build: fix vulnerabilities in main for the upcoming v2.30 release

PR-URL: https://github.com/hasura/graphql-engine-mono/pull/9839 GitOrigin-RevId: 291e54131bf4f3796a86558b7dcced621c23a95a
2024-09-11 10:46:25 +03:00 · 2023-07-12 15:46:45 +05:30 · 2023-07-12 15:46:45 +05:30 · 464191b3d9
commit 464191b3d9
parent f6bff0bc28
3 changed files with 8 additions and 12 deletions
--- a/packaging/cli-migrations/v2/Dockerfile
+++ b/packaging/cli-migrations/v2/Dockerfile
@ -1,10 +1,6 @@
 ARG BASE_IMAGE
 FROM ${BASE_IMAGE}

-# yum update uses --nobest option to tackle https://github.com/hasura/graphql-engine-mono/issues/4096
-RUN { apt-get update && apt-get install -y netcat; } \
-  || { yum update -y --nobest && yum install -y nc; }
-
 # When a non-root user without home directory is trying to use the cli-migrations image
 # then hasura cli will try to create .hasura folder at the root but would fail due to permissions
 # (example: OpenShift runs containers by using a random user-id which is homeless and non-root)
--- a/packaging/cli-migrations/v3/Dockerfile
+++ b/packaging/cli-migrations/v3/Dockerfile
@ -1,10 +1,6 @@
 ARG BASE_IMAGE
 FROM ${BASE_IMAGE}

-# yum update uses --nobest option to tackle https://github.com/hasura/graphql-engine-mono/issues/4096
-RUN { apt-get update && apt-get install -y netcat; } \
-  || { yum update -y --nobest && yum install -y nc; }
-
 # When a non-root user without home directory is trying to use the cli-migrations image
 # then hasura cli will try to create .hasura folder at the root but would fail due to permissions
 # (example: OpenShift runs containers by using a random user-id which is homeless and non-root)
--- a/packaging/graphql-engine-base/ubuntu.dockerfile
+++ b/packaging/graphql-engine-base/ubuntu.dockerfile
@ -1,7 +1,7 @@
-# DATE VERSION: 2023-06-13
+# DATE VERSION: 2023-07-11
 # Modify the above date version (YYYY-MM-DD) if you want to rebuild the image

-FROM ubuntu:jammy-20230605
+FROM ubuntu:jammy-20230624

 ### NOTE! Shared libraries here need to be kept in sync with `server-builder.dockerfile`!

@ -17,8 +17,12 @@ RUN set -ex; \
 RUN set -ex; \
    apt-get update; \
    apt-get upgrade -y; \
-    apt-get install -y apt-transport-https ca-certificates curl gnupg2 lsb-release; \
-    apt-get install -y libkrb5-3 libpq5 libnuma1 unixodbc-dev
+    # basic deps
+    apt-get install -y apt-transport-https ca-certificates curl gnupg2 lsb-release;  \
+    # deps needed for graphql-engine
+    apt-get install -y libkrb5-3 libpq5 libnuma1 unixodbc-dev; \
+    # deps needed for cli-migrations
+    apt-get install -y netcat

 RUN set -ex; \
    curl -fsS "https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/prod.list" > /etc/apt/sources.list.d/mssql-release.list; \