-
Notifications
You must be signed in to change notification settings - Fork 46
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support rebuilding arbitrary images without rebuilding their dependencies #1185
Comments
Duplicate of #787. But we can revive the discussion. |
[Triage] It would be good to find some data on how often we need to rebuild due to high/critical severity CVEs in the .NET SDK images. For example, curl only has high severity CVEs about once every 2 years: https://curl.se/docs/security.html This also may happen more often if we ship AOT images because the AOT SDK Dockerfiles install even more additional packages on top of the SDK. |
|
Steps to reproduce the issue
Try to run a build in the
dotnet-docker
repo with a path argument of'*sdk*'
. That results in the following error:(From https://dev.azure.com/dnceng/internal/_build/results?buildId=2289062&view=logs&j=fc59f0f2-c1bd-58ae-b870-833d1e8a924c&t=8d53baa0-ff68-5ea5-041a-af0e08303d7f [internal link])
This is because ImageBuilder is trying to build the SDK image when we haven't built its dependency (the ASP.NET image) in the same pipeline run.
Expected behavior
ImageBuilder should determine when we want to rebuild an arbitrary image in a hierarchy without rebuilding the image it's based on. It should pull the image from MCR without overriding the
REPO
argument (or overriding it as necessary in the nigthly branch, for example).The text was updated successfully, but these errors were encountered: