Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/alpine containers #625

Merged
merged 12 commits into from
Sep 5, 2022
Merged

Feature/alpine containers #625

merged 12 commits into from
Sep 5, 2022

Conversation

kusalananda
Copy link
Member

@kusalananda kusalananda commented Sep 2, 2022
edited
Loading

Related issue(s) and PR(s)

This PR closes #624.

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality not to work as expected)
  • Other

List of changes made

The choice of Docker containers used by the project was altered. With this PR, we now pick Docker containers based on the Alpine Linux 3.16 release (or just a generic Alpine Linux if the release number can't be chosen). The Alpine Linux distribution appears to be more proactive in patching known vulnerabilities.

In addition to simply changing the Docker image that is used, some files had to be updated to deal with the fact that the Alpine distribution uses apk as its package manager rather than apt.

Updates, summarised:

  • backend/Dockerfile:
    • golang:1.17.11-stretch --> golang:1.19-alpine3.16
  • node/Dockerfile:
    • node:18.8.0-slim --> node:18.8.0-alpine
  • production/Dockerfile:
    • golang:1.18.5-alpine3.15 --> golang:1.19-alpine3.16
    • alpine:3.16.2 --> alpine:3.16 (to ensure everything is using the same release of Alpine)
  • production/Dockerfile.nginx:
    • node:18.8.0-slim --> node:18.8.0-alpine3.16 (x2)
    • nginx:1.23.1 --> nginx:1.23.1-alpine (there is no -alpine3.16)

Other tweaks to docker-compose.yml as well as to both backend/Dockerfile and production/Dockerfile were made to

  1. Support Alpine's own package manager, and to
  2. Ensure that the production and development variants of the built containers are as similar as possible.

While here, I have also updated the Go language version used by the Github actions from 1.17 to 1.19.

Testing

  • I have rebuilt everything from scratch and tested the development environment with these changes.

Definition of Done checklist

  • I have made an effort making the commit history understandable
  • I have performed a self-review of my own code and commented any hard-to-understand areas
  • Tests and lint/format validations are passing
  • My changes generate no new warnings

@kusalananda
Update Docker images
791bef6 
* Use images that are based on Alpine 3.16 throughout.
* For the Nginx image, there is no `-alpine3.16` image, only a `-alpine` image, so use that one instead.
@kusalananda
Switch from using bash -c to sh -c
81952c8 
The Bash shell is not included by default in Alpine-based images.
@kusalananda
Switch from -slim to -alpine container for Node
bc1c8c8
@kusalananda
No real need to pin down the verisons of the compiler and C libs
c79d5c2
@kusalananda
Switch to Alpine for backend too
1d73d3c 
* Remove the use of the Bash shell, and
* Switch to using the `apk` package manager in place of `apt`.
@kusalananda kusalananda added security Related to security docker Pull requests that update Docker code labels Sep 2, 2022
@kusalananda kusalananda self-assigned this Sep 2, 2022
@kusalananda
Copy link
Member Author

The linters require further changes. I will look at these tonight or during the weekend.

@kusalananda
Make linter happier
a64b612 
* Drop explicit `apk` udate and use `apk --no-cache` instead.
* Pin package velisons for `apk` (at least major versions).
* Use `ash` as the shell in `backend/Dockerfile` to get access to `pipefail` shell option.
@kusalananda
Add missing triple-dash to start of YAML files
083c60f
@kusalananda
Need absolute path to shell executable, doh!
6b8bd21
@kusalananda kusalananda marked this pull request as ready for review September 2, 2022 17:44
@kusalananda kusalananda requested a review from a team September 2, 2022 17:44
@kusalananda
Update Air from v1.29.0 to v1.40.4
a9f067b 
Also add `--silent` option to `curl`.
@kusalananda
Copy link
Member Author

I'm merging this as @KattisLej also reported successfully using the updated Docker setup.

@kusalananda kusalananda merged commit ac0355e into develop Sep 5, 2022
@kusalananda kusalananda deleted the feature/alpine-containers branch September 5, 2022 11:06
@jonandernovella jonandernovella mentioned this pull request Sep 6, 2022
Merged
kusalananda added a commit that referenced this pull request Sep 6, 2022
@kusalananda
Use nginx:1.23.1-alpine in development too
f56ff62 
This was an oversight that should have been part of #625
@kusalananda kusalananda mentioned this pull request Sep 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonandernovella jonandernovella jonandernovella approved these changes

Assignees

@kusalananda kusalananda

Labels
docker Pull requests that update Docker code security Related to security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update Docker containers to deal with vulnerabilities reported by Snyk
2 participants
@kusalananda @jonandernovella