Closed joemiller closed 1 year ago
I wonder if it would be better to package golangci-lint in Wolfi and include that in the image?
There is also the busybox wget
applet that is already available.
@kaniini I thought about this too. In my experience I have seen a lot of opinions on golangci-lint. Some projects will just install latest in CI and other prefer to pin to versions. My own anecdotal experience/guess says the community splits close to 50/50 on the topic.
@kaniini Wget works, but there is an issue with the busybox-wget
in the container. It does not verify TLS on the download url. This is using the recommended install snippet from golangci-lint: wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s v1.51.2
:
wget: note: TLS certificate validation not implemented
another workaround is simply copying the curl
binary into the build stage, eg:
FROM cgr.dev/chainguard/curl:latest AS curl
FROM cgr.dev/chainguard/go:1 AS builder
COPY --from=curl /usr/bin/curl /usr/bin/curl
# ...
This way you can run the golangci-lint install script in a way that validates the TLS cert from github, which busybox-wget won't do
One quick note - we do have golangci-lint already packaged in Wolfi: https://github.com/wolfi-dev/os/blob/main/golangci-lint.yaml
That means you can do something like:
FROM cgr.dev/chainguard/go:latest-dev
RUN apk add golangci-lint
Which image/versions are related to this issue/feature request?
go, all versions.
Issue/Feature description
It would be useful to have curl available in the go image. Curl is one of the recommended ways to install golangci-lint.
A multi-stage docker image then could:
go test ./...
go build
This would allow for having multi-stage builds that fully utilize chainguard images.
It is possible to
go install
golangci-lint but this can be rather slow and it is not recommended by the golangci-lint authors.