[Github][Docker] Remove 'docker.io/library' from image name

[vbvictor]

Based on #161083 (comment), we don't specify explicitly docker.io/library/, this is the only violation I could find.

[llvmbot]

@llvm/pr-subscribers-github-workflow

Author: Baranov Victor (vbvictor)

Changes

Based on #161083 (comment), we don't specify explicitly docker.io/library/, this is the only violation I could find.

---

Full diff: https://github.com/llvm/llvm-project/pull/162007.diff

1 Files Affected:

• (modified) .github/workflows/containers/github-action-ci/Dockerfile (+1-1)

diff --git a/.github/workflows/containers/github-action-ci/Dockerfile b/.github/workflows/containers/github-action-ci/Dockerfile
index dc0c9cabc7f01..c9aa0bbd31d81 100644
--- a/.github/workflows/containers/github-action-ci/Dockerfile
+++ b/.github/workflows/containers/github-action-ci/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/ubuntu:24.04 AS base
+FROM ubuntu:24.04 AS base
 ENV LLVM_SYSROOT=/opt/llvm
 
 FROM base AS stage1-toolchain

[tstellar]

I thought it was considered best practice to use the full URI?

[boomanaiden154]

I thought it was considered best practice to use the full URI?

Is there a recommendation with motivation somewhere? I could understand a portability argument, but all of the container runtimes that we're using still seem to default to docker.io.

Either way is fine with me, but we should be consistent with what we have inside the repository.

[tstellar]

@boomanaiden154 The short names make it easier for an attacker to spoof an image. Here is an article about it: https://www.redhat.com/en/blog/be-careful-when-pulling-images-short-name

[boomanaiden154]

Ah, didn't even think of that being an issue. I think we should prefer the fully qualified names then too.

[vbvictor]

I'd make a pr to convert existing images to fully-qualified names.