chore: Upgrade infra -- pip and Docker #365
Conversation
![sourcery-ai[bot]](https://avatars.githubusercontent.com/in/48477?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Type: Enhancement
PR Summary: The pull request focuses on upgrading the infrastructure by updating the Dockerfile to use more recent and secure methods of installing dependencies, including Docker itself, and optimizing the installation of Python packages. It transitions from using apt to apt-get for package management, adds new dependencies, and updates the way GPG keys are handled for Docker installation. Additionally, it modifies the way the HTML/CSS validator is downloaded and installed, and makes minor adjustments to user and environment setup within the Docker containers.
Decision: Comment
📝 Type: 'Enhancement' - not supported yet.
- Sourcery currently only approves 'Typo fix' PRs.
✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.
No details provided.
✅ Small diff: the diff is small enough to approve with confidence.
No details provided.
General suggestions:
- Consider verifying the integrity of the GPG keys when adding them to ensure the authenticity of the packages being installed, especially for critical packages like Docker. This is a security best practice that can help prevent man-in-the-middle attacks.
- Review the changes to ensure they align with the best practices for Dockerfile optimization and security. This includes minimizing the number of layers, ensuring that only necessary packages are installed, and cleaning up in the same layer where installations happen to keep the image size small.
- Ensure that all changes are well-documented within the PR to make it clear why each change was made, which can be particularly helpful for critical infrastructure changes.
Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨
| wget \ | ||
| unzip \ | ||
| && install -m 0755 -d /etc/apt/keyrings \ | ||
| && curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc \ |
There was a problem hiding this comment.
🚨 security (llm): It's a good practice to verify the integrity of the GPG keys when adding them, especially for critical packages like Docker. This ensures the authenticity of the packages being installed.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #365 +/- ##
=======================================
Coverage 80.12% 80.12%
=======================================
Files 63 63
Lines 2953 2953
=======================================
Hits 2366 2366
Misses 587 587 ☔ View full report in Codecov by Sentry. |
No description provided.