charts icon indicating copy to clipboard operation
charts copied to clipboard

Published 20 hours ago verified publisher icon drone

drone images 2.12.1 build using end of life version of alpine 3.11.13

Open sajithvasu opened this issue 3 years ago • 5 comments

Drone chart deploys image 2.12.1 and that is build using end of life version of alpine. Please check - https://endoflife.date/alpine

sajithvasu avatar Aug 10 '22 13:08 sajithvasu

We should really move to using scratch for Drone images. Drone is a static binary with zero external dependencies, which means it does not actually use anything inside the alpine base image. Having to upgrade base images across hundreds of repositories (when you consider all of our plugins) creates a lot of busy work, which would be eliminated by using scratch.

bradrydzewski avatar Aug 10 '22 14:08 bradrydzewski

@bradrydzewski: Is there any future plan to fix this for the drone images?

sajithvasu avatar Aug 10 '22 15:08 sajithvasu

why we are not using distroless?

loeffel-io avatar Aug 11 '22 08:08 loeffel-io

distroless images contain runtime dependencies. Drone does not have any runtime dependencies, therefore,scratch is more appropriate.

bradrydzewski avatar Aug 11 '22 12:08 bradrydzewski

This is an important discussion, but is this repository the best place? Should this move to https://github.com/harness/drone?

jimsheldon avatar Aug 11 '22 12:08 jimsheldon

I will close this out since these charts don't manage the underlying docker images

jimsheldon avatar Oct 21 '22 17:10 jimsheldon