-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dev variants for base images #187
Comments
The PHP image has We should agree on |
Hi, just a drive by comment to mention that the OPA project would like to make use of this for the We'd like to move to a debug image which doesn't contain OpenSSL. |
any objections to using 'dev' since we've already started down that road? |
(Not from us!) |
Hi all, any update on this one? |
Working on it as we speak, don't have a timeline yet. I want to standardise all tags at the same time. |
Thanks for the update @amouat and for your work on this, keep us posted! |
We've now published a best practice guide, which includes creating "dev" variants. The next step is to apply the practices to all of our images. https://github.com/chainguard-images/images/blob/main/BEST_PRACTICES.md |
That sounds ideal 👍 thanks for sharing! |
We're going to try and auto-generate debug variants once the apko versions of 'build options' is available. chainguard-dev/melange#297 |
couple of notes about what the overrides should be: add deps:
set user: root (this is probably worth discussing) |
This PR , should enable us to generate dev variants for our images. |
Thanks for the updates Patrick! This is looking great so far 🙂 |
So we now have this file which defines a dev variant to apply wherever we want to: https://github.com/chainguard-images/images/blob/main/globals.yaml My remaining questions are:
|
I'm not sure about including a dev for all images but maybe yes? @amouat thoughts? |
and yes to user root for dev variants. @amouat again to confirm. |
marking as done for now. if we need to modify the global dev options (root user, etc.) its a simple change. or if we need to add a dev variant to another image, simple change |
Hey, would it be better to open another issue for the adding of a dev variant for the |
@charlieegan3 - sorry we didnt get that one before. Patrick just added it in #367. Try this image:
If there are any issues with using it, or require another dev variant, please open another issue. Thank you! |
Amazing, thanks! 😊 |
Just realised that we also need a -dev variant for static but I can open a PR for that 😊 |
This completes the work started in #5540 Fixes #5544 We can't use distroless since they don't have a nossl cc image: GoogleContainerTools/distroless#1210 Chainguard have added this (-dev rather than :debug) to their image collection: chainguard-images/images#187 Following advice here, using their busybox is the best replacement for `gcr.io/distroless/static:debug` chainguard-images/images#368 (comment) Signed-off-by: Charlie Egan <charlie@styra.com>
switch enterprise secdeb feed to combine OSS advisories from new repo…
We should include -debug variants for our base images (static, cc, glibc-dynamic) etc. These would be the same as normal but then have a shell!
The text was updated successfully, but these errors were encountered: