diff --git a/.github/workflows/daily-security-scan-alpine.yml b/.github/workflows/daily-security-scan-alpine.yml index e4a47a78..ead150ba 100644 --- a/.github/workflows/daily-security-scan-alpine.yml +++ b/.github/workflows/daily-security-scan-alpine.yml @@ -8,7 +8,7 @@ jobs: scan-relay: strategy: matrix: - tag: ['latest', 'v7', 'v8'] + tag: ['latest', 'latest-alpine', 'v7', 'v8', 'v8-alpine'] fail-fast: false runs-on: ubuntu-latest steps: diff --git a/.goreleaser.yml b/.goreleaser.yml index 8ff806f7..b2571292 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -213,7 +213,9 @@ dockers: - "--platform=linux/arm64/v8" docker_manifests: - # For the Alpine image + # For backwards compatibility, we publish the :latest, :vX, and :x.y.z tags for Alpine without any suffix + # indicating that the image is Alpine based (unlike the debian12 images). This is because it's what was done historically, + # and we cannot change it yet without breaking existing users. - name_template: "launchdarkly/ld-relay:{{ .Version}}" skip_push: false image_templates: @@ -238,6 +240,32 @@ docker_manifests: - "launchdarkly/ld-relay:latest-arm64v8" - "launchdarkly/ld-relay:latest-i386" + # We'll also create aliases for the Alpine-based image with the suffix "-alpine" to make it easier to distinguish + # from the debian12 image. This will also allow us to eventually deprecate the non-suffixed tags in a future major version. + - name_template: "launchdarkly/ld-relay:{{ .Version}}-alpine" + skip_push: false + image_templates: + - "launchdarkly/ld-relay:{{ .Version }}-amd64" + - "launchdarkly/ld-relay:{{ .Version }}-armv7" + - "launchdarkly/ld-relay:{{ .Version }}-arm64v8" + - "launchdarkly/ld-relay:{{ .Version }}-i386" + + - name_template: "launchdarkly/ld-relay:v{{ .Major }}-alpine" + skip_push: false + image_templates: + - "launchdarkly/ld-relay:v{{ .Major }}-amd64" + - "launchdarkly/ld-relay:v{{ .Major }}-armv7" + - "launchdarkly/ld-relay:v{{ .Major }}-arm64v8" + - "launchdarkly/ld-relay:v{{ .Major }}-i386" + + - name_template: "launchdarkly/ld-relay:latest-alpine" + skip_push: false + image_templates: + - "launchdarkly/ld-relay:latest-amd64" + - "launchdarkly/ld-relay:latest-armv7" + - "launchdarkly/ld-relay:latest-arm64v8" + - "launchdarkly/ld-relay:latest-i386" + # For the static debian12 image - name_template: "launchdarkly/ld-relay:latest-static-debian12-nonroot" skip_push: false diff --git a/docs/docker.md b/docs/docker.md index 35f315a2..fb63e5cd 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -7,11 +7,11 @@ Using Docker is not required, but if you prefer using a Docker container we prov We provide images based on Alpine Linux and Google's ["distroless"](https://github.com/GoogleContainerTools/distroless) Debian12 images. -| Image | Version | Size | amd64 | armv7 | arm64v8 | i386 | -|--------------------|-----------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|-------|-------|---------|------| -| Distroless | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest-static-debian12-nonroot) ][dockerhub] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest-static-debian12-nonroot)][dockerhub] | ✅ | ✅ | ✅ | ❌ | | -| Distroless (debug) | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest-static-debian12-debug-nonroot) ][dockerhub] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest-static-debian12-debug-nonroot)][dockerhub] | ✅ | ✅ | ✅ | ❌ | -| Alpine | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest) ][dockerhub] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest)][dockerhub] | ✅ | ✅ | ✅ | ✅ | +| Image | Version | Size | amd64 | armv7 | arm64v8 | i386 | +|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------|-------|-------|---------|------| +| Distroless | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest-static-debian12-nonroot) ][dockerhub-distroless] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest-static-debian12-nonroot)][dockerhub-distroless] | ✅ | ✅ | ✅ | ❌ | | +| Distroless (debug) | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest-static-debian12-debug-nonroot) ][dockerhub-distroless-debug] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest-static-debian12-debug-nonroot)][dockerhub-distroless-debug] | ✅ | ✅ | ✅ | ❌ | +| Alpine | [![Docker Image Version](https://img.shields.io/docker/v/launchdarkly/ld-relay/latest-alpine) ][dockerhub-alpine] | [![Docker Image Size (tag)](https://img.shields.io/docker/image-size/launchdarkly/ld-relay/latest-alpine)][dockerhub-alpine] | ✅ | ✅ | ✅ | ✅ | We recommend using the Distroless images, as automated security scanners regularly flag issues in Alpine even though the Relay Proxy itself is unaffected. @@ -81,4 +81,7 @@ variant): docker exec -it [container name] /busybox/sh ``` -[dockerhub]: https://hub.docker.com/r/launchdarkly/ld-relay +[dockerhub-distroless]: https://hub.docker.com/r/launchdarkly/ld-relay/tags?page=&page_size=&ordering=&name=static-debian12-nonroot +[dockerhub-distroless-debug]: https://hub.docker.com/r/launchdarkly/ld-relay/tags?page=&page_size=&ordering=&name=static-debian12-debug-nonroot +[dockerhub-alpine]: https://hub.docker.com/r/launchdarkly/ld-relay/tags?page=&page_size=&ordering=&name=alpine +