The number of binaries distributed via Container images is increasing.
We have a base image dedicated to CI but there is so far no base image intended to the standard distribution of our binaries. As a result, each of our release images contain the same duplicated code:
add parity GPG keys
run an apt update
create a user
symlink a data folder
etc...
Most our images are based on the an updated version of a base image (ubuntu:20.04 atm).
However, those images are built and published without having kinda of chance for any testing.
Building the image from this PR nighlty gives us the option to run some secruity testing / auditing on the base image before using it in production.
This PR does not include security/auditing of the built image.
Once a build of this image is available, all our polkadot, cumulus, staking-miner, etc... can be rebuilt with this new base image. it will cut the build time and offer a reliable and common base.
Context
The number of binaries distributed via Container images is increasing. We have a base image dedicated to CI but there is so far no base image intended to the standard distribution of our binaries. As a result, each of our release images contain the same duplicated code:
Most our images are based on the an updated version of a base image (ubuntu:20.04 atm). However, those images are built and published without having kinda of chance for any testing.
Building the image from this PR nighlty gives us the option to run some secruity testing / auditing on the base image before using it in production.
This PR does not include security/auditing of the built image.
Once a build of this image is available, all our polkadot, cumulus, staking-miner, etc... can be rebuilt with this new base image. it will cut the build time and offer a reliable and common base.
Todo
References