Great, really should have a look at #chainguard based #Docker images: JavaScript Actions in Alpine containers are only supported on x64 Linux runners. Detected Linux Arm64
It's been a rocket ship adventure, for sure. We tried a few things, but It turns out that 0-vulnerability open-source container images are a big deal.
Somehow in 2023, we are still at the point where projects like #NodeJS, #nginx & #PHP publish container images with hundreds of CVEs. We minimize, harden, and remove vulns from these images, and our customers love it.
I took a dive into #Vitess today, the "secret sauce" from YouTube (and Planetscale) for crazy database scaling.
Honestly it does look really good, nicer than Galera, but they really need better documentation and examples for everyone that doesn't use Kubernetes. 😡
So for now I don't think I'm going to use it. That said, I think I will switch to Percona from MariaDB, to save myself the migration pain later.
Anyways, the last part of today's research dive was more #Docker.
The most interesting discovery was #distroless images. I was familiar with #Alpine#Linux, but I hadn't really stumbled across distroless yet. Specifically I noticed that #Envoy shipped a distroless image, but neglected to really explain it short of "it's faster and better".
Google's distroless project is limited to standalone application runners (Node, Java), but #ChainGuard has their #Wolfi images that cover more bases. 👍