Upgrade Golang base image to 1.18 to remediate CVEs #5035

sonpham96 · 2022-11-28T10:27:42Z

What changed?
Fix #5034 by bumping golang base images to golang:1.18.8-alpine3.15.

Why?
To remediate go-related CVEs of Cadence Server.

How did you test it?

# checkout to master
git checkout master
git pull

# build server image
docker build . -f Dockerfile -t ubercadence/server:master --build-arg TARGET=server

# scan with any vulnerability scanner
/usr/local/bin/twistcli images scan --details ubercadence/server:master

Scan results after (remaining unfixed CVEs):

Fixes:

Not fix:

Potential risks

Release notes

Documentation Changes

coveralls · 2022-12-13T09:31:10Z

Pull Request Test Coverage Report for Build 0186f1a1-51d3-40e0-a0dc-0b580b3efb2f

0 of 0 changed or added relevant lines in 0 files are covered.
130 unchanged lines in 13 files lost coverage.
Overall coverage increased (+0.006%) to 57.109%

Files with Coverage Reduction	New Missed Lines	%
common/task/weightedRoundRobinTaskScheduler.go	1	89.64%
service/history/execution/mutable_state_util.go	2	36.04%
service/history/task/transfer_standby_task_executor.go	2	86.4%
common/task/fifoTaskScheduler.go	3	84.54%
service/history/task/fetcher.go	4	91.24%
service/history/task/task_util.go	4	75.14%
service/history/decision/task_handler.go	5	72.33%
common/persistence/statsComputer.go	6	94.29%
common/persistence/serialization/parser.go	8	62.41%
common/persistence/serialization/thrift_decoder.go	8	53.06%

Totals
Change from base Build 0186f1a0-c451-44c9-897a-6b808ad4b7cd:	0.006%
Covered Lines:	85273
Relevant Lines:	149317

💛 - Coveralls

commit f1e2476 Author: sonpham96 <sonpham1996@gmail.com> Date: Sat Mar 18 05:32:01 2023 +0700 Upgrade Golang base image to 1.18 to remediate CVEs (#5035) Co-authored-by: David Porter <david.porter@uber.com> commit 1519ace Author: charlese-instaclustr <76502507+charlese-instaclustr@users.noreply.github.com> Date: Fri Mar 17 22:11:27 2023 +0000 Fix type validation in configstore DC client value updating (#5110) * Remove misleading type check, Add more detailed log message * removing debugging logging * Handle nil update edge case --------- Co-authored-by: allenchen2244 <102192478+allenchen2244@users.noreply.github.com> Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit a3e2774 Author: charlese-instaclustr <76502507+charlese-instaclustr@users.noreply.github.com> Date: Fri Mar 17 19:02:40 2023 +0000 Add Canary TLS support (#5086) * add support for TLS connections by Canary, add development config for Canary with TLS * update README to include new config option * remove testing config --------- Co-authored-by: David Porter <david.porter@uber.com> Co-authored-by: Shijie Sheng <shengs@uber.com> Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit ff4eab2 Author: Shijie Sheng <shengs@uber.com> Date: Thu Mar 16 20:10:54 2023 -0700 [history] more cautious in deciding domain state to make decisions on dropping queued tasks (#5164) What changed? When domain cache returned entity not found error, don't drop queued tasks to be more conservative. Why? In cases when the cache is dubious, we shouldn't drop the queued tasks. commit 55a8d93 Author: neil-xie <104041627+neil-xie@users.noreply.github.com> Date: Thu Mar 16 14:18:35 2023 -0700 Add Pinot docker files, table config and schema (#5163) * Initial checkin for pinot config files commit 1304570 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Thu Mar 16 15:20:29 2023 +0200 Set poll interval for filebased dynamic config if not set (#5160) * Set poll interval for filebased dynamic config if not set * update unit test commit 42a14b1 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Thu Mar 16 10:49:21 2023 +0200 Elasticsearch: reduce code duplication (#5137) * Elasticsearch: reduce code duplication * address comments --------- Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit cbf0d14 Author: bowen xiao <xbowen@uber.com> Date: Wed Mar 15 10:19:34 2023 -0700 fix samples documentation (#5088) commit ba19a29 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Wed Mar 15 12:52:29 2023 +0200 Add ShardID to valid attributes (#5161) commit a25cba8 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Wed Mar 15 10:56:50 2023 +0200 ES: single interface for different ES/OpenSearch versions (#5158) * ES: single interface for different ES/OpenSearch versions * make fmt commit e3ac246 Author: Ketsia <115650494+ketsiambaku@users.noreply.github.com> Date: Tue Mar 14 12:47:40 2023 -0700 added logging with workflow/domain tags (#5159) commit 9581488 Author: Ketsia <115650494+ketsiambaku@users.noreply.github.com> Date: Mon Mar 13 16:56:45 2023 -0700 Consistent query pershard metric (#5143) * added and update consistent query per shard metric * testing pershard metric * move sample logger into persistence metric client for cleaness * fix test * fix lint * fix test again * fix lint * sample logging with workflowid tag * added domain tag to logger * metric completed * addressing comments * fix lint * Revert "fix lint" This reverts commit 1e96944. * fix lint second attempt --------- Co-authored-by: Allen Chen <allenchen2244@uber.com>

commit 9d01035 Author: allenchen2244 <102192478+allenchen2244@users.noreply.github.com> Date: Wed Mar 29 20:50:38 2023 -0700 large workflow hot shard detection (#5166) Metrics for large workflows commit dd51c53 Author: David Porter <david.porter@uber.com> Date: Wed Mar 29 18:30:06 2023 -0700 fix build (#5180) commit 7b281c2 Author: David Porter <david.porter@uber.com> Date: Mon Mar 27 10:38:37 2023 -0700 Adds a small test to catch issues with deadlocks (#5171) * Adds a small test to catch issues with deadlocks commit f1e2476 Author: sonpham96 <sonpham1996@gmail.com> Date: Sat Mar 18 05:32:01 2023 +0700 Upgrade Golang base image to 1.18 to remediate CVEs (#5035) Co-authored-by: David Porter <david.porter@uber.com> commit 1519ace Author: charlese-instaclustr <76502507+charlese-instaclustr@users.noreply.github.com> Date: Fri Mar 17 22:11:27 2023 +0000 Fix type validation in configstore DC client value updating (#5110) * Remove misleading type check, Add more detailed log message * removing debugging logging * Handle nil update edge case --------- Co-authored-by: allenchen2244 <102192478+allenchen2244@users.noreply.github.com> Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit a3e2774 Author: charlese-instaclustr <76502507+charlese-instaclustr@users.noreply.github.com> Date: Fri Mar 17 19:02:40 2023 +0000 Add Canary TLS support (#5086) * add support for TLS connections by Canary, add development config for Canary with TLS * update README to include new config option * remove testing config --------- Co-authored-by: David Porter <david.porter@uber.com> Co-authored-by: Shijie Sheng <shengs@uber.com> Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit ff4eab2 Author: Shijie Sheng <shengs@uber.com> Date: Thu Mar 16 20:10:54 2023 -0700 [history] more cautious in deciding domain state to make decisions on dropping queued tasks (#5164) What changed? When domain cache returned entity not found error, don't drop queued tasks to be more conservative. Why? In cases when the cache is dubious, we shouldn't drop the queued tasks. commit 55a8d93 Author: neil-xie <104041627+neil-xie@users.noreply.github.com> Date: Thu Mar 16 14:18:35 2023 -0700 Add Pinot docker files, table config and schema (#5163) * Initial checkin for pinot config files commit 1304570 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Thu Mar 16 15:20:29 2023 +0200 Set poll interval for filebased dynamic config if not set (#5160) * Set poll interval for filebased dynamic config if not set * update unit test commit 42a14b1 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Thu Mar 16 10:49:21 2023 +0200 Elasticsearch: reduce code duplication (#5137) * Elasticsearch: reduce code duplication * address comments --------- Co-authored-by: Zijian <Shaddoll@users.noreply.github.com> commit cbf0d14 Author: bowen xiao <xbowen@uber.com> Date: Wed Mar 15 10:19:34 2023 -0700 fix samples documentation (#5088) commit ba19a29 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Wed Mar 15 12:52:29 2023 +0200 Add ShardID to valid attributes (#5161) commit a25cba8 Author: Mantas Šidlauskas <mantass@netapp.com> Date: Wed Mar 15 10:56:50 2023 +0200 ES: single interface for different ES/OpenSearch versions (#5158) * ES: single interface for different ES/OpenSearch versions * make fmt commit e3ac246 Author: Ketsia <115650494+ketsiambaku@users.noreply.github.com> Date: Tue Mar 14 12:47:40 2023 -0700 added logging with workflow/domain tags (#5159) commit 9581488 Author: Ketsia <115650494+ketsiambaku@users.noreply.github.com> Date: Mon Mar 13 16:56:45 2023 -0700 Consistent query pershard metric (#5143) * added and update consistent query per shard metric * testing pershard metric * move sample logger into persistence metric client for cleaness * fix test * fix lint * fix test again * fix lint * sample logging with workflowid tag * added domain tag to logger * metric completed * addressing comments * fix lint * Revert "fix lint" This reverts commit 1e96944. * fix lint second attempt --------- Co-authored-by: Allen Chen <allenchen2244@uber.com>

