Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: Update Dockerfile to add missing dependencies and fix permissions #20

Merged
merged 5 commits into from
May 9, 2023
Merged

chore: Update Dockerfile to add missing dependencies and fix permissions #20

merged 5 commits into from
May 9, 2023

Conversation

esloch
Copy link
Collaborator

@esloch esloch commented May 5, 2023
edited
Loading

This pull request updates the Dockerfile to add missing dependencies such as git and wget, and fixes the permissions on certain directories and files to prevent permission errors during container startup.

Adds the ability to pass a host UID and GID as arguments to the Dockerfile during the build process. A user with the given UID and GID is added and airflow is given permission to execute sudo commands without a password.
In the docker compose file, the HOST_UID and HOST_GID arguments are passed to the build context so that the user can be created with the correct UID and GID.

@esloch esloch marked this pull request as ready for review May 8, 2023 13:31
@esloch esloch force-pushed the fix-nonroot-user branch 2 times, most recently from 7491fea to ed0b0a1 Compare May 9, 2023 13:41
@luabida
Copy link
Collaborator

luabida commented May 9, 2023

LGTM

@esloch
Copy link
Collaborator Author

esloch commented May 9, 2023

@luabida. In this particular PR, the issue was that the runner could not access the necessary secrets for the build, leading to build failures. The cause of this problem was that the repository was a fork, which prevented the runner from accessing the secrets. To solve this problem, the workflow was updated to include a step that checks if the repository is a fork and, if it is, sets the required secrets as environment variables. This change allowed the runner to access the necessary secrets and complete the build successfully, even when the repository is a fork.

To address the issue of external connections from the CI to the staging database on the server, it is essential to maintain security and prevent potential vulnerabilities. One possible solution to this issue is to create a dedicated database service within the AlertFlow project that imports relevant schemas for testing database connectivity and validating DAGs. Using a dedicated service within the project would provide greater control over security and access to the database while providing a way to test and validate DAGs.

This approach also enables others to contribute to the project without the need to configure connection credentials in the secrets. By having a dedicated database service, contributors can connect and test the database without having direct access to sensitive information, which helps to maintain security and minimize the risk of data breaches.

@esloch esloch requested a review from luabida May 9, 2023 17:27
@esloch esloch merged commit 1f704fb into AlertaDengue:main May 9, 2023
@esloch esloch deleted the fix-nonroot-user branch May 9, 2023 17:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@luabida luabida Awaiting requested review from luabida

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix user access and mount point volume in container
2 participants
@esloch @luabida