-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Publish container image #38
Comments
I'm a little unclear on how component detection will be used in this scenario. Is the expectation that:
FROM component-detection:latest
# do normal build stuff
RUN component-detection scan --SourceDirectory ...
docker run --rm -v $(pwd):/scan component-detection:latest ...
|
The scenario I had in mind was your 2nd one: users will mount their scan directory in the container. |
@JamieMagee Since the detectors have dependency on various language runtimes IMHO using bullseye-slim would be much simpler as installation of these is easy. On alpine, for eg there's no way to install golang without compiling it AFAIK. Should I make a PR with an image based on this ? It'll have all the major runtimes installed + tool ofc. |
@sbs2001 I'd actually been looking at this last month but didn't open a PR for it. If I get it to PR would you be up for reviewing it? Here's what I have so far |
@JamieMagee I've posted a review comment on the PR. |
To make Component Detection easier to consume and use, we should start publishing container images.
Two open questions are:
1. What should we use as a base image?
For our base image, we can use a one of dotnet's runtime-deps images1 once #37 is merged. These images don't have any dotnet runtime installed, which makes them a lot smaller than the standard runtime images.
These are currently the .NET Core 3.1 tags available:
Tags
3.1
3.1-alpine
3.1-alpine-arm64v8
3.1-alpine3.12
3.1-alpine3.12-arm64v8
3.1-alpine3.13
3.1-alpine3.13-arm64v8
3.1-alpine3.14
3.1-alpine3.14-arm64v8
3.1-bionic
3.1-bionic-arm32v7
3.1-bionic-arm64v8
3.1-bullseye-slim
3.1-bullseye-slim-arm32v7
3.1-bullseye-slim-arm64v8
3.1-buster-slim
3.1-buster-slim-arm32v7
3.1-buster-slim-arm64v8
3.1-cbl-mariner1.0
3.1-focal
3.1-focal-arm32v7
3.1-focal-arm64v8
For simplicity, we may want to use
3.1-bullseye-slim
, but3.1-cbl-mariner1.0
and3.1-alpine3.14
may also be considered2. Where should we publish our image?
We should push to the Microsoft Container Registry2, but we might also want to push to the GitHub Container Registry as well.
Footnotes
https://github.com/dotnet/dotnet-docker/tree/main/src/runtime-deps/3.1 ↩
https://github.com/microsoft/containerregistry ↩
The text was updated successfully, but these errors were encountered: