New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: upgrade dex to v2.32.1-distroless #10746
Conversation
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Codecov ReportBase: 45.68% // Head: 45.68% // No change to project coverage 👍
Additional details and impacted files@@ Coverage Diff @@
## master #10746 +/- ##
=======================================
Coverage 45.68% 45.68%
=======================================
Files 236 236
Lines 28668 28668
=======================================
Hits 13097 13097
Misses 13779 13779
Partials 1792 1792 Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
@@ -406,7 +406,7 @@ jobs: | |||
git config --global user.email "john.doe@example.com" | |||
- name: Pull Docker image required for tests | |||
run: | | |||
docker pull quay.io/dexidp/dex:v2.25.0 | |||
docker pull ghcr.io/dexidp/dex:v2.32.1-distroless |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you as always @34fathombelow!
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Cherry-picked onto release-2.2 for 2.2.13, release-2.3 for 2.3.8, and release-2.4 for 2.4.13. |
* chore: upgrade dex to v2.32.1-distroless Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * Retrigger CI pipeline Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> * Retrigger CI pipeline Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
Signed-off-by: Justin Marquis 34fathombelow@protonmail.com
Argo CD version 2.5/master uses
ghcr.io/dexidp/dex:v2.32.0-distroless
while 2.2-4.x useghcr.io/dexidp/dex:v2.32.0
. The non distroless containers contain a few vulnerabilities at the container level.I created an issue upstream and they agreed to release dex:v2.32.1 which is now available and fixes these vulnerabilities. However they normally only patch the latest 2 versions. I would recommend that we switch to the distroless images.
Unfortunately at this time we cannot upgrade to dex:v2.33.x or dex:v2.34.x, please see #10617
Please consider cherry picking into 2.4, 2.3, and 2.2.
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: