shahar1 commented on issue #59625: URL: https://github.com/apache/airflow/issues/59625#issuecomment-3703786230
> Hi! I’m interested in working on this. For hardened images, should we aim for XYZ base image? Are there specific guidelines we must follow? Thank you for your will to help in this area! I assigned you to this task. Basically, it should be simple as switching the base image in the Docker file to the [hardened version](https://hub.docker.com/hardened-images/catalog/dhi/debian-base) - see instructions in the link. Building this image requires logging it to Dockerhub using a Personal Access Token (PAT) before the build step. In the GitHub Actions, the step should be: ```yaml - name: Login to Docker Hub uses: docker/login-action@v3 with: registry: dhi.io username: ${{ vars.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PAT }} ``` I tested the above in another repository and it works - but it will be problematic for now to configure it in Airflow's CI/CD, because it requires logging in to Docker (and AFAIK, we currently don't have a user dedicated for ASF organization). Therefore, you could start by testing locally and see that nothing breaks in their image, and if it all works - create a documentation for how to make it work. In parallel I could try to get in touch with Airflow's infra. team to see if we could maybe arrange a Dockerhub user for using it in Airflow's CI/CD. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
