Lockdown your Dockerized build environments --- Because privileged mode is insecure, you should restrict your CI/CD environments to known users and projects. If this isn't feasible, then instead of using Docker, you could try using a standalone image builder like Buildah to eliminate the risk. Alternatively, configuring rootless Docker-in-Docker can mitigate some --- but not all --- of the security concerns... - Source: dev.to / 25 days ago

In my experience, not using docker to build docker images is a good idea. E.g. buildah[0] with chroot isolation can build images in a GitLab pipeline, where docker would fail. It can still use the same Dockerfile though. If you want to get rid of your Dockerfiles anyway, nix can also build docker images[1] with all the added benefits of nix (reproducibility, efficient building and caching, automatic layering,... - Source: Hacker News / 7 months ago

Buildah: This lightweight, open-source command-line tool for building and managing container images. It is an efficient alternative to Docker. With Buildah, you can build images in various ways, including using a Dockerfile, a podmanfile or by running commands in a container. Buildah is a flexible, secure and powerful tool for building container images. - Source: dev.to / about 1 year ago

When I saw the title I thought it was going to be about `buildah` [1][2] Which allows you to create images using the command line to build them up step-by-step. [1] https://buildah.io/. - Source: Hacker News / over 1 year ago

Buildah is a "tool that facilitates building OCI images" of Containers. If it is not installed, podman system migrate will print out the warning:. - Source: dev.to / over 1 year ago

Black uses by default the pyproject.toml file. This file contains a section for each different tool we want to use. The use of a configuration file like pyproject.toml is quite a good choice and helps the contributors to use the same tools and configurations you're using. - Source: dev.to / 5 months ago

Accessing the rest of the relevant variables is based on the various sections in the toml file. For example, referencing the Production Service Account (SA) will be by accessing the SERVICE_ACCOUNT variable which is under the [prd] section. - Source: dev.to / almost 2 years ago

In your project config file, set enableGitInfo to true (here, I’m showing the Hugo default of TOML, although my own config file is actually YAML):. - Source: dev.to / about 2 years ago

For config file use case I cannot recommend enough TOML. Source: about 2 years ago

TOML is a configuration file format that aims to be simple and easily readable. The Even Better TOML extension adds full editor support, including syntax highlighting, folding, navigation, and formatting. - Source: dev.to / over 2 years ago