Conversation
Signed-off-by: oliver könig <okoenig@nvidia.com>
📝 WalkthroughWalkthroughThe Dockerfile.ci has been updated to include system package maintenance steps (apt-get update, gnupg upgrade, apt-get clean, and apt lists removal) following Python virtual environment creation, addressing CVE-2025-68973. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~5 minutes Suggested labels
Suggested reviewers
🚥 Pre-merge checks | ✅ 4✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Fix all issues with AI agents
In `@docker/Dockerfile.ci`:
- Line 29: Replace the interactive apt command with the non-interactive apt-get
variant: change the occurrence of "apt install -y --only-upgrade gnupg" to use
"apt-get install -y --only-upgrade gnupg" so the Dockerfile uses a consistent,
stable CLI (matching the existing "apt-get update") and avoids apt warnings in
CI.
| uv venv ${UV_PROJECT_ENVIRONMENT} --system-site-packages | ||
| uv venv ${UV_PROJECT_ENVIRONMENT} --system-site-packages && \ | ||
| # Address CVE-2025-68973 | ||
| apt-get update && apt install -y --only-upgrade gnupg && \ |
There was a problem hiding this comment.
Use apt-get install instead of apt install in Dockerfiles.
apt is intended for interactive use and may emit warnings in non-interactive contexts (e.g., "WARNING: apt does not have a stable CLI interface"). The same line already uses apt-get update, so this is also an inconsistency.
Proposed fix
- apt-get update && apt install -y --only-upgrade gnupg && \
+ apt-get update && apt-get install -y --only-upgrade gnupg && \📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| apt-get update && apt install -y --only-upgrade gnupg && \ | |
| apt-get update && apt-get install -y --only-upgrade gnupg && \ |
🤖 Prompt for AI Agents
In `@docker/Dockerfile.ci` at line 29, Replace the interactive apt command with
the non-interactive apt-get variant: change the occurrence of "apt install -y
--only-upgrade gnupg" to use "apt-get install -y --only-upgrade gnupg" so the
Dockerfile uses a consistent, stable CLI (matching the existing "apt-get
update") and avoids apt warnings in CI.
2 participants
What does this PR do ?
Add a one line overview of what this PR aims to accomplish.
Changelog
GitHub Actions CI
See the CI sectionin the Contributing doc for how to trigger the CI. A Nvidia developer will need to approve and trigger the CI for external contributors.
Before your PR is "Ready for review"
Pre checks:
If you haven't finished some of the above items you can still open "Draft" PR.
Additional Information
Summary by CodeRabbit