-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Action build-registry-server failing #1196
Comments
This issue is created by an incompatibility between our build and release container images. We use golang:1.20 as our builder image as our As of go1.20.5 (released a few days ago), this image is being built from the newly released Debian 12 image. We use gcr.io/distroless/base:latest as our release image, which is still being built on Debian 11. Note: There is an issue to upgrade this to Debian 12. We copy binaries from the build to the release container, but these are incompatible which causes the command A quick fix for now would be to tie our build to go 1.20.4 - which was built on Debian 11. Note: As distroless intentionally excludes all the binaries for security, if possible we should rethink copying them from the build container. |
Do you have a recommendation for what we might do if we didn't copy binaries from the build container? |
If we simply remove the extraneous binaries from our release, the build works but leaves us with a binary that gets the following errors when running in the container:
This is because we build with
Then when distroless/base is updated, we should be able to unpeg the go version. |
Another option is to use the distroless images from Chainguard here: cgr.dev/chainguard/glibc-dynamic. These work correctly with the updated glibc in bookworm, and are more flexible than original distroless images. I'd be happy to help! I wouldn't recommend staying on go 1.20.4 - there are several severe CVEs patched in 1.20.5: https://go.dev/doc/devel/release#go1.20 |
Thanks, @dlorenc, good point on the issues. Another option is mentioned on distroless here: GoogleContainerTools/distroless#1342. I've verified that both your suggestion and using |
Sounds good! Let me know if we can help at all. |
https://github.com/apigee/registry/actions/runs/5273705838/jobs/9537430024
The text was updated successfully, but these errors were encountered: