[Github][Docker] Remove 'docker.io/library' from image name #162007
Conversation
|
@llvm/pr-subscribers-github-workflow Author: Baranov Victor (vbvictor) ChangesBased on #161083 (comment), we don't specify explicitly Full diff: https://github.com/llvm/llvm-project/pull/162007.diff 1 Files Affected:
diff --git a/.github/workflows/containers/github-action-ci/Dockerfile b/.github/workflows/containers/github-action-ci/Dockerfile
index dc0c9cabc7f01..c9aa0bbd31d81 100644
--- a/.github/workflows/containers/github-action-ci/Dockerfile
+++ b/.github/workflows/containers/github-action-ci/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/library/ubuntu:24.04 AS base
+FROM ubuntu:24.04 AS base
ENV LLVM_SYSROOT=/opt/llvm
FROM base AS stage1-toolchain
|
|
I thought it was considered best practice to use the full URI? |
Is there a recommendation with motivation somewhere? I could understand a portability argument, but all of the container runtimes that we're using still seem to default to Either way is fine with me, but we should be consistent with what we have inside the repository. |
|
@boomanaiden154 The short names make it easier for an attacker to spoof an image. Here is an article about it: https://www.redhat.com/en/blog/be-careful-when-pulling-images-short-name |
|
Ah, didn't even think of that being an issue. I think we should prefer the fully qualified names then too. |
|
I'd make a pr to convert existing images to fully-qualified names. |
Based on #162007 (comment), we should avoid having short links in docker images.
Based on #162007 (comment), we should avoid having short links in docker images.
Based on llvm/llvm-project#162007 (comment), we should avoid having short links in docker images.
…FC) (#162156) Based on llvm/llvm-project#162007 (comment), we should avoid having short links in docker images.
Based on #161083 (comment), we don't specify explicitly
docker.io/library/, this is the only violation I could find.