Closed jimafisk closed 1 month ago
Just want to note that apk
is the package manager for alpine
so it's not available on scratch
itself.
I was trying to avoid adding a build step simply to steal the /etc/ssl/certs/ca-certificates.crt
file from the alpine
image, but I wasn't sure if this needed to be generated every time when it's included in the base of the project: https://pkgs.alpinelinux.org/contents?file=&path=&name=ca-certificates-bundle&branch=edge&repo=main&arch=x86
I ultimately set up a simple multi-stage build using the example provided here: https://medium.com/on-docker/use-multi-stage-builds-to-inject-ca-certs-ad1e8f01de1b
This should be available in v0.6.43 (note I had to skip a few version numbers because of failing builds)
Adding the root ca certificate only increased the size of the image 0.12 MB:
The jump from v0.6.8 (17.59 MB) to v0.6.9 (24.54 MB) was much larger (6.95 MB), likely because we introduced "Mac universal_binaries."
I tested out the new release in our Gitea act_runner and it worked!
I'd like to be able to
plenti npm install
in CI to avoid having to install NodeJS/NPM on the container and speed up the overall builds. When I try this currently, I get a TLS error (https://github.com/livebud/npm/issues/2):I believe this is because our official image is built from
scratch
(https://github.com/plentico/plenti/blob/master/Dockerfile) and doesn't haveca-certificates.crt
available: https://stackoverflow.com/questions/52969195/docker-container-running-golang-http-client-getting-error-certificate-signed-byI'd like to keep our image as slim as possible, according to this article it should have minimal impact on the overall size: