As described in this excellent blog. The requirement is to build with docker buildx, which we already do. I doubt that we're on a recent enough version, but we can bump. Besides that, this requires no changes to other files, as the tool automatically will run the Dockerfile.rego against the Dockerfile input if present.
Would this add much to our rather simple Docker file? Probably not. But it's Rego! And it's a cool feature built on top of OPA. So of course we should use it.
As described in this excellent blog. The requirement is to build with
docker buildx, which we already do. I doubt that we're on a recent enough version, but we can bump. Besides that, this requires no changes to other files, as the tool automatically will run theDockerfile.regoagainst the Dockerfile input if present.Would this add much to our rather simple Docker file? Probably not. But it's Rego! And it's a cool feature built on top of OPA. So of course we should use it.