Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CASMHMS-6282: Update Alpine base image to resolve CVE #39

Merged
merged 3 commits into from
Dec 18, 2024
Merged

CASMHMS-6282: Update Alpine base image to resolve CVE #39

merged 3 commits into from
Dec 18, 2024

Conversation

jwlv
Copy link
Contributor

@jwlv jwlv commented Dec 16, 2024

Summary and Scope

Updated Alpine base image from 3.18 to 3.19 to resolve reported CVE's. Decided not to use the latest Alpine image 3.21 as I didn't want to inject any more risk than necessary into CSM 1.6.1 just before the end of the release cycle.

Detailed changes include:

  • Update Alpine base image to resolve CVE
  • New Alpine base image implemented PEP 668 which required switching to a virtual python environment in our dockerfiles
  • Broke up RUN directive in dockerfiles for easier reading
  • Remove obsolete version field from docker-compose files

Adopted app version 1.36.0 for CSM 1.6.1 (helm chart 3.1.11)

Issues and Related PRs

Testing

Tested on:

  • mug

Test Description:

Deployed on mug. Ran functional tests and confirmed no failures. Performed various FAS operations and confirmed no issues. Watched FAS logs to ensure no errors reported.

Testing Check List:

  • Were the install/upgrade-based validation checks/tests run (goss tests/install-validation doc)? Y
  • Were continuous integration tests run? If not, why? Y
  • Was upgrade tested? If not, why? Y
  • Was downgrade tested? If not, why? Y

Pull Request Checklist

  • Version number(s) incremented, if applicable
  • Copyrights updated
  • License file intact
  • Target branch correct
  • CHANGELOG.md updated
  • Testing is appropriate and complete, if applicable

@jwlv jwlv requested review from a team as code owners December 16, 2024 22:35
@jwlv jwlv requested review from rfrost-hpe, mharding-hpe, mbuchmann-hpe and shunr-hpe and removed request for rfrost-hpe and mharding-hpe December 16, 2024 22:35
@github-actions GitHub Actions
Copy link

github-actions bot commented Dec 16, 2024
edited
Loading

👋 Hey! Here are the chart(s) we built for you:

Chart Download Link
cray-hms-firmware-action-3.1.11-20241217151037+fe69493.tgz https://artifactory.algol60.net/artifactory/csm-helm-charts/unstable/cray-hms-firmware-action/cray-hms-firmware-action-3.1.11-20241217151037+fe69493.tgz

Note: this SHA is the merge of b6dd27a and the PR base branch. Good luck and make rocket go now! 🌮 🚀

Build summary

Build metadata

Key Value
Artifactory Component cray-hms-firmware-action
Stable Build false
Unstable Build Prefix -20241217151037+fe69493

Publish Helm charts results

Key Value
Status success
Successfully uploaded charts count 1
Failed uploaded charts count 0

shunr-hpe
shunr-hpe approved these changes Dec 17, 2024
View reviewed changes
changelog/v3.1.md Show resolved Hide resolved
changelog/v3.1.md Outdated Show resolved Hide resolved
@jwlv jwlv requested a review from rfrost-hpe December 18, 2024 17:48
@jwlv jwlv merged commit d6bd03e into main Dec 18, 2024
16 of 18 checks passed
@jwlv jwlv deleted the CASMHMS-6282.new branch December 18, 2024 18:06
@jwlv jwlv mentioned this pull request Dec 18, 2024
Closed
6 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shunr-hpe shunr-hpe shunr-hpe approved these changes

@rfrost-hpe rfrost-hpe rfrost-hpe approved these changes

@mbuchmann-hpe mbuchmann-hpe Awaiting requested review from mbuchmann-hpe

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jwlv @rfrost-hpe @shunr-hpe