kaniini
commented
1 year ago I wonder if it would be better to package golangci-lint in Wolfi and include that in the image?
There is also the busybox wget applet that is already available.
Closed joemiller closed 1 year ago
kaniini
commented
1 year ago I wonder if it would be better to package golangci-lint in Wolfi and include that in the image?
There is also the busybox wget applet that is already available.
joemiller
commented
1 year ago @kaniini I thought about this too. In my experience I have seen a lot of opinions on golangci-lint. Some projects will just install latest in CI and other prefer to pin to versions. My own anecdotal experience/guess says the community splits close to 50/50 on the topic.
joemiller
commented
1 year ago @kaniini Wget works, but there is an issue with the busybox-wget in the container. It does not verify TLS on the download url. This is using the recommended install snippet from golangci-lint: wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2:
wget: note: TLS certificate validation not implementedanother workaround is simply copying the curl binary into the build stage, eg:
FROM cgr.dev/chainguard/curl:latest AS curl
FROM cgr.dev/chainguard/go:1 AS builder
COPY --from=curl /usr/bin/curl /usr/bin/curl
# ...This way you can run the golangci-lint install script in a way that validates the TLS cert from github, which busybox-wget won't do
dlorenc
commented
1 year ago One quick note - we do have golangci-lint already packaged in Wolfi: https://github.com/wolfi-dev/os/blob/main/golangci-lint.yaml
That means you can do something like:
FROM cgr.dev/chainguard/go:latest-dev
RUN apk add golangci-lint
Which image/versions are related to this issue/feature request?
go, all versions.
Issue/Feature description
It would be useful to have curl available in the go image. Curl is one of the recommended ways to install golangci-lint.
A multi-stage docker image then could:
go test ./...go buildThis would allow for having multi-stage builds that fully utilize chainguard images.
It is possible to
go installgolangci-lint but this can be rather slow and it is not recommended by the golangci-lint authors.