Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CNJR-0000: Use alpine instead of Ruby base image #154

Merged
merged 1 commit into from
Jul 8, 2024
Merged

CNJR-0000: Use alpine instead of Ruby base image #154

merged 1 commit into from
Jul 8, 2024

Conversation

szh
Copy link
Contributor

@szh szh commented Jul 1, 2024
edited
Loading

There doesn't seem to be any real reason we're using the Ruby base image for the summon test app. Summon is written in Go, and besides we're installing the compiled version. The Ruby image is large and has therefore has a large attack surface and many packages with vulnerabilities. Switching to a slimmer base image such as Alpine reduces attack surface and vulnerabilities.

While testing this, I discovered that Jenkins tests on OpenShift were failing due to the google/cloud-sdk base image used in tests no longer having the correct glibc version needed by the OpenShift CLI. I decided to switch from the (very large) google/cloud-sdk image to a plain ubuntu image and download the Google Cloud CLI as described in https://cloud.google.com/sdk/docs/install#deb

@szh szh requested a review from a team July 1, 2024 19:13
@szh szh self-assigned this Jul 1, 2024
@szh szh force-pushed the snyk-fixes branch 5 times, most recently from 6f47819 to 338d760 Compare July 2, 2024 20:08
@szh szh marked this pull request as draft July 2, 2024 20:20
@szh szh marked this pull request as ready for review July 2, 2024 20:25
@szh szh marked this pull request as draft July 2, 2024 20:25
@szh szh force-pushed the snyk-fixes branch 4 times, most recently from 5e429ff to b13fcaa Compare July 3, 2024 14:34
@szh szh marked this pull request as ready for review July 3, 2024 16:51
@jtuttle jtuttle merged commit fabf272 into main Jul 8, 2024
1 check passed
@szh szh deleted the snyk-fixes branch July 8, 2024 13:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jtuttle jtuttle jtuttle approved these changes

Assignees

@szh szh

Labels
kind/dependency-vulnerability
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@szh @jtuttle