Skip to content

RealHarshThakur/dagger-builpack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

17 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dagger buildpack pipeline

Dagger-buildpack utilises couple open-source projects to build image from source code, generate SBOM(Software Bill of Materials) and scan the image for vulnerabilities.

You may find this useful if:

  • You want to build container images from source code
  • You don't want to rely on Docker
  • You don't want to create a Buildkit frontend
  • You want to provide a remote container build service

Open source projects it relies on:

Stack

  • Why Buildkit? Buildkit has been battle-tested by Netflix and dominates container build eco-system(directly/indirectly). It is possible to horizontally scale it as required while sharing cache.

  • Why Buildpacks? Buildpack is de-facto standard to go from code to image. It makes it easy to manage a fleet of application images. This project relies on buildpack spec alone and doesn't use Pack library/clients for builds as they're tied to Docker client as of today.

  • Why Dagger? Before Dagger, way to interact with Buildkit was via buildkit frontend or by making API calls. Both of which require understanding of how Buildkit works. I looked at Dagger as a user-friendly wrapper over Buildkit API.

  • Syft/Grype: They're just amazing tools at what they do. I didn't consider other ones but let me know if you would like to use other tools to generate SBOM/Vulnerabiltiy reports.

Example:

Run the following command:

dagger-buildpack -g https://github.com/RealHarshThakur/sample-golang 

It will push the image to ttl.sh, produce sbom.json and vuln.json in artifacts directory

If you have a remote buildkit hosted, you can export BUILDKIT_HOST"="tcp://<ip address> for image builds to be done remotely.

Notable links

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages