-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
whalebrew in whalebrew #36
Comments
Hi, To allow commands to call one another we would need to run somehow This means that any command could then be able to execute roughly anything the docker API allows, including binding host volumes, runnning privileged containers ..., and hence exposing undesired data. This means we need to encounter a simple way to do so without providing this whole uncontrolled access |
Make use of multi stage builds to produce smaller output image Tune the dockerignore to reduce the context size sent to docker and hence improve build speed Make use of go modules cache to not re-download everything when only the code is changed This produces a small output image, a first step towards #36 and #32 fixes #72
Make use of multi stage builds to produce smaller output image Tune the dockerignore to reduce the context size sent to docker and hence improve build speed Make use of go modules cache to not re-download everything when only the code is changed This produces a small output image, a first step towards #36 and #32 fixes #72
I have been thinking about this issue lately and here is what I came with Declare dependenciesIntroduce a way to declare that an image depends on external commands (like expose a whalebrew-in-whalebrew commandWhen Whalebrew starts a container, if this container has dependencies, it mounts a runnable whalebrew-in-whalebrew command (benefiting the The setup is not that simple but copes well with security ensuring that the docker socket, providing root privileges, is not exposed to user land programs. |
If whalebrew enabled docker in docker (see #24), and also installed itself in all containers, then you could have your tools talk to each other!
Goal: my whalebrew packages can call each other.
Example: when you build with microsoft/dotnet you might want to call
node
ornpm
to do run frontend tasks.Benefits:
docker run
downloads what it needs)dotnet
in Arch Linux is a nightmare)Let me know what you think or if you think it's not possible!
Thanks!
The text was updated successfully, but these errors were encountered: