Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Warn if NOT --pull-policy=always in container #31

Merged
merged 2 commits into from
Jul 11, 2024

Conversation

natalieparellano
Copy link
Member

@natalieparellano natalieparellano requested review from a team as code owners May 2, 2024 15:05
@natalieparellano natalieparellano changed the base branch from main to security-fixes May 2, 2024 15:06
@natalieparellano natalieparellano changed the title Fix/warn container daemon Warn if NOT --pull-policy=always in container May 2, 2024
@natalieparellano natalieparellano changed the base branch from security-fixes to main May 2, 2024 17:43
Copy link
Member

@jjbustamante jjbustamante left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This one it is ok for me, my only doubt was importing the whole kaniko dependency when the code we are using to determine if we are running in a container environment is based on checking the existence of files.

I know this could be weird, but what happen if we just copy their logic?, I do not think many new container environment appears everyday.

@natalieparellano
Copy link
Member Author

my only doubt was importing the whole kaniko dependency

Fair, but we're already having to keep our deps in sync with kaniko because of our dependency on the lifecycle (see buildpacks/pack#1574). As we're only pulling in a relatively small package, it doesn't bother me too much (and I'd like to avoid having to maintain more things). But, happy to reevaluate if there are strong feelings about it.

@natalieparellano natalieparellano changed the base branch from main to security-review July 10, 2024 14:21
@natalieparellano natalieparellano deleted the branch main July 10, 2024 14:45
@natalieparellano natalieparellano changed the base branch from security-review to main July 10, 2024 14:49
Signed-off-by: Natalie Arellano <narellano@vmware.com>
@natalieparellano natalieparellano force-pushed the fix/warn-container-daemon branch from b5c52fc to 456342b Compare July 10, 2024 14:57
@natalieparellano natalieparellano merged commit 72ffc75 into main Jul 11, 2024
11 of 13 checks passed
@natalieparellano natalieparellano deleted the fix/warn-container-daemon branch July 11, 2024 13:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security review: warn if NOT --pull-policy=always in container
2 participants