Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Go SDK] Use distroless:debian12 (no-ssl) as base image. #30011

Merged
merged 4 commits into from
Feb 7, 2024

Conversation

lostluck
Copy link
Contributor

@lostluck lostluck commented Jan 12, 2024

Move Go SDK image to use distroless as the base image, instead of the docker debian image.

Technically, the same version of debian, but with everything but glibc stripped out of it.

Go binaries (Go SDK binaries in particular) don't need external deps or most other parts of the OS toolchains, so this reduces the vulnerabilities to largely intractable to fix glibc issues.

We could remove glibc as by default the SDK doesn't need to compile with C-go enabled (the only reason to link in glibc for go running binaries) but it is handy for users who would depend on it.

distroless has the ca-certificates pre-installed, and as long as we build against latest, it remains relatively up to date. It's not clear to me why we chose to remove the licenses except when configured, but it's harder to remove things conditionally when the shell tools and bash aren't present.


Thank you for your contribution! Follow this checklist to help us incorporate your contribution quickly and easily:

  • Mention the appropriate issue in your description (for example: addresses #123), if applicable. This will automatically add a link to the pull request in the issue. If you would like the issue to automatically close on merging the pull request, comment fixes #<ISSUE NUMBER> instead.
  • Update CHANGES.md with noteworthy changes.
  • If this contribution is large, please file an Apache Individual Contributor License Agreement.

See the Contributor Guide for more tips on how to make review process smoother.

To check the build health, please visit https://github.com/apache/beam/blob/master/.test-infra/BUILD_STATUS.md

GitHub Actions Tests Status (on master branch)

Build python source distribution and wheels
Python tests
Java tests
Go tests

See CI.md for more information about GitHub Actions CI or the workflows README to see a list of phrases to trigger workflows.

Copy link

codecov bot commented Jan 12, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (4f3963f) 38.45% compared to head (ac8e7d8) 38.45%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #30011      +/-   ##
==========================================
- Coverage   38.45%   38.45%   -0.01%     
==========================================
  Files         697      697              
  Lines      102216   102216              
==========================================
- Hits        39306    39304       -2     
+ Misses      61284    61282       -2     
- Partials     1626     1630       +4     
Flag Coverage Δ
go 54.22% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@github-actions github-actions bot added the build label Jan 13, 2024
@lostluck lostluck marked this pull request as ready for review February 7, 2024 18:54
Copy link
Contributor

github-actions bot commented Feb 7, 2024

Assigning reviewers. If you would like to opt out of this review, comment assign to next reviewer:

R: @riteshghorse for label go.

Available commands:

  • stop reviewer notifications - opt out of the automated review tooling
  • remind me after tests pass - tag the comment author after tests pass
  • waiting on author - shift the attention set back to the author (any comment or push by the author will return the attention set to the reviewers)

The PR bot will only process comments in the main thread (not review comments).

Copy link
Contributor

@riteshghorse riteshghorse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@lostluck lostluck merged commit a15dd7e into apache:master Feb 7, 2024
11 checks passed
@lostluck lostluck deleted the distrolessGo branch February 7, 2024 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants