Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .ci-operator.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
build_root_image:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.25-openshift-4.22
tag: rhel-9-release-golang-1.26-openshift-5.0
4 changes: 2 additions & 2 deletions Dockerfile.ocp
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 AS builder

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

Use approved base image sources for both stages.

Line 1 and Line 6 use CI-registry images instead of the required approved source. Please switch both stages to UBI minimal or distroless images from catalog.redhat.com (or document a policy exception in-repo if this Dockerfile is intentionally exempt).
As per coding guidelines, "Base image: UBI minimal or distroless from catalog.redhat.com".

Also applies to: 6-6

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.ocp` at line 1, Replace the base images in both Dockerfile stages
from the CI-registry (registry.ci.openshift.org) to approved sources. Update the
builder stage FROM statement to use a UBI minimal or distroless image from
catalog.redhat.com instead of the current ocp/builder image, and similarly
update the second stage FROM statement to use an approved UBI minimal or
distroless image. If this Dockerfile has a policy exception allowing use of
CI-registry images, document that exception directly in the repository instead.

Source: Coding guidelines

WORKDIR /go/src/github.com/coredns/coredns
COPY . .
RUN GO111MODULE=on GOFLAGS=-mod=vendor go build -o coredns .

FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
COPY --from=builder /go/src/github.com/coredns/coredns/coredns /usr/bin/

ENTRYPOINT ["/usr/bin/coredns"]
Expand Down