-
Notifications
You must be signed in to change notification settings - Fork 762
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ci: remove dockerfile buildplatform #3491
ci: remove dockerfile buildplatform #3491
Conversation
Signed-off-by: Sertac Ozercan <sozercan@gmail.com>
2487fe8
to
3d63a86
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #3491 +/- ##
==========================================
- Coverage 54.49% 48.03% -6.46%
==========================================
Files 134 218 +84
Lines 12329 15167 +2838
==========================================
+ Hits 6719 7286 +567
- Misses 5116 7067 +1951
- Partials 494 814 +320
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
@@ -24,7 +18,7 @@ COPY . . | |||
|
|||
RUN go build -mod vendor -a -ldflags "${LDFLAGS}" -o manager | |||
|
|||
FROM $BASEIMAGE | |||
FROM gcr.io/distroless/static-debian12@sha256:8dd8d3ca2cf283383304fd45a5c9c74d5f2cd9da8d3b077d720e264880077c65 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we not need to keep this so users can override the base image they want to use?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure if anyone other than us building GK is actually using it like that but this decreases our reproducibility and security since we can't pin (or we can pin but dependabot won't update)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if anyone is building like that they can still do with buildkit source policies, which is a better way to handle these https://docs.docker.com/build/building/variables/#experimental_buildkit_source_policy
ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot" | ||
|
||
FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder | ||
FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same with the BUILDERIMAGE
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same answer
ARG BASEIMAGE="gcr.io/distroless/static-debian12:nonroot" | ||
|
||
FROM --platform=$BUILDPLATFORM $BUILDERIMAGE AS builder | ||
FROM --platform=$BUILDPLATFORM golang:1.22-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 AS builder |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If we are adding static hashes, do we have some mechanism for making sure we are keeping the base images up-to-date?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these will be updated automatically with dependabot
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
What this PR does / why we need it:
BUILDPLATFORM
default. this makes arm64 builds to be compiled with an amd64 go compilerWhich issue(s) this PR fixes (optional, using
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when the PR gets merged):Fixes #
Special notes for your reviewer: