*** happyhemant has quit IRC | 01:28 | |
*** KeithMnemonic has quit IRC | 03:08 | |
*** e0ne has joined #openstack-loci | 05:21 | |
*** spsurya has joined #openstack-loci | 06:08 | |
*** e0ne has quit IRC | 06:24 | |
*** dpawlik has joined #openstack-loci | 08:40 | |
*** parasitid has joined #openstack-loci | 08:56 | |
parasitid | evrardjp: hello | 08:56 |
---|---|---|
parasitid | evrardjp: i have an issue with my own PR: https://review.opendev.org/#/c/661242/6 | 08:56 |
parasitid | evrardjp: we can't use docker build args for passing secrets (such as a private reg key) | 08:57 |
parasitid | evrardjp: because it is leaked in the image manifest | 08:57 |
parasitid | evrardjp: instead, theres a brand new 'secret option' in the docker build command | 08:58 |
parasitid | evrardjp: but it requires to introduce stuff such as 'RUN --mount=type=secret' in the dockerfile | 08:58 |
parasitid | which is not retro compatible with docker < 18.09 | 08:59 |
parasitid | evrardjp: how could we deal with such thing ? | 09:01 |
*** e0ne has joined #openstack-loci | 09:26 | |
*** spsurya has quit IRC | 12:18 | |
evrardjp | hey | 12:52 |
evrardjp | mmm | 12:52 |
evrardjp | if it doesn't suit you, indeed a refactor would be required :) | 12:53 |
evrardjp | could you point me to that docs? | 12:54 |
parasitid | evrardjp: sure | 12:58 |
*** pgaxatte has joined #openstack-loci | 13:03 | |
parasitid | evrardjp: Warning: It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command. | 13:03 |
parasitid | here: https://docs.docker.com/engine/reference/builder/ | 13:04 |
parasitid | the correct way would be to use secrets, but it's still an exp feature in buildkit https://stackoverflow.com/questions/45405212/safe-way-to-use-build-time-argument-in-docker/51921954#51921954 | 13:04 |
parasitid | evrardjp: what if i add a copy of the Dockerfile with experimental features ? | 13:09 |
parasitid | such as Dockerfile.experimental | 13:09 |
parasitid | ? | 13:09 |
parasitid | it's kinda hard to deal with those buildkit stuff in a single dockerfile without 'templating' it or duplicating it | 13:10 |
*** dpawlik has quit IRC | 15:35 | |
*** pgaxatte has quit IRC | 15:36 | |
*** e0ne has quit IRC | 16:07 | |
*** e0ne has joined #openstack-loci | 17:05 | |
*** e0ne has quit IRC | 17:23 | |
openstackgerrit | Chris Hoge proposed openstack/loci master: Make Python3 the default interpreter https://review.opendev.org/665187 | 17:29 |
*** dpawlik has joined #openstack-loci | 18:54 | |
*** e0ne has joined #openstack-loci | 19:25 | |
*** e0ne has quit IRC | 20:04 | |
*** dpawlik has quit IRC | 21:01 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!