ci: remove dockerfile buildplatform #3491
Conversation
Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
sozercan
force-pushed
the
remove-buildplatform
branch
from
2487fe8
to
3d63a86
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3491 +/- ##
==========================================
- Coverage 54.49% 48.03% -6.46%
==========================================
Files 134 218 +84
Lines 12329 15167 +2838
==========================================
+ Hits 6719 7286 +567
- Misses 5116 7067 +1951
- Partials 494 814 +320
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
| @@ -24,7 +18,7 @@ COPY . . | |||
|
|
|||
| RUN go build -mod vendor -a -ldflags "${LDFLAGS}" -o manager | |||
|
|
|||
| FROM $BASEIMAGE | |||
| FROM gcr.io/distroless/static-debian12@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65 | |||
There was a problem hiding this comment.
do we not need to keep this so users can override the base image they want to use?
There was a problem hiding this comment.
not sure if anyone other than us building GK is actually using it like that but this decreases our reproducibility and security since we can't pin (or we can pin but dependabot won't update)
There was a problem hiding this comment.
if anyone is building like that they can still do with buildkit source policies, which is a better way to handle these https://docs.docker.com/build/building/variables/#experimental_buildkit_source_policy
| ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot" | ||
|
|
||
| FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder | ||
| FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder |
| ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot" | ||
|
|
||
| FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder | ||
| FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder |
There was a problem hiding this comment.
If we are adding static hashes, do we have some mechanism for making sure we are keeping the base images up-to-date?
There was a problem hiding this comment.
these will be updated automatically with dependabot
What this PR does / why we need it:
BUILDPLATFORMdefault. this makes arm64 builds to be compiled with an amd64 go compilerWhich issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: