the `podman logs tomcat` command displays Tomcat
+logs.
+​
+For security reasons, the image runs as the **tomcat** user. This means that
+additional packages cannot be installed via `zypper`, unless the user becomes
+`root`.
+​
+To deploy an application, copy the `.war` file file into
+`$CATALINA_BASE/webapps` (either during a container build or by bind-mounting
+the directory), and launch the container using the following command:
+```ShellSession
+$ podman run -d --rm -p 8080:8080 registry.suse.com/suse/tomcat:10
+```
+​
+The deployed webapp is then accessible via `http://localhost:8080/$webapp_name`.
+​
+
+### How to use the image with rootless Podman
+
+The container image can be used in rootless mode with Podman. Keep in mind that
+Podman remaps the `tomcat` user in the container to a different user on the
+host. This user will not have write access to the mounted directory. To avoid
+permission issues change permissions of the shared directory to `0777` as
+follows:
+
+```ShellSession
+$ chmod 0777 /path/to/my/app
+$ podman run --rm -d -v /path/to/my/app:/usr/share/tomcat/webapps:z \
+      -p 8080:8080 registry.suse.com/suse/tomcat:10
+```
+​
+
+## Configuration
+​
+The main Tomcat configuration files (for example
+`/etc/tomcat/logging.properties`) are stored in `/etc/tomcat/`.
+​
+Tomcat's runtime options can be configured using the environment variables
+`JAVA_OPTS` and `CATALINA_OPTS`. `JAVA_OPTS` specifies general options used for
+the JVM, whereas `CATALINA_OPTS` specifies Tomcat's flags. You can pass the
+options to the container runtime using the `-e` flag:
+```ShellSession
+$ podman run -it --rm \
+      -e JAVA_OPTS="-Xmx1024m" \
+      -p 8080:8080 \
+      registry.suse.com/suse/tomcat:10
+```
+​
+The image ships with `CATALINA_HOME` set to `/usr/share/tomcat` and `CATALINA_BASE` set to
+`/usr/share/tomcat`.
+​
+​
+## Samples
+​
+By default, the sample applications shipped with Tomcat are not installed in
+the container image. You can obtain them by installing one of the following
+packages:
+- tomcat10-webapps
+- tomcat10-admin-webapps
+- tomcat10-docs-webapp
+
+
+## Upgrading from Tomcat 9
+​
+Tomcat 9 implements Java EE 8, and Tomcat 10 implements Jakarta
+EE 9. Before upgrading from version 9, consult the upstream migration guide:
+https://tomcat.apache.org/migration-10.html
diff --git a/tomcat-10-image/_service b/tomcat-10-image/_service
new file mode 100644
index 000000000..152ffcaa0
--- /dev/null
+++ b/tomcat-10-image/_service
@@ -0,0 +1,15 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%tomcat_version%%</param>
+    <param name="package">tomcat10</param>
+  </service>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%tomcat_minor%%</param>
+    <param name="package">tomcat10</param>
+    <param name="parse-version">minor</param>
+  </service>
+</services>
\ No newline at end of file
diff --git a/tomcat-10-image/tomcat-10-image.changes b/tomcat-10-image/tomcat-10-image.changes
new file mode 100644
index 000000000..a1b3dc59e
--- /dev/null
+++ b/tomcat-10-image/tomcat-10-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Apache Tomcat 10 BCI
diff --git a/tomcat-9-image/Dockerfile b/tomcat-9-image/Dockerfile
new file mode 100644
index 000000000..bb51da2fb
--- /dev/null
+++ b/tomcat-9-image/Dockerfile
@@ -0,0 +1,64 @@
+# SPDX-License-Identifier: MIT
+
+#     Copyright (c) 2024 SUSE LLC
+
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon.
+
+# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
+# It is maintained by the BCI team and generated by
+# https://github.com/SUSE/BCI-dockerfile-generator
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+# You can contact the BCI team via https://github.com/SUSE/bci/discussions
+
+
+#!BuildTag: suse/tomcat:9
+#!BuildTag: suse/tomcat:9-%RELEASE%
+#!BuildTag: suse/tomcat:%%tomcat_version%%
+#!BuildTag: suse/tomcat:%%tomcat_version%%-%RELEASE%
+#!BuildTag: suse/tomcat:%%tomcat_minor%%
+#!BuildTag: suse/tomcat:%%tomcat_minor%%-%RELEASE%
+
+FROM alp/bci/bci-base:latest
+
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.slci.application.tomcat
+LABEL org.opencontainers.image.title="SLCI Project Apache Tomcat 9"
+LABEL org.opencontainers.image.description="Apache Tomcat 9 container based on the SUSE Adaptable Linux Platform (ALP)."
+LABEL org.opencontainers.image.version="9"
+LABEL org.opencontainers.image.url="https://susealp.io/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opencontainers.image.source="%SOURCEURL%"
+LABEL io.artifacthub.package.readme-url="%SOURCEURL%/README.md"
+LABEL io.artifacthub.package.logo-url="https://tomcat.apache.org/res/images/tomcat.png"
+LABEL org.opensuse.reference="registry.suse.com/suse/tomcat:9-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="techpreview"
+LABEL com.suse.eula="sle-bci"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.release-stage="beta"
+# endlabelprefix
+
+RUN set -euo pipefail; zypper -n in --no-recommends tomcat; zypper -n clean; rm -rf /var/log/*
+ENV TOMCAT_MAJOR="9"
+ENV TOMCAT_VERSION="%%tomcat_version%%"
+ENV CATALINA_HOME="/usr/share/tomcat"
+ENV CATALINA_BASE="/usr/share/tomcat"
+ENV PATH="/usr/share/tomcat/bin:$PATH"
+
+CMD ["/usr/libexec/tomcat/server", "start"]
+EXPOSE 8080
+RUN set -euo pipefail; mkdir -p /var/log/tomcat; chown --recursive tomcat:tomcat /var/log/tomcat;
+RUN set -euo pipefail; \
+    sed -i /etc/tomcat/logging.properties \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = java.util.logging.ConsoleHandler|' \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = java.util.logging.ConsoleHandler|' \
+        -e 's|org\.apache\.catalina\.core\.ContainerBase\.\[Catalina\]\.\[localhost\]\.\[/host-manager\]\.handlers =.*|org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = java.util.logging.ConsoleHandler|'
+
+WORKDIR $CATALINA_HOME
+USER tomcat
diff --git a/tomcat-9-image/README.md b/tomcat-9-image/README.md
new file mode 100644
index 000000000..80126d516
--- /dev/null
+++ b/tomcat-9-image/README.md
@@ -0,0 +1,72 @@
+# Tomcat 9 Container Image
+​
+Apache Tomcat (Tomcat for short) is a free and open-source implementation of the
+Jakarta Servlet, Jakarta Expression Language, and WebSocket technologies. It
+provides a pure Java HTTP web server environment that can run Java code. It is a
+Java web application server and not a complete JEE application server.
+​
+​
+## How to use the image
+​
+By default, the image launches Tomcat with the same configuration as the one
+that comes with SUSE Linux Enterprise Server. The difference is that logging is
+sent to stdout, meaning that the `podman logs tomcat` command displays Tomcat
+logs.
+​
+For security reasons, the image runs as the **tomcat** user. This means that
+additional packages cannot be installed via `zypper`, unless the user becomes
+`root`.
+​
+To deploy an application, copy the `.war` file file into
+`$CATALINA_BASE/webapps` (either during a container build or by bind-mounting
+the directory), and launch the container using the following command:
+```ShellSession
+$ podman run -d --rm -p 8080:8080 registry.suse.com/suse/tomcat:9
+```
+​
+The deployed webapp is then accessible via `http://localhost:8080/$webapp_name`.
+​
+
+### How to use the image with rootless Podman
+
+The container image can be used in rootless mode with Podman. Keep in mind that
+Podman remaps the `tomcat` user in the container to a different user on the
+host. This user will not have write access to the mounted directory. To avoid
+permission issues change permissions of the shared directory to `0777` as
+follows:
+
+```ShellSession
+$ chmod 0777 /path/to/my/app
+$ podman run --rm -d -v /path/to/my/app:/usr/share/tomcat/webapps:z \
+      -p 8080:8080 registry.suse.com/suse/tomcat:9
+```
+​
+
+## Configuration
+​
+The main Tomcat configuration files (for example
+`/etc/tomcat/logging.properties`) are stored in `/etc/tomcat/`.
+​
+Tomcat's runtime options can be configured using the environment variables
+`JAVA_OPTS` and `CATALINA_OPTS`. `JAVA_OPTS` specifies general options used for
+the JVM, whereas `CATALINA_OPTS` specifies Tomcat's flags. You can pass the
+options to the container runtime using the `-e` flag:
+```ShellSession
+$ podman run -it --rm \
+      -e JAVA_OPTS="-Xmx1024m" \
+      -p 8080:8080 \
+      registry.suse.com/suse/tomcat:9
+```
+​
+The image ships with `CATALINA_HOME` set to `/usr/share/tomcat` and `CATALINA_BASE` set to
+`/usr/share/tomcat`.
+​
+​
+## Samples
+​
+By default, the sample applications shipped with Tomcat are not installed in
+the container image. You can obtain them by installing one of the following
+packages:
+- tomcat-webapps
+- tomcat-admin-webapps
+- tomcat-docs-webapp
diff --git a/tomcat-9-image/_service b/tomcat-9-image/_service
new file mode 100644
index 000000000..1706508bb
--- /dev/null
+++ b/tomcat-9-image/_service
@@ -0,0 +1,15 @@
+<services>
+  <service mode="buildtime" name="docker_label_helper"/>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%tomcat_version%%</param>
+    <param name="package">tomcat</param>
+  </service>
+  <service name="replace_using_package_version" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="regex">%%tomcat_minor%%</param>
+    <param name="package">tomcat</param>
+    <param name="parse-version">minor</param>
+  </service>
+</services>
\ No newline at end of file
diff --git a/tomcat-9-image/tomcat-9-image.changes b/tomcat-9-image/tomcat-9-image.changes
new file mode 100644
index 000000000..03dc08a8e
--- /dev/null
+++ b/tomcat-9-image/tomcat-9-image.changes
@@ -0,0 +1,4 @@
+-------------------------------------------------------------------
+Fri Mar 08 09:09:11 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
+
+- First version of the Apache Tomcat 9 BCI