Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat[ASM-11561]- CI and Security: run docker as non root and import build #11

Open
wants to merge 5 commits into
base: main
Choose a base branch
from

Conversation

dan-akeyless
Copy link

No description provided.

Comment on lines +20 to +25
ifeq ($(VERSION), 0.0.0)
@echo can only push image if version is set
exit 1
endif
docker push $(IMAGE_NAME):$(TAG)

Copy link

@OriBenHur-akeyless OriBenHur-akeyless Jul 16, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's a bit confusing on the one end you set the tag to be latest if the version is not set but here you block pushing if it's not set, which one is it?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you want to always be able to build
but only be able to push if a version is set (if and only if the version is validated)

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To clarify we won't be releasing this docker with the latest tag?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No this is strictly for local use. Pushing automatically latest tags sounds like a bad idea and should by handled by the CI.
If someone wants to push lastest then he should tag as latest and then push.
That being said, some artifactories automatically add the latest tag

@@ -4,13 +4,10 @@ go 1.21

toolchain go1.21.5

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would consider using go1.22.5

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

out of scope

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants