Examples

Container provisioning

A container-backed repo that provisions a missing tool inside the container before setup runs.

copynew usersbasicstable2026-05-30

Typical signals

  • contract declares a missing tool and a container backend
  • org policy approves apt as the provisioning source
  • persistent container keeps the install available for setup

Why it matters

  • it turns a repo pattern into something humans, CI, and agents can read the same way
  • it makes the next command obvious instead of implied by README drift
  • it keeps readiness, setup, and execution explainable in receipts and diagnostics

Example contract

Use this when you want ota to make the container ready instead of asking every developer machine to carry the setup cost.

The example mirrors the real fixture: the repo asks for pv, policy approves apt, and the container gets the missing tool before setup runs.

The result is a cleaner first run, a reproducible install path, and one contract that works for local container work and CI.

ota.yamlyaml
version: 1project:  name: container-apt-probeexecution:  preferred: container  lifecycle: persistent  backends:    container:      image: rust:1.94-bookworm      engines:        - dockertools:  pv: "1.6.20-1"tasks:  setup:    internal: true    run: pv --version > prepared.txt
.ota/org-policy.yamlyaml
policies:  provisioning:    pv:      source: apt      package: pv      approved_versions:        - "1.6.20-1"

Task notes

What you get: new contributors can run the repo without installing the missing tool first. The approved source stays visible in policy instead of hidden in a script. The same contract works in CI and local container execution.

Why this matters: the container carries the setup cost, the repo stays honest about what it needs, and policy keeps the source approved and reviewable.