Support rebuilding arbitrary images without rebuilding their dependencies #1185
Comments
|
Duplicate of #787. But we can revive the discussion. |
|
[Triage] It would be good to find some data on how often we need to rebuild due to high/critical severity CVEs in the .NET SDK images. For example, curl only has high severity CVEs about once every 2 years: https://curl.se/docs/security.html This also may happen more often if we ship AOT images because the AOT SDK Dockerfiles install even more additional packages on top of the SDK. |
lbussell
added
needs-more-info
area-infrastructure
and removed
untriaged
area-documentation
labels
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce the issue
Try to run a build in the
dotnet-dockerrepo with a path argument of'*sdk*'. That results in the following error:(From https://dev.azure.com/dnceng/internal/_build/results?buildId=2289062&view=logs&j=fc59f0f2-c1bd-58ae-b870-833d1e8a924c&t=8d53baa0-ff68-5ea5-041a-af0e08303d7f [internal link])
This is because ImageBuilder is trying to build the SDK image when we haven't built its dependency (the ASP.NET image) in the same pipeline run.
Expected behavior
ImageBuilder should determine when we want to rebuild an arbitrary image in a hierarchy without rebuilding the image it's based on. It should pull the image from MCR without overriding the
REPOargument (or overriding it as necessary in the nigthly branch, for example).The text was updated successfully, but these errors were encountered: