You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Introduce a new subcommand something like resolve-chainguard or resolve --chainguard for dockerfile command. It should take Dockerfiles as input and rewrites all the container images with cgr.dev/chainguard/$PACKAGE corresponding.
If package is not exists, we can keep it as-i. Moroever, ask for a prompt like: "Package X not exist, do you want to file an package request proposal on Wolfi?`.
Motivation
Encourge the end users to use Wolfi/Chainguard images and spray the aweraness of those images around with the community.
Algorithm
Implement new subcommand
Aggregate all image indexes from sources
Traverse entire Dockerfile
3.1. Check if current image is exist on source
3.1.1. Check if image version/digest pinned
3.1.1.1. Check If specific tag exist on source
3.1.1.2. Continue if not exist
3.2. Replace the image
3.3. Otherwise, keep it as-is
Write new Dockerfile
Source of Truth
To get all available chainguard images, we need some source of truth:
What if image pinned with its version/digest and that specific version of package is not exist on source? Should we respect only latest tags for this concern?
Is cosign right place to implement this? (Since its already widely adopted by open-source projecs) Would wolfictl be more suitable?
Waiting your thoughts!
The text was updated successfully, but these errors were encountered:
Dentrax
changed the title
cmd: dockerfile: resolve: replace all images with chainguard's (Wolfi) - (if possible)
cmd: dockerfile: resolve: replace all images with Chainguard's (Wolfi) - (if possible)
Jan 13, 2023
I don't think Cosign should be opinionated on base image preferences. If you wanted to implement a replace-all-references function, it should be implemented such that you take a path to the image you want, rather than hardcode a preference.
Description
Introduce a new subcommand something like
resolve-chainguard
orresolve --chainguard
fordockerfile
command. It should take Dockerfiles as input and rewrites all the container images withcgr.dev/chainguard/$PACKAGE
corresponding.If package is not exists, we can keep it as-i. Moroever, ask for a prompt like: "Package X not exist, do you want to file an package request proposal on Wolfi?`.
Motivation
Encourge the end users to use Wolfi/Chainguard images and spray the aweraness of those images around with the community.
Algorithm
3.1. Check if current image is exist on source
3.1.1. Check if image version/digest pinned
3.1.1.1. Check If specific tag exist on source
3.1.1.2. Continue if not exist
3.2. Replace the image
3.3. Otherwise, keep it as-is
Source of Truth
To get all available chainguard images, we need some source of truth:
Related Work
The idea is similar to PR: dockerfile/resolve, the command actually rewrites all the images to pin their digest. /cc @developer-guy
Open Questions
latest
tags for this concern?Waiting your thoughts!
The text was updated successfully, but these errors were encountered: