Skip to content

chore: migrate .goreleaser config to use docker_v2#4608

Open
spiffcs wants to merge 1 commit intomainfrom
goreleaser_dockers_v2
Open

chore: migrate .goreleaser config to use docker_v2#4608
spiffcs wants to merge 1 commit intomainfrom
goreleaser_dockers_v2

Conversation

@spiffcs
Copy link
Contributor

@spiffcs spiffcs commented Feb 6, 2026
edited
Loading

Description

Work in progress to migrate/refactor the docker builds to use new goreleaser features.
https://goreleaser.com/customization/dockers_v2/

I know this is in alpha so I can revert the use of v2 and just solve the debug root/non-root issue. It was just overloading in the old syntax to think about everything that was being built.

Here is a link to the feedback discussion for the new feature:
https://github.com/orgs/goreleaser/discussions/6005

IMPORTANT: debug has been changed from non-root -> root.

Dockerfile.debug

A new non-root image has been added. This is a subtle change and we should discuss this here.
The other option is to not change the user behavior, keep debug as is and add a debug-root.

This is awkward naming since it's the inverse of the other two images, but might be worth doing as it doesn't change existing behavior of the tagged images.

  ┌───────────────┬──────────────────────────┬───────────────────────────────────────┬────────────────────────────────────┐
  │     Entry     │        Dockerfile        │            Tags per image             │               Images               │
  ├───────────────┼──────────────────────────┼───────────────────────────────────────┼────────────────────────────────────┤
  │ production    │ Dockerfile               │ latest, {{.Tag}}                      │ anchore/syft, ghcr.io/anchore/syft │
  ├───────────────┼──────────────────────────┼───────────────────────────────────────┼────────────────────────────────────┤
  │ nonroot       │ Dockerfile.nonroot       │ nonroot, {{.Tag}}-nonroot             │ anchore/syft, ghcr.io/anchore/syft │
  ├───────────────┼──────────────────────────┼───────────────────────────────────────┼────────────────────────────────────┤
  │ debug         │ Dockerfile.debug         │ debug, {{.Tag}}-debug                 │ anchore/syft, ghcr.io/anchore/syft │
  ├───────────────┼──────────────────────────┼───────────────────────────────────────┼────────────────────────────────────┤
  │ debug-nonroot │ Dockerfile.debug-nonroot │ debug-nonroot, {{.Tag}}-debug-nonroot │ anchore/syft, ghcr.io/anchore/syft │
  └───────────────┴──────────────────────────┴───────────────────────────────────────┴────────────────────────────────────┘

Each entry builds for 4 platforms: linux/amd64, linux/arm64, linux/ppc64le, linux/s390x.
4 entries × 2 registries × 2 tags = 16 manifest tags, each backed by 4 platform-specific images (64 platform images total).

Type of change

  • Chore (improve the developer experience, fix a test flake, etc, without changing the visible behavior of Syft)

Issue references

Fixes: #4113

@spiffcs
chore: migrate .goreleaser build to docker_v2
61dff5d 
Signed-off-by: Christopher Phillips <32073428+spiffcs@users.noreply.github.com>
@spiffcs spiffcs marked this pull request as ready for review February 6, 2026 21:17
@spiffcs spiffcs self-assigned this Feb 9, 2026
@spiffcs spiffcs added this to OSS Feb 9, 2026
@spiffcs spiffcs moved this to In Review in OSS Feb 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@spiffcs spiffcs

Labels

None yet

Projects

OSS
Status: In Review

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Debug Docker images are running as nonroot user

1 participant

@spiffcs