-
Notifications
You must be signed in to change notification settings - Fork 508
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
✨ move to cgr base image #4113
✨ move to cgr base image #4113
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@naveensrinivasan — Nice! Would you mind making similar changes for our other projects? e.g., https://github.com/ossf/scorecard-action/blob/c64f0a7231aa68a6849c2b65bf16af3daa23d3e6/Dockerfile#L38
Just FYI this was discussed in the past. Linking for historical context I think this falls under the "if a majority of maintainers want to" part of Azeem's comment.
I dont think we can do it for scorecard-action, #2593 (comment) |
@spencerschrock Do you have concerns about merging it? |
My only blocking concern would be to not do this for Scorecard Action due to lack of root, but this PR doesn't touch that. Changing from From a "change as few things as needed" perspective, I have a slight preference to |
This pull request has been marked stale because it has been open for 10 days with no activity |
- Move the static cgr.dev base image as it has less foot print and zero vuln. Signed-off-by: naveensrinivasan <172697+naveensrinivasan@users.noreply.github.com>
865db33
to
39efb72
Compare
cgr.dev
distroless
What kind of change does this PR introduce?
(Is it a bug fix, feature, docs update, something else?)
What is the current behavior?
What is the new behavior (if this is a feature change)?**
Which issue(s) this PR fixes
Special notes for your reviewer
Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the
release-note
(In particular, describe what changes users might need to make in their
application as a result of this pull request.)