Lockdown your Dockerized build environments --- Because privileged mode is insecure, you should restrict your CI/CD environments to known users and projects. If this isn't feasible, then instead of using Docker, you could try using a standalone image builder like Buildah to eliminate the risk. Alternatively, configuring rootless Docker-in-Docker can mitigate some --- but not all --- of the security concerns... - Source: dev.to / 25 days ago

In my experience, not using docker to build docker images is a good idea. E.g. buildah[0] with chroot isolation can build images in a GitLab pipeline, where docker would fail. It can still use the same Dockerfile though. If you want to get rid of your Dockerfiles anyway, nix can also build docker images[1] with all the added benefits of nix (reproducibility, efficient building and caching, automatic layering,... - Source: Hacker News / 7 months ago

Buildah: This lightweight, open-source command-line tool for building and managing container images. It is an efficient alternative to Docker. With Buildah, you can build images in various ways, including using a Dockerfile, a podmanfile or by running commands in a container. Buildah is a flexible, secure and powerful tool for building container images. - Source: dev.to / about 1 year ago

When I saw the title I thought it was going to be about `buildah` [1][2] Which allows you to create images using the command line to build them up step-by-step. [1] https://buildah.io/. - Source: Hacker News / over 1 year ago

Buildah is a "tool that facilitates building OCI images" of Containers. If it is not installed, podman system migrate will print out the warning:. - Source: dev.to / over 1 year ago

First of all, create a file in the root project directories called compose.yaml. YAML is a text format that uses indentation to specify dependencies between configuration options. Be aware that incorrect indentation will cause problems with executing commands properly. - Source: dev.to / about 2 months ago

Most commonly written in YAML, these files are large and complex to read and understand. And being written in YAML comes with its challenges (and quirks) since it is an additional programming language that devs need to learn. - Source: dev.to / 3 months ago

Note, that this file is a Markdown and YAML file at the same time, and as such human- and machine-readable, if the fields are filled carefully. - Source: dev.to / 6 months ago

Front matter is a bit of text at the start of a file (YAML to be exact) that is placed between two ---. - Source: dev.to / 8 months ago

Meanwhile, formats have been evolving (JSON5, YAML), config entry points are constantly changing. These fluctuations, fortunately, were covered by tools like the cosmiconfig. - Source: dev.to / 9 months ago