sonpham96 added 2 commits November 28, 2022 17:14

Upgrade Golang base image to 1.18 to remediate CVEs

370d395

Merge branch 'master' into fix-issue-5034

4766919

sonpham96 mentioned this pull request Dec 1, 2022

Addressing a lot of security vulnerabilities in the latest Cadence release #5037

Closed

sonpham96 and others added 2 commits December 12, 2022 15:08

Merge branch 'master' into fix-issue-5034

10fb548

Merge branch 'master' into fix-issue-5034

2813ab5

davidporter-id-au enabled auto-merge (squash) December 12, 2022 18:45

sonpham96 added 3 commits December 16, 2022 11:12

Merge branch 'master' into fix-issue-5034

32cea19

Merge branch 'master' into fix-issue-5034

8bb90af

Merge branch 'master' into fix-issue-5034

3937f2a

thle40 mentioned this pull request Mar 17, 2023

Addressing a lot of security vulnerabilities in the Cadence release v0.25 #5165

Closed

Merge branch 'master' into fix-issue-5034

6cc1746

davidporter-id-au approved these changes Mar 17, 2023

View reviewed changes

Merge branch 'master' into fix-issue-5034

ccf350f

davidporter-id-au merged commit f1e2476 into uber:master Mar 17, 2023

sonpham96 deleted the fix-issue-5034 branch March 20, 2023 04:06

p-linnane mentioned this pull request Apr 27, 2023

cadence-workflow 1.0.0 Homebrew/homebrew-core#129427

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Upgrade Golang base image to 1.18 to remediate CVEs #5035

Upgrade Golang base image to 1.18 to remediate CVEs #5035

sonpham96 commented Nov 28, 2022 •

edited

Loading

coveralls commented Dec 13, 2022 •

edited

Loading

Upgrade Golang base image to 1.18 to remediate CVEs #5035

Upgrade Golang base image to 1.18 to remediate CVEs #5035

Conversation

sonpham96 commented Nov 28, 2022 • edited Loading

coveralls commented Dec 13, 2022 • edited Loading

Pull Request Test Coverage Report for Build 0186f1a1-51d3-40e0-a0dc-0b580b3efb2f

💛 - Coveralls

sonpham96 commented Nov 28, 2022 •

edited

Loading

coveralls commented Dec 13, 2022 •

edited

Loading