Revert back to alpine base images (#1684)

Dockerfile

@@ -1,7 +1,8 @@
 ARG ELIXIR_VERSION=1.16.3
 ARG OTP_VERSION=26.2.5.5
-ARG DEBIAN_VERSION=bullseye-20241202
-ARG RUNNER_IMAGE=debian:${DEBIAN_VERSION}-slim
+ARG ALPINE_VERSION=3.20.3
+ARG TOOLS_IMAGE=alpine:${ALPINE_VERSION}
+ARG RUNNER_IMAGE=alpine:${ALPINE_VERSION}
 
 FROM node:16.16-alpine3.15 as node
 
@@ -22,7 +23,7 @@ ENV VITE_PROD_SECRET_KEY=${VITE_PROD_SECRET_KEY}
 
 RUN yarn run build
 
-FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-debian-${DEBIAN_VERSION}-slim AS builder
+FROM hexpm/elixir:${ELIXIR_VERSION}-erlang-${OTP_VERSION}-alpine-${ALPINE_VERSION} AS builder
 
 # The following are build arguments used to change variable parts of the image.
 # The name of your application/release (required)
@@ -40,7 +41,7 @@ ENV SKIP_PHOENIX=${SKIP_PHOENIX} \
 WORKDIR /opt/app
 
 # This step installs all the build tools we'll need
-RUN apt-get update -y && apt-get install -y git build-essential && \
+RUN apk update && apk add git build-base && \
   mix local.rebar --force && \
   mix local.hex --force
 
@@ -57,7 +58,7 @@ COPY --from=node /app/build ./priv/static
 
 RUN mix release
 
-FROM ${RUNNER_IMAGE} as tools
+FROM ${TOOLS_IMAGE} as tools
 
 ARG TARGETARCH=amd64
 
@@ -73,7 +74,7 @@ ENV CLI_VERSION=v0.10.3
 # renovate: datasource=github-tags depName=kubernetes/kubernetes
 # ENV KUBECTL_VERSION=v1.31.3
 
-RUN apt-get update -y && apt-get install -y curl wget unzip
+RUN apk update && apk add curl wget unzip
 RUN curl -L https://github.com/pluralsh/plural-cli/releases/download/${CLI_VERSION}/plural-cli_${CLI_VERSION#v}_Linux_${TARGETARCH}.tar.gz | tar xvz plural && \
   mv plural /usr/local/bin/plural && \
   # curl -L https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz | tar xvz && \
@@ -94,13 +95,11 @@ COPY --from=tools /usr/local/bin/plural /usr/local/bin/plural
 
 WORKDIR /opt/app
 
-RUN  echo "deb http://deb.debian.org/debian bullseye-backports main" >/etc/apt/sources.list.d/bullseye-backports.list && \
-  apt-get update -y && \
-  apt-get install -y libstdc++6 openssl libncurses5 locales ca-certificates git-man/bullseye-backports git/bullseye-backports gnupg bash && \
-  apt-get clean && rm -f /var/lib/apt/lists/*_* && \
-  sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen && \
+RUN apk update && apk add openssh-client libgcc libstdc++ ncurses-libs openssl-dev ca-certificates git gnupg bash && \
+  apk add --no-cache --update --virtual=build gcc musl-dev libffi-dev openssl-dev make && \
+  apk del build && \
   addgroup --gid 10001 app && \
-  adduser --home /home/console --uid 10001 --gid 10001 console && \
+  adduser -D -h /home/console -u 10001 -G app console && \
   chown console:app /opt/app && \
   mkdir -p /opt/app/data
 

lib/console/graphql/deployments/service.ex

@@ -194,7 +194,7 @@ defmodule Console.GraphQl.Deployments.Service do
     field :errors,         list_of(:service_error), resolve: dataloader(Deployments), description: "a list of errors generated by the deployment operator"
     field :cluster,        :cluster, resolve: dataloader(Deployments), description: "the cluster this service is deployed into"
     field :revision,       :revision, resolve: dataloader(Deployments), description: "the current revision of this service"
-    field :configuration,  list_of(:service_configuration), resolve: &Deployments.service_configuration/3, description: "possibly secret configuration used to template the manifests of this service"
+    field :configuration,  list_of(:service_configuration), resolve: filter_loader(dataloader(Deployments), &Deployments.allow_secrets/3), description: "possibly secret configuration used to template the manifests of this service"
     field :components,     list_of(:service_component), resolve: dataloader(Deployments), description: "the kubernetes component of a service"
     field :global_service, :global_service, resolve: dataloader(Deployments), description: "the global service this service is the source for"
     field :owner,          :global_service, resolve: dataloader(Deployments), description: "whether this service is controlled by a global service"

lib/console/graphql/resolvers/deployments.ex

@@ -68,7 +68,8 @@ defmodule Console.GraphQl.Resolvers.Deployments do
     NamespaceVuln,
     VulnerabilityReport,
     Vulnerability,
-    ClusterInsightComponent
+    ClusterInsightComponent,
+    ServiceConfiguration
   }
 
   def query(Project, _), do: Project
@@ -135,6 +136,7 @@ defmodule Console.GraphQl.Resolvers.Deployments do
   def query(VulnerabilityReport, _), do: VulnerabilityReport
   def query(Vulnerability, _), do: Vulnerability
   def query(ClusterInsightComponent, _), do: ClusterInsightComponent
+  def query(ServiceConfiguration, _), do: ServiceConfiguration
   def query(_, _), do: Cluster
 
   delegates Console.GraphQl.Resolvers.Deployments.Git

lib/console/graphql/resolvers/deployments/service.ex

@@ -103,6 +103,11 @@ defmodule Console.GraphQl.Resolvers.Deployments.Service do
     end
   end
 
+  def allow_secrets(svc, result, ctx) do
+    with {:ok, _} <- allow(svc, actor(ctx), :secrets),
+      do: {:ok, result}
+  end
+
   def helm_values(%{parent: service} = helm, _, ctx) do
     case allow(service, actor(ctx), :secrets) do
       {:ok, _} -> {:ok, helm.values}

lib/console/graphql/schema/base.ex

@@ -124,8 +124,12 @@ defmodule Console.GraphQl.Schema.Base do
 
   def filter_loader(dataloader, func) when is_function(dataloader, 3) and is_function(func, 3) do
     fn parent, args, res ->
-      with {:ok, result} <- dataloader.(parent, args, res),
-        do: {:ok, func.(parent, result, res)}
+      with {:ok, result} <- dataloader.(parent, args, res) do
+        case func.(parent, result, res) do
+          l when is_list(l) -> {:ok, l}
+          res -> res
+        end
+      end
     end
   end
 

lib/console/schema/service.ex

@@ -147,6 +147,7 @@ defmodule Console.Schema.Service do
     has_many :errors, ServiceError, on_replace: :delete
     has_many :components, ServiceComponent, on_replace: :delete
     has_many :context_bindings, ServiceContextBinding, on_replace: :delete
+    has_many :configuration, through: [:revision, :configuration]
     has_many :dependencies, ServiceDependency,
       foreign_key: :service_id,
       on_replace: :delete