-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update of dockerfile to use more secure image; #1546
Open
mvforster
wants to merge
232
commits into
Ensembl:release/110
Choose a base branch
from
mvforster:v110/updates
base: release/110
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix Docker build badge
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed python packages have been updated to address vulnerabilities plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020 included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these can be excluded if LOFTEE is not going to be used
…n-path Fix plugin path in command line output
* Deterministic order for software versions * Deterministic order for software versions
Hello @mvforster, Thanks for your PR! We are thinking of supporting of creation of a more secure image of the Ensembl VEP with a separate docker But first of all can you create this PR against the |
rebasing the fork so that the pull request can be applied to the correct branch
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed python packages have been updated to address vulnerabilities plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020 included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these can be excluded if LOFTEE is not going to be used
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dear EnsEMBL team,
I would like to submit the following pull request for review and assessment. The changes to the Dockerfiles are to close as many vulnerabilities as possible.
The changes included are intended to ease the use of the VEP tool within an Air-Gapped environment such as the Genomics England TRE. I have made some modifications to the list of installed plugins to ensure that all plugins are based on code that is being actively maintained. Because of this, I have had to exclude the following plugins:
which require Python2 and Python2-specific packages.
The base image has been updated to Ubuntu 23.04, as 18.04 is End-of-Life. The ubuntu-pacakges.txt file is no longer being copied over, these packages are explicitly installed. The Python requirements file is also not being used given that the depending plugins are being excluded.
Python package vulnerabilities are being explicitly addressed within the base-layer updates.
I have included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233 as this is a requirement of our workflow, these can be excluded if LOFTEE is not going to be used.
I hope this proves useful,
Kind regards,
Matthieu