michalvavrik commented on issue #5986: URL: https://github.com/apache/camel-k/issues/5986#issuecomment-3836982361
> Thanks for having a look @michalvavrik. We had abandoned the go-containerregistry when dropping the support of "Spectrum" project. We are all in with Jib as a publishing mechanism. Pinging the registry is something that I'd avoid as it may require authentication and any other complications which will come for sure. That's helpful @squakez , thank you. Please allow me to clarify as I am slow, so that I don't "implement" something differently and waste time. > We may think to simply include the SHA statically and the user to update it via IntegrationPlatform update mechanism. This one guarantee reproducibility and the possibility to easily upgrade the image sha on the fly. The way I understand this is that it is already possible to specify base image either via `KAMEL_BASE_IMAGE` env var or in IntegrationPlatform via `spec.build.baseImage`. So by _include the SHA statically_ you mean: - change `KAMEL_BASE_IMAGE` default value to `eclipse-temurin:17-jdk@sha256:some-hardcoded-sha` - make sure that dependabot automatically updates the SHA so that with each release Camel-K provides updated base image (to avoid CVEs) If I understood you right, then I can update the `.github/actions/automatic-updates/action.yml` with check for a new SHA and if detected, I can update `Makefile`, e.g. with `sed` command I'll replace value of newly introduced `BASE_IMAGE_SHA`. The only issue I can see is that `docs/modules/ROOT/pages/installation/advanced/advanced.adoc` contains: ``` |`KAMEL_BASE_IMAGE` |`eclipse-temurin:17-jdk` ``` so I'd have to change it something like `eclipse-temurin:17-jdk@sha256:example-image-sha`. I could write a script that updates it, but not sure if it is worth it as it would add bit more complexity. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
