Change `go` base image in `Dockerfile`

Question

mathieu-benoit opened this issue 2 years ago · 3 comments

As per the discussion in there: #24 (review).

Instead of using go:1.20 as the base image in the Dockerfile, the proposal is to use cgr.dev/chainguard/go.

If there is an agreement with that, let's have a dedicated PR opened for that.

Additionally, some questions top of mind with that:

Why rekor or fulcio are using golang:1.20 and not
Based on 1., do we want to have this current project not doing like the other projects?
In the Dockerfile, the base image is in an ARG, which will prevent dependabot (#21) to update any update of this base image, do we also want to change that?
In the other projects, sha is used for the go:1.20 image, not here, should we do that here too?

Answer 1 · 2023-02-09T18:37:27.000Z

Hey @cpanato 👋 Do you have any ideas on this?

Why rekor or fulcio are using golang:1.20 and not cgr.dev/chainguard/go? Are there any tracking issue or plan for this?

Answer 2 · 2023-02-10T08:33:05.000Z

I can take a look on that and propose a PR

Answer 3 · 2023-02-14T08:28:50.000Z

using ko to build and not a dockerfile, introduced in this pr #32

closing this issue