mirror of
https://github.com/kata-containers/kata-containers.git
synced 2026-07-01 06:28:11 +00:00
kata-deploy: track distroless static base by tag, not digest
The kata-deploy main image pinned its gcr.io/distroless/static-debian13 base by sha256 digest. distroless does not publish versioned tags, so a pinned digest just goes stale with no clear upgrade path. Track the rolling tag instead (guarded with a hadolint DL3007 ignore plus a comment explaining why), matching the kata-deploy-job-dispatcher image base. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com> Assisted-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
committed by
Fabiano Fidêncio
parent
aebadb1ab2
commit
aa27490801
@@ -111,7 +111,10 @@ RUN \
|
||||
esac
|
||||
|
||||
#### kata-deploy main image
|
||||
FROM gcr.io/distroless/static-debian13@sha256:972618ca78034aaddc55864342014a96b85108c607372f7cbd0dbd1361f1d841
|
||||
# distroless does not publish pinned/versioned tags - only rolling ones
|
||||
# (latest, nonroot, debug) - so :latest is the intended way to consume it.
|
||||
# hadolint ignore=DL3007
|
||||
FROM gcr.io/distroless/static-debian13:latest
|
||||
|
||||
ARG DESTINATION=/opt/kata-artifacts
|
||||
|
||||
|
||||
Reference in New Issue
Block a user