Change Dockerfile to Chainguard Wolfi-Base to Reduce Vulnerabilities#5
Change Dockerfile to Chainguard Wolfi-Base to Reduce Vulnerabilities#5zackchadwick wants to merge 2 commits intondom91:mainfrom
Conversation
|
@zackchadwick thanks for the contribution! So first of all, I'm having trouble getting it to build. It's failing on the last step of the The web part specifically fails to run the Anyway, I'll keep debugging that a bit. Changing the To your question about testing Also since its in a queue, it initially uses whatever image it can find of the page ( |
|
That's interesting-- can confirm I'm seeing the same thing after pulling the latest from main. I'll see if I can figure out why. |
|
@zackchadwick Awesome, thanks Just wanted to mention, maybe its an issue with the pnpm workspace (monorepo) setup?
|
|
Also just wanted to share this Dockerfile explorer I've recently come across, super helpful for viewing layer details and what's going on in each one |

Description
This is a change to the Dockerfile that moves away from the node provided image to wolfi-base by Chainguard.
I built the images locally and was able to run them with a local postgres and minio with no issues accessing the app. Everything appeared to be working. My only concern is around Playwright- the Playwright install with dependencies failed because it falls back to Ubuntu for deps. I did install the Playwright package that's available for the Wolfi image so dependencies should be taken care of, but you may want to test this specifically. I'm not sure if there's anything I could test in browser locally to see if it's performing as expected.
Linked Issues
Additional context
For reference, here are the vulnerabilities counts from Grype:
Web w/ Node
105 Total (25 Unknown)
Web w/ Wolfi
12 Total (10 Unknown)
Backend w/ Node
187 Total (31 Unknown)
Backend w/ Wolfi
0 Total