|
|
|
|
|
|
by amouat
1057 days ago
|
|
|
I'm very sorry that we broke things for you. To be clear, nothing has changed with Wolfi. Wolfi is an open source community project and everything is still available there: https://github.com/wolfi-dev/. We have made changes to Chainguard Images - our commercial product built on top of Wolfi - which mean you can no longer pull images by tag (other than latest). Chainguard images are rebuilt everyday and have a not inconsiderable maintenance cost (and the money we make here directly helps us support Wolfi). The easiest way to avoid this is to build the images yourself. You can rebuild identical images to ours using apko and the source files in the images repo e.g: https://github.com/chainguard-images/images/blob/main/images... (note you can replace package names with versioned versions). You can also just use a Dockerfile with the wolfi-base image to "apk add" packages. Full details are here: https://www.chainguard.dev/unchained/a-guide-on-how-to-use-c... I agree that pinning is a best practice. The above blog explains that you can still do it using a digest, but I accept this isn't the simplest solution. If I can help any more, please feel free to get in touch - you can find me most places including twitter https://twitter.com/adrianmouat |
|
|
else, frankly you claimed wolfi is oss, get customers to use your registry, and then bait and switched your early adopters.
aka, major version upgrades at random, have fun!