Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use official node:alpine #11

Merged
merged 1 commit into from
Jan 4, 2017
Merged

Use official node:alpine #11

merged 1 commit into from
Jan 4, 2017

Conversation

simonepri
Copy link

@simonepri simonepri commented Dec 29, 2016

Hello, @Unitech
Check this:
mhart/alpine-node#76
nodejs/docker-node#156

The official one also have less CVE issues (whit the one from @mhart Docker Cloud reports lots of CVE).

Best regards,
Simone

Check this:
mhart/alpine-node#76
nodejs/docker-node#156

The official one have also less security issues.
@Unitech Unitech merged commit c93a315 into keymetrics:master Jan 4, 2017
@simonepri
Copy link
Author

@Unitech currently :latest intalls node 7 and this will break lots of project based on this image.

What do you think about creating more branches?

Here you can see all nodejs tags available:
https://hub.docker.com/_/node/

My suggestion will be to add these branches:
master -> node:alpine
6.9 -> node:boron-alpine
4.7 -> node:argon-alpine

@Unitech
Copy link
Member

Unitech commented Jan 27, 2017

@simonepri I just gave you the contributor permission on this repository, feel free to update the branches so we can have different image with different nodejs versions

@simonepri
Copy link
Author

@Unitech What you think about the usage of folders instead of branches?
As you can see the official node repo uses folders:
https://github.com/nodejs/docker-node

I think is more clear and maintenable.
What do you think about it?

Because with folder anyone could create a pullrequest in order to add other versions in the future.

@Unitech
Copy link
Member

Unitech commented Jan 27, 2017

Having multiple branches allow the docker registry to automatically build different Docker images

https://hub.docker.com/r/keymetrics/pm2-docker-alpine/

So keeping that structure is better

@simonepri
Copy link
Author

simonepri commented Jan 27, 2017

The docker registry is also able to automatically build different docker images using different Dockerfiles (pointing each tag to a different dockerfile) in the repo. In this way you don't have to create multiple unmantained branches

@Unitech
Copy link
Member

Unitech commented Jan 27, 2017

I did not know! So let's switch to different folders instead of different branches

@simonepri
Copy link
Author

Are you sure? Take a look into the docker registry to see how you can do it:
https://docs.docker.com/docker-hub/builds/#/add-and-run-a-new-build
As you can see, you can specify the "Dockerfile" location, so you create different tags on the same branch using different Dockerfiles.

If you agree I will create a pull request with the modifications

@Unitech
Copy link
Member

Unitech commented Jan 27, 2017

Alright I found the page to edit the build settings
Agreed for the changes

@mhart
Copy link

mhart commented Jan 27, 2017

@simonepri would love to know more about this "Docker Cloud reports lots of CVE" claim that you've made?

@mhart
Copy link

mhart commented Jan 27, 2017

@simonepri the official Docker image was based off mine – it's the same alpine version and contains the same packages – so I'd be fascinated to know how there's a difference in CVE issues?

(I'm not suggesting to stick with my image btw – please do move to the official one – just concerned about this claim)

@simonepri
Copy link
Author

simonepri commented Jan 27, 2017

@mhart currently I'm not able to show you it, but on Docker Cloud each time you build your image it has a service that scans the image and reports you if there are CVE.
When I first write that claim I was using this image, then i switched to the official node:alpine and all CVE reported from Docker Cloud disappered.

@mhart
Copy link

mhart commented Jan 27, 2017

@simonepri would be great if you could show it to me – just a screenshot or whatever. Just unclear as to whether there's actual CVEs, or just that it couldn't scan it properly because it wasn't a "blessed" image like the official one is.

@simonepri
Copy link
Author

@mhart I will do it as soon as possible 👍

@simonepri
Copy link
Author

@Unitech sorry I've just pushed the modification to this repo insted on the mine forked one, I've just reverted. I'm going to open a pull request.
Sorry for the trouble.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants