adds UBI based images(CE, EE, & cli-migrations) for amd64 and arm64
https://hasurahq.atlassian.net/browse/INFRA-1115
trivy scan for UBI based EE image:
20 Low vulns, and 11 medium. (none of the vulns have any available fix)
## Changelog
- Add a changelog entry (in the "Changelog entry" section below) if the changes in this PR have any user-facing impact. See [changelog guide](https://github.com/hasura/graphql-engine-mono/wiki/Changelog-Guide).
- If no changelog is required ignore/remove this section and add a `no-changelog-required` label to the PR.
### Component
_(Select only one. In case of multiple components, choose the most appropriate)_
- [ ] server
- [] console
- [ ] cli
- [ ] data-connector
- [x] build
### Product
_(Select all products this will be available in)_
- [x] community-edition
- [] cloud
- [x] enterprise-edition
- [] enterprise-edition-classic
### Type
_(Select only one. In case of multiple, choose the most appropriate)_
- [x] highlight
- [ ] enhancement
- [ ] bugfix
- [ ] behaviour-change
- [ ] performance-enhancement
- [ ] security-fix
### Changelog entry
release RedHat UBI-based graphql-engine docker images
---
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/10499
GitOrigin-RevId: 01c6caaf1a96f68f5ef42d00cecec72a942880d5
This installs the ODBC Driver 18 for SQL Server in all our shipped Docker images, and update our tests and documentation accordingly.
This version supports arm64, and therefore can run natively (or via Docker) on macOS on aarch64.
`msodbcsql17` is still installed in production-targeted Docker images so that users do not _have_ to migrate to the new driver.
Nix expressions are packaged for the new driver, as it is not yet available in nixpkgs.
In this version, [the default encryption setting was changed from "no" to "yes"](https://techcommunity.microsoft.com/t5/sql-server-blog/odbc-driver-18-0-for-sql-server-released/ba-p/3169228). In addition, "mandatory" and "optional" were added as synonyms for "yes" and "no" respectively.
I have therefore modified all connection strings in tests to specify `Encrypt=optional` (and changed some from `Encrypt=no`). I chose "optional" rather than "no" because I feel it's more honest; these connection strings will work with or without an encrypted connection.
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6241
GitOrigin-RevId: 959f88dd1f271ef06a3616bc46b358f364f6cdfd
This is required to get the latest version of `pg_dump`, which is used
by a few features (including the CLI command, `hasura seed create`).
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6393
GitOrigin-RevId: 31442fff669af9e5c987128e10c6801f8ed9fb95
Trying to run the image while debugging: https://github.com/hasura/graphql-engine-mono/pull/6172/ I get:
$ docker run -it hasura/graphql-engine:dev-b91a92b-jberrymanalexghc92-ci-REBASE10-cherry-.ubuntu.amd64
graphql-engine: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory
It seems as though the ubuntu image has been broken in some way since
moving to jammy (Which only ships with `libssl.3`), but strangely this
only shows up on main, not in PRs (except on the 9.2 branch…?)
we use this in tests for instance: .buildkite/scripts/test-dc-sdk.sh
Strangely I don't get the error with an image from recent PRs:
https://github.com/hasura/graphql-engine-mono/pull/6148https://github.com/hasura/graphql-engine-mono/pull/6156 (to latest release)
...although Samir sees it on some he looked at
```
docker run -it hasura/graphql-engine:dev-46eaa39-plcreleasev2.13bq-scalars.ubuntu.amd64 graphql-engine version
Fatal Error: Either of --metadata-database-url or --database-url option expected
```
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6176
Co-authored-by: Samir Talwar <47582+SamirTalwar@users.noreply.github.com>
GitOrigin-RevId: 6eea65f2d1dc7f0d13bcd58f94737810d290cb89
This upgrades our Docker images from various Debian versions (mostly
`buster`, a.k.a. `oldstable`) to `bullseye` (a.k.a. `stable`).
`buster`/`oldstable` is still supported but I'm not sure for how long.
It also upgrades our HGE Docker image Ubuntu 20.04 to Ubuntu 22.04.
This will allow us to provide the latest Microsoft SQL Server Driver,
`msodbcsql18`, which is supported on both x86_64 (amd64) and
aarch64 (arm64).
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/5604
GitOrigin-RevId: 385d8670476dd343635a4fbc564a6797c8872127
(Work here originally done by awjchen, rebased and fixed up for merge by
jberryman)
This is part of a merge train towards GHC 9.2 compatibility. The main
issue is the use of the new abstract `KeyMap` in 2.0. See:
https://hackage.haskell.org/package/aeson-2.0.3.0/changelog
Alex's original work is here:
#4305
BEHAVIOR CHANGE NOTE: This change causes a different arbitrary ordering
of serialized Json, for example during metadata export. CLI users care
about this in particular, and so we need to call it out as a _behavior
change_ as we did in v2.5.0. The good news though is that after this
change ordering should be more stable (alphabetical key order).
See: https://hasurahq.slack.com/archives/C01M20G1YRW/p1654012632634389
PR-URL: https://github.com/hasura/graphql-engine-mono/pull/4611
Co-authored-by: awjchen <13142944+awjchen@users.noreply.github.com>
GitOrigin-RevId: 700265162c782739b2bb88300ee3cda3819b2e87
