Open zjrgov opened 3 weeks ago
Kaniko, at least used in the typical way, won't work without some significant changes for a few reasons.
scratch
as the base for the image it actually distributes, and at most, when using the :debug
tag, you just get some busybox utilities--ergo there is no package manager, no git/git-lfs/curl and no gitlab-runner-helper.We might be able to do without the gitlab-runner-helper, but I think it would probably require some significant changes to manually deal with cache & artifacts. Could also think about having the runner workers deploy not as docker images, and use cloud foundry the normal way, possibly installing docker with the apt.yaml and removing a layer of the matryoshka.
Before doing that I'll try buildah
, which is installable as an apt package.
Buildkit
, img
, orca-build
, and buildah
all use runc
which if running in a container must have certain security controls disabled (seccomp & apparmor unconfined). This isn't something I have a great deal of understanding about yet but seems bad and at the very least not like something we can easily get going by ourselves on cloud.gov.
So it seems like we could maybe have workers that don't get pushed as containers but install a container build system, or back to kaniko and try to stick git/lfs/curl binaries on it. In either case, probably just get some weird branching logic on it for now as a proof of concept.
As a DevTools user I would like to be able to push and pull container images to/from the GitLab Container Registry so that I can verify that my container packaging steps work and be able to deploy the container to cloud.gov.
See also #16.
Acceptance Criteria