sofie-core icon indicating copy to clipboard operation
sofie-core copied to clipboard
verified publisher icon nrkno

Chore/update dockerimage

Open siljekristensen opened this issue 3 years ago • 4 comments

  • What kind of change does this PR introduce? (Bug fix, feature, docs update, ...)
  • Updated node version from 14.19 to 14.20.
  • Changed the deploy image from using a Debian based image (10.12) to a Alpine (3.16.2) based image. This takes us from Total: 136 (UNKNOWN: 0, LOW: 84, MEDIUM: 12, HIGH: 30, CRITICAL: 10) known vulnerabilities in that layer of the image to Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

  • What is the current behavior? (You can also link to an open issue here)

  • What is the new behavior (if this is a feature change)?

  • Other information:

Status

  • [ ] Code documentation for the relevant parts in the code have been added/updated by the PR author
  • [ ] The functionality has been tested by the PR author
  • [ ] The functionality has been tested by NRK

siljekristensen avatar Aug 25 '22 08:08 siljekristensen

@Julusian @siljekristensen Should we also modify Dockerfile.circle in the same fashion? I think that's what being used to push public images to DockerHub? No reason to have those two be that different.

jstarpl avatar Aug 30 '22 11:08 jstarpl

I think that we needed -slim in the past because in the first stage we were compiling a native binding. But as that dependency has been removed I see no reason to keep using -slim.

At some later time, we should look at whether we need first stage to be the full image or whether it would work with alpine too

I tested building with Alpine too, but that didn't seem to work with Meteor (because it needs glibc). But I think building in a "larger" image and then just copying what is needed to a smaller production image should be fine.

siljekristensen avatar Aug 31 '22 08:08 siljekristensen

@Julusian @siljekristensen Should we also modify Dockerfile.circle in the same fashion? I think that's what being used to push public images to DockerHub? No reason to have those two be that different.

Ah, I didn't realize how it was being used. I can update this PR.

siljekristensen avatar Aug 31 '22 09:08 siljekristensen

Codecov Report

Merging #754 (7e4282b) into release46 (e5bd17f) will decrease coverage by 0.00%. The diff coverage is n/a.

@@              Coverage Diff              @@
##           release46     #754      +/-   ##
=============================================
- Coverage      68.19%   68.19%   -0.01%     
=============================================
  Files            277      277              
  Lines          33753    33753              
  Branches        4504     4504              
=============================================
- Hits           23019    23018       -1     
- Misses         10283    10284       +1     
  Partials         451      451
Impacted Files Coverage Δ
meteor/lib/lib.ts 65.74% <0.00%> (-0.56%) :arrow_down:

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

codecov-commenter avatar Aug 31 '22 09:08 codecov-commenter