Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: harden image using apko and wolfi #2697

Merged
merged 4 commits into from
Oct 8, 2024
Merged

feat: harden image using apko and wolfi #2697

merged 4 commits into from
Oct 8, 2024

Conversation

krancour
Copy link
Member

@krancour krancour commented Oct 8, 2024
edited
Loading

Fixes #2400

This PR applies a hardening strategy previously put to the test on Kargo Render in akuity/kargo-render#297

When building with make hack-build or via the official Actions-based CI/release processes, this will build a distroless base image using apko + wolfi and then load that into Docker and than layer the rest of Kargo on top of that. I've verified it works identically to the old image.

I've also verified that changes to the Dockerfile do not disrupt our Tilt-based development workflow.

Edit: I've just realized this will break #2413. Draft until fixed.

@krancour krancour added this to the v1.0.0 milestone Oct 8, 2024
@krancour krancour self-assigned this Oct 8, 2024
@krancour krancour requested a review from a team as a code owner October 8, 2024 17:40
@krancour krancour changed the title harden image using apko and wolfi feat: harden image using apko and wolfi Oct 8, 2024
@netlify Netlify
Copy link

netlify bot commented Oct 8, 2024
edited
Loading

Deploy Preview for docs-kargo-akuity-io ready!

Name Link
🔨 Latest commit 2ebcab9
🔍 Latest deploy log https://app.netlify.com/sites/docs-kargo-akuity-io/deploys/67059819dcc4c60008bdf41d
😎 Deploy Preview https://deploy-preview-2697.kargo.akuity.io
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@netlify Netlify
Copy link

netlify bot commented Oct 8, 2024
edited
Loading

Deploy Preview for docs-kargo-io ready!

Name Link
🔨 Latest commit 2ebcab9
🔍 Latest deploy log https://app.netlify.com/sites/docs-kargo-io/deploys/67059819a74a500007611a5e
😎 Deploy Preview https://deploy-preview-2697--docs-kargo-io.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@codecov Codecov
Copy link

codecov bot commented Oct 8, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 51.08%. Comparing base (218bd0d) to head (2ebcab9).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #2697   +/-   ##
=======================================
  Coverage   51.08%   51.08%           
=======================================
  Files         282      282           
  Lines       21125    21125           
=======================================
  Hits        10791    10791           
  Misses       9651     9651           
  Partials      683      683

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@hiddeco hiddeco self-requested a review October 8, 2024 17:52
@krancour krancour force-pushed the krancour/harden branch 2 times, most recently from 344a560 to bc82c92 Compare October 8, 2024 18:09
hiddeco
hiddeco reviewed Oct 8, 2024
View reviewed changes
Makefile Outdated Show resolved Hide resolved
@krancour @hiddeco
Update Makefile
b3b4a1a 
Signed-off-by: Kent Rancourt <[email protected]>

Co-authored-by: Hidde Beydals <[email protected]>
@krancour krancour enabled auto-merge October 8, 2024 18:39
@krancour krancour marked this pull request as draft October 8, 2024 18:44
auto-merge was automatically disabled October 8, 2024 18:44

Pull request was converted to draft

@krancour
apply @hiddeco feedback
2ebcab9 
Signed-off-by: Kent Rancourt <[email protected]>
@krancour krancour marked this pull request as ready for review October 8, 2024 20:38
@krancour krancour enabled auto-merge October 8, 2024 20:38
@krancour krancour disabled auto-merge October 8, 2024 20:40
@krancour
Copy link
Member Author

krancour commented Oct 8, 2024

This can be merged after #2694.

@krancour krancour added this pull request to the merge queue Oct 8, 2024
Merged via the queue into akuity:main with commit 686b0d4 Oct 8, 2024
24 checks passed
@krancour krancour deleted the krancour/harden branch October 8, 2024 23:44
This was referenced Oct 10, 2024
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hiddeco hiddeco hiddeco approved these changes

Assignees

@krancour krancour

Labels
area/ci-process area/devx area/release-process area/security do not merge yet docker Pull requests that update Docker code kind/chore priority/high
Projects
None yet
Milestone
v1.0.0
Development

Successfully merging this pull request may close these issues.

harden image
2 participants
@krancour @hiddeco