Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update base image to pass security scans #502

Merged
merged 5 commits into from
Oct 18, 2023
Merged

Update base image to pass security scans #502

merged 5 commits into from
Oct 18, 2023

Conversation

leifmadsen
Copy link
Member

@leifmadsen leifmadsen commented Oct 13, 2023
edited
Loading

Update the base image with a dnf update (need to excluse ansible because
ansible updates aren't compatible with the current build). This keeps
packages up to date to allow the resulting image to pass registry
security scans at the expence of image size.

@leifmadsen
Update base image to pass security scans
1d1fa37 
Update the base image with a dnf update (need to excluse ansible because
ansible updates aren't compatible with the current build). This keeps
packages up to date to allow the resulting image to pass registry
security scans at the expence of image size.
@leifmadsen
Copy link
Member Author

Opening this PR in draft mode primarily to start discussion. Is this something we should implement across our Dockerfiles upstream?

@leifmadsen leifmadsen added help wanted Extra attention is needed question Further information is requested labels Oct 14, 2023
@leifmadsen leifmadsen self-assigned this Oct 14, 2023
@leifmadsen
Copy link
Member Author

image

elfiesmelfie
elfiesmelfie reviewed Oct 16, 2023
View reviewed changes
build/Dockerfile Outdated Show resolved Hide resolved
@leifmadsen @csibbitt
Clean up intermediate layer
648334b 
Co-authored-by: Chris Sibbitt <csibbitt@redhat.com>
@leifmadsen
Copy link
Member Author

FWIW the suggested change from Chris results in an image that is smaller than that we're currently building.
image

@leifmadsen
Copy link
Member Author

image

@leifmadsen leifmadsen marked this pull request as ready for review October 16, 2023 19:29
vkmc
vkmc requested changes Oct 17, 2023
View reviewed changes
Copy link
Collaborator

@vkmc vkmc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, I would only like to see some notes adding more context to this line (for future reference), thanks!

@softwarefactory-project-zuul
Copy link

This change depends on a change that failed to merge.

Change infrawatch/smart-gateway-operator#148 is needed.

@softwarefactory-project-zuul
Copy link

This change depends on a change that failed to merge.

Change infrawatch/smart-gateway-operator#148 is needed.

@leifmadsen
Copy link
Member Author

Removed the Depends-On since I guess that expects the changes to land here as part of a merge, not that it needs it as part of the testing. (All makes sense now that I'm thinking about it :).)

@leifmadsen leifmadsen merged commit c9df561 into master Oct 18, 2023
6 of 7 checks passed
@leifmadsen leifmadsen deleted the fixup/update-image-security-scan branch October 18, 2023 18:23
@leifmadsen leifmadsen mentioned this pull request Oct 26, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elfiesmelfie elfiesmelfie elfiesmelfie left review comments

@vkmc vkmc vkmc requested changes

@csibbitt csibbitt csibbitt approved these changes

Assignees

@leifmadsen leifmadsen

Labels
help wanted Extra attention is needed question Further information is requested
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@leifmadsen @vkmc @csibbitt @elfiesmelfie