Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump: Use latest docker image versions #31

Merged
merged 1 commit into from
May 26, 2023
Merged

bump: Use latest docker image versions #31

merged 1 commit into from
May 26, 2023

Conversation

MiguelMarcelino
Copy link
Contributor

@MiguelMarcelino MiguelMarcelino commented May 26, 2023
edited

Bump the docker base images to their latest versions.

I am trying to use adoptopenjdk/openjdk8:jre8u372-b07-ubuntu, as the latest version of eclipse-temurin with ubuntu focal has vulnerabilities.

@MiguelMarcelino MiguelMarcelino changed the title bump: Use latest base image versions bump: Use latest docker image versions May 26, 2023
lolgab
lolgab previously approved these changes May 26, 2023
View reviewed changes
@lolgab
Copy link
Contributor

lolgab commented May 26, 2023

Have you tried analysing the generated codacy/base image using latest eclipse-temurin?
If I remember correctly, we do apt-get upgrade to install latest security patches, so just building a new image usually fixes security issues.

@h314to
Copy link
Contributor

h314to commented May 26, 2023
edited

Have you tried analysing the generated codacy/base image using latest eclipse-temurin?
If I remember correctly, we do apt-get upgrade to install latest security patches, so just building a new image usually fixes security issues.

I just scanned it. The one this PR is using is much better. It is more recent and has less vulnerabilities.

Screenshot 2023-05-26 at 15 50 56
Screenshot 2023-05-26 at 15 51 27

I think eventually it would be beneficial to just build our own jdk image from ubuntu. The openjdk image just installs java, so it would be just a couple of commands on our image, particularly since we only build it for amd64, so we don't need multiarch support. It would also allow to decouple the java version update from the base image update. We may not be interested in upgrading java to get rid of base image vulnerabilities, but by relying on the openjdk/temurin/whatever image instead of plain ubuntu we have no vote on this matter.

@MiguelMarcelino MiguelMarcelino merged commit b320823 into master May 26, 2023
3 checks passed
@delete-merged-branch delete-merged-branch bot deleted the bump/bump-docker-base-image branch May 26, 2023 14:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@h314to h314to h314to approved these changes

@stefanvacareanu7 stefanvacareanu7 stefanvacareanu7 approved these changes

@lolgab lolgab lolgab left review comments

@pedrocodacy pedrocodacy Awaiting requested review from pedrocodacy pedrocodacy is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@MiguelMarcelino @lolgab @h314to @stefanvacareanu7