use docker multi stage build #2
Conversation
|
@galuszkak please approve my priviliges to run workflows |
|
|
||
| RUN go build -o /geralt | ||
|
|
||
| FROM alpine:3.15 |
There was a problem hiding this comment.
Alpine is a very risky choice and has proven to have an illusion of security, I think Debian makes more sense in this case.
There was a problem hiding this comment.
BTW default golang image is based on Debian and I think it's not an accidental choice.
There was a problem hiding this comment.
When introducing this change I was thinking more about the resulting image size than security. The final build using pure alpine (without go etc.) is only 16mb while the image resulting from go-1.18 was about 1.1gb in size. Though the debian image is fairly coveniat for running tests. Do you know whether GCP docker registry caches the layers of the base image? If this is the case, the cost effectivness of debian and alpine images would be the same except the base image size. Do you know if the image size affects the cold startup time? In this post the author says that it does not but I couldn't find another confirmation of that.
There was a problem hiding this comment.
I wasn't aware that alpine was unsafe and thought that it was best to use as minimal image as possible for security to decrease the number of attack vectors. Could you show me some examples? I'd like to read up on that.
No description provided.