Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update kaniko fork #178

Closed
Tracked by #132
matifali opened this issue May 5, 2024 · 6 comments
Closed
Tracked by #132

Update kaniko fork #178

matifali opened this issue May 5, 2024 · 6 comments
Assignees
@johnstcn
Labels
dependencies Pull requests that update a dependency file

Comments

@matifali
Copy link
Member

matifali commented May 5, 2024
edited
Loading

Coder's kaniko fork is outdated and prevents updating some of the dependencies that have vulnerabilities.
Details can be seen here: https://github.com/coder/envbuilder/security/dependabot

This is a must-do before we launch 1.0
cc: @bpmct
@matifali matifali added the dependencies Pull requests that update a dependency file label May 5, 2024
@matifali matifali mentioned this issue May 6, 2024
Closed
36 tasks
@kylecarbs
Copy link
Member

coder/kaniko#7

@matifali
Copy link
Member Author

Should we add a scheduled workflow to keep it in sync weekly or monthly?
https://github.com/wei/pull looks promising

@johnstcn
Copy link
Member

johnstcn commented May 16, 2024
edited
Loading

Kaniko has since updated to go1.22 which means we also need to do so. Unfortunately our codersdk deps prevent this right now (see: coder/coder#11342). For now I'm going to manually vendor these in.

@johnstcn johnstcn mentioned this issue May 17, 2024
Merged
johnstcn added a commit that referenced this issue May 17, 2024
@johnstcn
chore: remove codersdk dependency (#194)
85290fa 
Part of #178

In order to update our branch of Kaniko, we need to first update to go1.22.
This is not currently possible while depending on codersdk.

- Manually vendored relevant parts of codersdk and agentsdk into internal/notcodersdk
- Replaced existing usage of codersdk / agentsdk with internal/notcodersdk
- Added test for coder log sending functionality
@mtojek
Copy link
Member

mtojek commented May 20, 2024

@johnstcn Is there anything left here or can we resolve this issue?

@johnstcn
Copy link
Member

johnstcn commented May 20, 2024
edited
Loading

@mtojek coder/kaniko#7 is still un-merged. Some of the tests are failing partially due to some changes we have that upstream does not. However, all of our envbuilder tests appear to work fine with these changes.

Then #195 can be updated and approved.

@johnstcn
Copy link
Member

This is done now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@johnstcn johnstcn

Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@johnstcn @kylecarbs @matifali @mtojek