docs: add documentation for dependabot and copa #801
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: ashnamehrotra <[email protected]>
sozercan
reviewed
Oct 8, 2024
| @@ -66,3 +66,14 @@ export EXPERIMENTAL_BUILDKIT_SOURCE_POLICY=source-policy.json | |||
| > The tooling image for Debian-based images can be `docker.io/library/debian:11-slim` or `docker.io/library/debian:12-slim` depending on the target image version. RPM-based repos use `mcr.microsoft.com/cbl-mariner/base/core:2.0`. | |||
|
|
|||
| For more information on source policies, see [Buildkit Source Policies](https://docs.docker.com/build/building/env-vars/#experimental_buildkit_source_policy). | |||
|
|
|||
| ## Can I use Dependabot with Copa patched images? | |||
There was a problem hiding this comment.
nit: can we add this to the best practices doc, and link from faq to there
sozercan
reviewed
Oct 8, 2024
website/docs/faq.md
Outdated
| - If patched at build time, Dependabot should pick up the revision of the patch version (`1.2.3-2` -> `1.2.4` -> `1.2.4-1`) to minimize regressions. | ||
|
|
||
| ## Does Copa cause a buildup of patched layers on each patch? | ||
| No. To prevent a buildup of layers, Copa discards the previous patch layer with each new patch. Each subsequent patch removes the earlier patch layer and creates a new one, which includes all patches applied since the original base image Copa started with. Essentially, Copa is creating a new layer with the latest patch, based on the base/original image. This new layer is a combination (or squash) of both the previous updates and the new updates requested. |
There was a problem hiding this comment.
does this help size wise since we are not keeping older patch layers? if so, can we mention that too?
Signed-off-by: ashnamehrotra <[email protected]>
Signed-off-by: ashnamehrotra <[email protected]>
Signed-off-by: ashnamehrotra <[email protected]>
Signed-off-by: ashnamehrotra <[email protected]>
sozercan
reviewed
Oct 9, 2024
| This method makes it easy to continually consume the latest patched version of an image, but does contain some tradeoffs. First is that without pinning, image digests could change causing unpredictable behavior. Secondly, if an `ImagePullPolicy` is set to `IfNotPresent`, newly patched images would not be pulled since the tag hasn't changed. | ||
|
|
||
| ### Dependabot |
There was a problem hiding this comment.
can we need to add the changes in this file to versioned docs (0.8 is fine) too?
sozercan
approved these changes
Oct 9, 2024
Signed-off-by: ashnamehrotra <[email protected]>
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe the changes in this pull request using active verbs such as Add, Remove, Replace ...
Closes #795 #788