Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: migrate to fully distroless ocm image #1087

Merged
merged 2 commits into from
Nov 28, 2024
Merged

feat: migrate to fully distroless ocm image #1087

merged 2 commits into from
Nov 28, 2024

Conversation

jakobmoellerdev
Copy link
Contributor

What this PR does / why we need it

Migrates to Distroless which has a few advantages over alpine:

  1. Smaller Base Image
  2. No Package Manager or Shell that could be used to exploit vulnerabilities
  3. Non-Root user by default

I also remove the latest check in alpine since it only fetched a tag anyhow and we should pin by digest

Which issue(s) this PR fixes

@jakobmoellerdev jakobmoellerdev marked this pull request as ready for review November 14, 2024 12:50
@jakobmoellerdev jakobmoellerdev requested a review from a team as a code owner November 14, 2024 12:50
@hilmarf hilmarf added this to the 2024-Q4 milestone Nov 14, 2024
@hilmarf
Copy link
Member

hilmarf commented Nov 14, 2024

What about: https://github.com/open-component-model/ocm/blob/main/Dockerfile ? Shouldn't we change that one as well?

@hilmarf hilmarf self-assigned this Nov 14, 2024
@hilmarf hilmarf self-requested a review November 14, 2024 13:44
@jakobmoellerdev
Copy link
Contributor Author

In addition to this PR, longterm I want to completely get rid of the component based dockerfile and switch to a central one so that everyone can use docker build instead of 2 dockerfiles that differ in the build process. But I want to split this into a separate one, so for now, this should suffice

frewilhelm
frewilhelm reviewed Nov 15, 2024
View reviewed changes
Dockerfile Outdated Show resolved Hide resolved
Dockerfile Show resolved Hide resolved
components/ocmcli/Dockerfile Outdated Show resolved Hide resolved
@frewilhelm
Copy link
Contributor

Please adjust COPY go.mod go.sum *.go VERSION ./ to COPY go.mod go.sum ./ in ./Dockerfile

frewilhelm
frewilhelm reviewed Nov 15, 2024
View reviewed changes
Copy link
Contributor

@frewilhelm frewilhelm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall the changes lgtm. However, we should discuss component/ocmcli/Makefile and its Dockerfile (as you already proposed).

@jakobmoellerdev jakobmoellerdev added the do-not-merge Do not merge this PR yet! label Nov 15, 2024
@jakobmoellerdev
Copy link
Contributor Author

not to be merged until @hilmarf explicitly approves due to cross dependency to piper step

@hilmarf hilmarf enabled auto-merge (squash) November 28, 2024 09:00
@github-actions github-actions bot added kind/feature new feature, enhancement, improvement, extension component/ocm-cli OCM Command Line Interface labels Nov 28, 2024
@hilmarf hilmarf added kind/chore chore, maintenance, etc. and removed kind/feature new feature, enhancement, improvement, extension component/ocm-cli OCM Command Line Interface do-not-merge Do not merge this PR yet! labels Nov 28, 2024
@github-actions github-actions bot added the size/s Small label Nov 28, 2024
@hilmarf hilmarf added component/ocm-cli OCM Command Line Interface area/security Security relevant labels Nov 28, 2024
@hilmarf hilmarf merged commit b394c38 into open-component-model:main Nov 28, 2024
19 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frewilhelm frewilhelm frewilhelm approved these changes

@hilmarf hilmarf Awaiting requested review from hilmarf

Assignees

@hilmarf hilmarf

Labels
area/security Security relevant component/ocm-cli OCM Command Line Interface kind/chore chore, maintenance, etc. size/s Small
Projects
OCM Backlog Board
Status: 🔒Closed
Milestone
2024-Q4
Development

Successfully merging this pull request may close these issues.
3 participants
@jakobmoellerdev @hilmarf @frewilhelm