Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update alpine base image in Dockerfile #4465

Merged
merged 3 commits into from
Feb 20, 2025
Merged

chore: update alpine base image in Dockerfile #4465

merged 3 commits into from
Feb 20, 2025

Conversation

david-luna
Copy link
Member

@david-luna david-luna commented Feb 17, 2025
edited
Loading

The Docker image of the agent is currently based in alpine@3.9 which is almost 3y old and have some issues related to libssl@1.1. This PR updates it to version 3.21.3.

Checklist

@david-luna david-luna requested a review from trentm February 17, 2025 16:00
david-luna
david-luna commented Feb 17, 2025
View reviewed changes
Dockerfile Outdated
# For a complete list of hashes, see:
# https://github.com/docker-library/repo-info/tree/master/repos/alpine/remote
FROM alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
FROM alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Copy link
Member Author

@david-luna david-luna Feb 17, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

for reviewer: could not find a tag related to the previous sha256

curl -L -s 'https://registry.hub.docker.com/v2/repositories/library/alpine/tags?page=1&page_size=1024' | jq '.results[] | .images[] | .digest' | grep 11573

# no results, also tried with the rest of pages

so I'm not sure abut the details of the image. In the comments above I put where I took the new sha256 and also details about the platform. Is linux; amd64 the right choice?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous tag is multi-arch image:

% docker buildx imagetools inspect alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
Name:      docker.io/library/alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178

Manifests:
  Name:      docker.io/library/alpine@sha256:ab3fe83c0696e3f565c9b4a734ec309ae9bd0d74c192de4590fd6dc2ef717815
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/library/alpine@sha256:5292cebaf695db860087c5582d340a406613891b2819092747b0388da47936c8
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v6

  Name:      docker.io/library/alpine@sha256:0c6b515386fda00a17e4653f007979825f35e0086e583ddc9b91d3eda941bd1b
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v7

  Name:      docker.io/library/alpine@sha256:cae6522b6a351615e547ae9222c9a05d172bc5c3240eec03072d4e1d0429a17a
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64/v8

  Name:      docker.io/library/alpine@sha256:c7b3e8392e08c971e98627e2bddd10c7fa9d2eae797a16bc94de9709bb9300d0
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/386

  Name:      docker.io/library/alpine@sha256:fa5361fbf636d3ac50cb529dab20d810eb466de2079f5710cef4cbada29cf499
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/ppc64le

  Name:      docker.io/library/alpine@sha256:97e9e9a15ef94526018e2fabfdfff14781e58b87f989d2e70543f296dcad26c6
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/s390x

I'm not sure about this new one:

% docker buildx imagetools inspect alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Name:      docker.io/library/alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
MediaType: application/vnd.oci.image.manifest.v1+json
Digest:    sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474

That's an "OCI" image manifest, vs. the older "Docker v2" manifest (application/vnd.docker.distribution.manifest.list.v2+json).

Ah, you selected the amd64-specific image. I think we want to use the multi-arch image manifest for the current latest Alpine v3 (per https://github.com/docker-library/repo-info/blob/master/repos/alpine/remote/3.md):

alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Then perhaps change the comment above to something shorter like:

# Pin the latest Alpine 3
# https://github.com/docker-library/repo-info/blob/master/repos/alpine/remote/3.md

trentm
trentm requested changes Feb 18, 2025
View reviewed changes
Copy link
Member

@trentm trentm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also get dependabot to update this, something like this in .github/dependabot.yml:

  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"

Dockerfile Outdated
# For a complete list of hashes, see:
# https://github.com/docker-library/repo-info/tree/master/repos/alpine/remote
FROM alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
FROM alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The previous tag is multi-arch image:

% docker buildx imagetools inspect alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
Name:      docker.io/library/alpine@sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178
MediaType: application/vnd.docker.distribution.manifest.list.v2+json
Digest:    sha256:115731bab0862031b44766733890091c17924f9b7781b79997f5f163be262178

Manifests:
  Name:      docker.io/library/alpine@sha256:ab3fe83c0696e3f565c9b4a734ec309ae9bd0d74c192de4590fd6dc2ef717815
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/amd64

  Name:      docker.io/library/alpine@sha256:5292cebaf695db860087c5582d340a406613891b2819092747b0388da47936c8
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v6

  Name:      docker.io/library/alpine@sha256:0c6b515386fda00a17e4653f007979825f35e0086e583ddc9b91d3eda941bd1b
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm/v7

  Name:      docker.io/library/alpine@sha256:cae6522b6a351615e547ae9222c9a05d172bc5c3240eec03072d4e1d0429a17a
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/arm64/v8

  Name:      docker.io/library/alpine@sha256:c7b3e8392e08c971e98627e2bddd10c7fa9d2eae797a16bc94de9709bb9300d0
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/386

  Name:      docker.io/library/alpine@sha256:fa5361fbf636d3ac50cb529dab20d810eb466de2079f5710cef4cbada29cf499
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/ppc64le

  Name:      docker.io/library/alpine@sha256:97e9e9a15ef94526018e2fabfdfff14781e58b87f989d2e70543f296dcad26c6
  MediaType: application/vnd.docker.distribution.manifest.v2+json
  Platform:  linux/s390x

I'm not sure about this new one:

% docker buildx imagetools inspect alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
Name:      docker.io/library/alpine@sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474
MediaType: application/vnd.oci.image.manifest.v1+json
Digest:    sha256:1c4eef651f65e2f7daee7ee785882ac164b02b78fb74503052a26dc061c90474

That's an "OCI" image manifest, vs. the older "Docker v2" manifest (application/vnd.docker.distribution.manifest.list.v2+json).

Ah, you selected the amd64-specific image. I think we want to use the multi-arch image manifest for the current latest Alpine v3 (per https://github.com/docker-library/repo-info/blob/master/repos/alpine/remote/3.md):

alpine@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c

Then perhaps change the comment above to something shorter like:

# Pin the latest Alpine 3
# https://github.com/docker-library/repo-info/blob/master/repos/alpine/remote/3.md

@david-luna david-luna merged commit 6623bf5 into main Feb 20, 2025
19 checks passed
@david-luna david-luna deleted the dluna-update-alpine-image branch February 20, 2025 07:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trentm trentm trentm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@david-luna @trentm