Skip to content

Commit

Permalink
upgrade Docker base image from python:3.12.3-alpine3.18 to `python:…
Browse files Browse the repository at this point in the history
…3.12.3-alpine3.20` (#4879)

# What this PR does

Fixes [many
CVEs](https://ops.grafana-ops.net/a/grafana-vulnerabilityobs-app/sources/9/version/5561?var-package=&var-cve=CVE-2023-42363&var-riskLevel=$__all)
currently present in our `latest` tagged Docker image:

**Before**
<img width="1250" alt="Screenshot 2024-08-20 at 16 33 14"
src="https://github.com/user-attachments/assets/8215cefe-0a4c-44a8-a817-47d5d9633ceb">

**After**
<img width="1245" alt="Screenshot 2024-08-20 at 16 30 09"
src="https://github.com/user-attachments/assets/2ddc9246-edbc-4801-8dc4-cdc962786ef8">

## Checklist

- [ ] Unit, integration, and e2e (if applicable) tests updated
- [x] Documentation added (or `pr:no public docs` PR label added if not
required)
- [x] Added the relevant release notes label (see labels prefixed w/
`release:`). These labels dictate how your PR will
    show up in the autogenerated release notes.
  • Loading branch information
joeyorlando authored Aug 20, 2024
1 parent 081c6bd commit 65dd0a7
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 2 deletions.
6 changes: 5 additions & 1 deletion .github/workflows/snyk-security-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_call:

jobs:
snyk-python-security-scan:
snyk-security-scan:
name: Snyk security scan
runs-on: ubuntu-latest
# see this PR regarding the permissions needed for this workflow
Expand Down Expand Up @@ -40,3 +40,7 @@ jobs:
# yamllint enable rule:line-length
env:
SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
# TODO: setup snyk container monitor & snyk container test
# will require building the docker image and storing it in the local docker registry..
# will need to refactor .github/workflows/build-engine-docker-image-and-publish-to-dockerhub.yml
# to be a composable action instead of a workflow
2 changes: 1 addition & 1 deletion engine/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM python:3.12.3-alpine3.18 AS base
FROM python:3.12.3-alpine3.20 AS base
ARG TARGETPLATFORM

# Create a group and user to run an app
Expand Down

0 comments on commit 65dd0a7

Please sign in to comment.