Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Veracode dependencies and python3 base image #65

Merged
merged 5 commits into from
Oct 27, 2023
Merged

Update Veracode dependencies and python3 base image #65

merged 5 commits into from
Oct 27, 2023

Conversation

breedenc
Copy link
Contributor

@breedenc breedenc commented Oct 26, 2023
edited
Loading

Description

  • Veracode Dockerfile:

    • Updated Veracode dependencies
    • For packages sourced from package managers, pinned them to minor versions, rather than specific patches
    • Pinned base images to major.minor versions, rather than specific SHAs, to accept patch-level updates
    • Sources maven from a https://repo.maven.apache.org, which keeps previous versions available (unlike https://downloads.apache.org)

  • python3 Dockerfile:

    • Pinned base image to minor version python3.11, rather than major version python3

Motivation and Context

Veracode image

The Veracode container image was failing to build because some of its highly specific package versions were no longer available to apt-get, and because its specified version of Maven was no longer available at https://downloads.apache.org. This PR undoes some of the work from #62 in the interest of automatically accepting patch-level updates, reducing the frequency of required image maintenance.

python3 image

When the python3 image shifted to Python 3.12, the image would no longer build due to: aio-libs/aiohttp#7739

How Has This Been Tested?

  • Images now build successfully locally and in CI
  • Change has been tested in a live nonprod environment to ensure continued scan functionality for plugins whose runtime environment was updated

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist

  • My code follows conforms to the coding standards.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

Pic

@breedenc breedenc changed the title Breedenc/update maven url Update Veracode dependencies and python3 base image Oct 27, 2023
@breedenc breedenc marked this pull request as ready for review October 27, 2023 18:03
@breedenc breedenc requested a review from a team as a code owner October 27, 2023 18:03
g-marconet
g-marconet reviewed Oct 27, 2023
View reviewed changes
backend/Dockerfiles/Dockerfile.python3
@@ -1,4 +1,4 @@
FROM python:3-alpine
FROM python:3.11-alpine
Copy link
Contributor

@g-marconet g-marconet Oct 27, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we have some mechanism to come back to this?

If we don't have something outside the repo, maybe we can comment the reason that's in the description. Someone in the future might not look at this PR and, just looking at the code, the reason it's pinned to 3.11 is not obvious.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair, I'll add a comment

g-marconet
g-marconet previously approved these changes Oct 27, 2023
View reviewed changes
Copy link
Contributor

@g-marconet g-marconet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@breedenc breedenc merged commit 999a078 into main Oct 27, 2023
1 check passed
@breedenc breedenc deleted the breedenc/update-maven-url branch October 27, 2023 21:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@g-marconet g-marconet g-marconet approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@breedenc @g-marconet