Skip to content

opm: build fully static opm binaries/images #778

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 14, 2021
Merged

opm: build fully static opm binaries/images #778

merged 1 commit into from
Sep 14, 2021

Conversation

@joelanford
Copy link
Member

@joelanford joelanford commented Sep 14, 2021

Description of the change:
We typically compile opm with --ldflags=-extldflags=-static, but that was missed when transposing the Makefile into the opm image's goreleaser configuration.

This PR adds that flag to goreleaser builds and updates the base image of quay.io/operator-framework/opm from gcr.io/distroless/base:debug to gcr.io/distroless/static:debug

Motivation for the change:
Fix an issue with opm binary builds, decrease the size of the opm image, and decrease the surface area for vulnerabilities.

Closes #777

Reviewer Checklist

  • Implementation matches the proposed design, or proposal is updated to match implementation
  • Sufficient unit test coverage
  • Sufficient end-to-end test coverage
  • Docs updated or added to /docs
  • Commit messages sensible and descriptive

@openshift-ci openshift-ci bot requested a review from estroz September 14, 2021 13:21
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Sep 14, 2021

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: joelanford

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot requested a review from jmrodri September 14, 2021 13:21
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 14, 2021
@joelanford
use static distroless image instead of base
2ab3160 
Signed-off-by: Joe Lanford <joe.lanford@gmail.com>
@joelanford joelanford mentioned this pull request Sep 14, 2021
Closed
@codecov
Copy link

codecov bot commented Sep 14, 2021
edited
Loading

Codecov Report

Merging #778 (12607d2) into master (a3253eb) will not change coverage.
The diff coverage is n/a.

❗ Current head 12607d2 differs from pull request most recent head 2ab3160. Consider uploading reports for the commit 2ab3160 to get more accurate results
Impacted file tree graph

@@           Coverage Diff           @@
##           master     #778   +/-   ##
=======================================
  Coverage   50.90%   50.90%           
=======================================
  Files         102      102           
  Lines        8753     8753           
=======================================
  Hits         4456     4456           
  Misses       3458     3458           
  Partials      839      839

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a3253eb...2ab3160. Read the comment docs.

@timflannagan
Copy link
Member

timflannagan commented Sep 14, 2021

/lgtm

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 14, 2021
@openshift-merge-robot openshift-merge-robot merged commit 195bc03 into operator-framework:master Sep 14, 2021
@joelanford joelanford deleted the image-static branch November 16, 2021 21:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@estroz estroz Awaiting requested review from estroz

@jmrodri jmrodri Awaiting requested review from jmrodri

Assignees

@timflannagan timflannagan

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Index base image contains several CVEs

3 participants

@joelanford @timflannagan @openshift-merge-robot