Skip to content

Commit

Permalink
build: Update packages in release image
Browse files Browse the repository at this point in the history
This will get updates released after the base image was built. This adds a layer
and increase the image size, but significantly reduce the number of CVEs in the
resultant image.

Signed-off-by: Gert van den Berg <github@mohag.net>
  • Loading branch information
mohag authored and mergify[bot] committed Feb 1, 2023
1 parent 567b7df commit c3d5b78
Showing 1 changed file with 9 additions and 4 deletions.
13 changes: 9 additions & 4 deletions deploy/cephcsi/image/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,13 @@ ARG SRC_DIR="/go/src/github.com/ceph/ceph-csi/"
ARG GO_ARCH
ARG BASE_IMAGE

FROM ${BASE_IMAGE} as builder
FROM ${BASE_IMAGE} as updated_base

RUN dnf -y update \
&& dnf clean all \
&& rm -rf /var/cache/yum

FROM updated_base as builder

LABEL stage="build"

Expand All @@ -28,8 +34,7 @@ RUN ${GOROOT}/bin/go version && ${GOROOT}/bin/go env
RUN dnf config-manager --disable \
tcmu-runner,tcmu-runner-source,tcmu-runner-noarch || true

RUN dnf -y update \
&& dnf -y install --nodocs \
RUN dnf -y install --nodocs \
librados-devel librbd-devel \
/usr/bin/cc \
make \
Expand All @@ -56,7 +61,7 @@ COPY . ${SRC_DIR}
RUN make cephcsi

#-- Final container
FROM ${BASE_IMAGE}
FROM updated_base

ARG SRC_DIR

Expand Down

0 comments on commit c3d5b78

Please sign in to comment.