There has been a lot of press about supply chain attacks recently, these type of attacks are nothing new and understanding them is really important for developers using services such as GitHub Actions, given Continuos integration (CI) tools are a critical part of supply chain used in software projects.
A supply chain attack targets less secure parts of the development process, this could be the tools and services you depend on, or the docker containers you host your software in.
This describes how to develop front-end projects with webpack inside a docker container using boot2docker on OSX.
So firstly why would we even do this? The main aim of using docker for development is:
Portable build environment Simplified on-boarding of new developers Consistency between development and continuous integration (CI) In summary tools like docker make it very easy to package up a development environment and share it among a team of developers.