tulilirockz
commented
1 year ago Other solution would be to use either Golang's alpine as a builder and regular alpine as a runner
Closed tulilirockz closed 1 year ago
tulilirockz
commented
1 year ago Other solution would be to use either Golang's alpine as a builder and regular alpine as a runner
bketelsen
commented
1 year ago we're using chainguard for the signing/sbom (which we aren't using YET)
tulilirockz
commented
1 year ago Oooooh! Makes sense now. But like, isn't signing a build step? Maybe using chainguard's as a builder and alpine as a runner would be a nice idea? (It'd be the best of both worlds), but idk, maybe its unnecessary?
bketelsen
commented
1 year ago I hadn't even considered having a runner. At this point the only thing using the container is the ublue-os/bluefin build process which just strips the binaries & man pages out of the container and puts them in bluefin.
This is just a suggestion, but, maybe using the golang alpine images would be better because of their size / attack surface. In the worst case scenario it would definitely be at least a bit faster to build them...