diff options
Diffstat (limited to 'llvm/docs/CIBestPractices.rst')
| -rw-r--r-- | llvm/docs/CIBestPractices.rst | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/llvm/docs/CIBestPractices.rst b/llvm/docs/CIBestPractices.rst index da92ed3..855e2cc 100644 --- a/llvm/docs/CIBestPractices.rst +++ b/llvm/docs/CIBestPractices.rst @@ -136,3 +136,20 @@ branches as follows: branches: - main - releases/* + +Container Best Practices +======================== + +This section contains best practices/guidelines when working with containers +for LLVM infrastructure. + +Using Fully Qualified Container Names +------------------------------------- + +When referencing container images from a registry, such as in Github Actions +workflows, or in ``Dockerfile`` files used for building images, prefer fully +qualified names (i.e., including the registry domain) over just the image. +For example, prefer ``docker.io/ubuntu:24.04`` over ``ubuntu:24.04``. This +ensures portability across systems where a different default registry might +be specified and also prevents attackers from changing the default registry +to pull in a malicious image instead of the intended one. |