Asymmetric Effort coding standards for consistency across all projects.
All Asymmetric Effort projects that use containers must follow these standards.
Only the following base images are permitted:
| Image | Purpose |
|---|---|
ubuntu:24.04 |
Builder stage and runtime (only when /bin/bash is required) |
gcr.io/distroless/base (or appropriate distroless variant) |
Runtime stage (default) |
No other images may be pulled from the internet. All container images must be built from these approved base images.
All Dockerfiles must use a multi-stage build pattern:
ubuntu:24.04 to compile, install dependencies, and prepare artifacts.# Builder stage
FROM ubuntu:24.04 AS builder
# Install build dependencies, compile, etc.
# Runtime stage
FROM gcr.io/distroless/base AS runtime
COPY --from=builder /app /app
ENTRYPOINT ["/app/binary"]
ubuntu:24.04 may be used as the runtime image only when the application absolutely requires a shell (/bin/bash) at runtime. This exception must be:
When ubuntu:24.04 is used as a runtime, it must still follow a multi-stage pattern — build dependencies must not be present in the final image.
node:, python:, golang:, nginx:, alpine:).latest tags. All base image references must use explicit version tags or SHA digests.USER must be specified in the runtime stage.