Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove ruby patch level from rails app's base image #2156

Merged
merged 3 commits into from
May 13, 2024
Merged

Remove ruby patch level from rails app's base image #2156

merged 3 commits into from
May 13, 2024

Conversation

jdettmannnava
Copy link
Contributor

@jdettmannnava jdettmannnava commented Apr 29, 2024
edited
Loading

🎫 Ticket

https://jira.cms.gov/browse/DPC-4046

🛠 Changes

  • Dockerfile for dpc-admin, dpc-portal, dpc-web, and api_client changed from ruby:3.3.0-alpine to ruby:3.3-alpine
  • Removed FROM openjdk stanza from dpc-web
  • Gemfile for dpc-admin, dpc-portal, and dpc-web point to ruby ~3.3 instead of 3.3.0

ℹ️ Context for reviewers

The new container policy recommends building from the minor version rather than patch to ensure security updates.

✅ Acceptance Validation

(How were the changes verified? Did you fully test the acceptance criteria in the ticket? Provide reproducible testing instructions and screenshots if applicable.)

🔒 Security Implications

  • This PR adds a new software dependency or dependencies.
  • This PR modifies or invalidates one or more of our security controls.
  • This PR stores or transmits data that was not stored or transmitted before.
  • This PR requires additional review of its security implications for other reasons.

If any security implications apply, add Jason Ashbaugh (GitHub username: StewGoin) as a reviewer and do not merge this PR without his approval.

@jdettmannnava jdettmannnava requested review from kyeah and a team April 29, 2024 17:54
@jdettmannnava jdettmannnava marked this pull request as ready for review April 29, 2024 17:55
jdettmannnava
jdettmannnava commented May 7, 2024
View reviewed changes
dpc-admin/Gemfile
@@ -1,7 +1,7 @@
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }

ruby '3.3.0'
ruby '~>3.3'
Copy link
Contributor Author

@jdettmannnava jdettmannnava May 7, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CMSgov/dpc-dev : do you think we should have it like this, where it changes automatically, or should we pin it, so it will fail on patch upgrade and we can test that separately?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Discussion on slack

@jdettmannnava jdettmannnava merged commit 65c5e7b into master May 13, 2024
4 checks passed
@jdettmannnava jdettmannnava deleted the jd/dpc-4046-rails-images branch May 13, 2024 17:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashley-weaver ashley-weaver ashley-weaver approved these changes

@kyeah kyeah Awaiting requested review from kyeah

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jdettmannnava @ashley-weaver