diff --git a/.circleci/config.yml b/.circleci/config.yml index cb3d3b34..7581738e 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -86,7 +86,8 @@ workflows: name: build-1.10.7-alpine3.10 airflow_version: 1.10.7 distribution_name: alpine3.10 - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.7.build)" requires: - Need-Approval-1.10.7 - static-checks @@ -105,8 +106,8 @@ workflows: - push: name: push-1.10.7-alpine3.10 tag: "1.10.7-alpine3.10" - dev_build: false - extra_tags: "1.10.7-alpine3.10-${CIRCLE_BUILD_NUM},1.10.7-18-alpine3.10" + dev_build: true + extra_tags: "1.10.7-alpine3.10-${CIRCLE_BUILD_NUM},1.10.7-19.dev-alpine3.10" context: - quay.io - docker.io @@ -120,8 +121,8 @@ workflows: - push: name: push-1.10.7-alpine3.10-onbuild tag: "1.10.7-alpine3.10-onbuild" - dev_build: false - extra_tags: "1.10.7-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.7-18-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.7-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.7-19.dev-alpine3.10-onbuild" context: - quay.io - docker.io @@ -137,7 +138,8 @@ workflows: name: build-1.10.7-buster airflow_version: 1.10.7 distribution_name: buster - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.7.build)" requires: - Need-Approval-1.10.7 - static-checks @@ -156,8 +158,8 @@ workflows: - push: name: push-1.10.7-buster tag: "1.10.7-buster" - dev_build: false - extra_tags: "1.10.7-buster-${CIRCLE_BUILD_NUM},1.10.7-18-buster" + dev_build: true + extra_tags: "1.10.7-buster-${CIRCLE_BUILD_NUM},1.10.7-19.dev-buster" context: - quay.io - docker.io @@ -171,8 +173,8 @@ workflows: - push: name: push-1.10.7-buster-onbuild tag: "1.10.7-buster-onbuild" - dev_build: false - extra_tags: "1.10.7-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.7-18-buster-onbuild" + dev_build: true + extra_tags: "1.10.7-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.7-19.dev-buster-onbuild" context: - quay.io - docker.io @@ -264,7 +266,8 @@ workflows: name: build-1.10.10-alpine3.10 airflow_version: 1.10.10 distribution_name: alpine3.10 - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.10.build)" requires: - Need-Approval-1.10.10 - static-checks @@ -283,8 +286,8 @@ workflows: - push: name: push-1.10.10-alpine3.10 tag: "1.10.10-alpine3.10" - dev_build: false - extra_tags: "1.10.10-alpine3.10-${CIRCLE_BUILD_NUM},1.10.10-8-alpine3.10" + dev_build: true + extra_tags: "1.10.10-alpine3.10-${CIRCLE_BUILD_NUM},1.10.10-9.dev-alpine3.10" context: - quay.io - docker.io @@ -298,8 +301,8 @@ workflows: - push: name: push-1.10.10-alpine3.10-onbuild tag: "1.10.10-alpine3.10-onbuild" - dev_build: false - extra_tags: "1.10.10-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.10-8-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.10-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.10-9.dev-alpine3.10-onbuild" context: - quay.io - docker.io @@ -315,7 +318,8 @@ workflows: name: build-1.10.10-buster airflow_version: 1.10.10 distribution_name: buster - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.10.build)" requires: - Need-Approval-1.10.10 - static-checks @@ -334,8 +338,8 @@ workflows: - push: name: push-1.10.10-buster tag: "1.10.10-buster" - dev_build: false - extra_tags: "1.10.10-buster-${CIRCLE_BUILD_NUM},1.10.10-8-buster" + dev_build: true + extra_tags: "1.10.10-buster-${CIRCLE_BUILD_NUM},1.10.10-9.dev-buster" context: - quay.io - docker.io @@ -349,8 +353,8 @@ workflows: - push: name: push-1.10.10-buster-onbuild tag: "1.10.10-buster-onbuild" - dev_build: false - extra_tags: "1.10.10-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.10-8-buster-onbuild" + dev_build: true + extra_tags: "1.10.10-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.10-9.dev-buster-onbuild" context: - quay.io - docker.io @@ -442,7 +446,8 @@ workflows: name: build-1.10.12-alpine3.10 airflow_version: 1.10.12 distribution_name: alpine3.10 - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.12.build)" requires: - Need-Approval-1.10.12 - static-checks @@ -461,8 +466,8 @@ workflows: - push: name: push-1.10.12-alpine3.10 tag: "1.10.12-alpine3.10" - dev_build: false - extra_tags: "1.10.12-alpine3.10-${CIRCLE_BUILD_NUM},1.10.12-4-alpine3.10" + dev_build: true + extra_tags: "1.10.12-alpine3.10-${CIRCLE_BUILD_NUM},1.10.12-5.dev-alpine3.10" context: - quay.io - docker.io @@ -476,8 +481,8 @@ workflows: - push: name: push-1.10.12-alpine3.10-onbuild tag: "1.10.12-alpine3.10-onbuild" - dev_build: false - extra_tags: "1.10.12-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.12-4-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.12-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.12-5.dev-alpine3.10-onbuild" context: - quay.io - docker.io @@ -493,7 +498,8 @@ workflows: name: build-1.10.12-buster airflow_version: 1.10.12 distribution_name: buster - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.12.build)" requires: - Need-Approval-1.10.12 - static-checks @@ -512,8 +518,8 @@ workflows: - push: name: push-1.10.12-buster tag: "1.10.12-buster" - dev_build: false - extra_tags: "1.10.12-buster-${CIRCLE_BUILD_NUM},1.10.12-4-buster" + dev_build: true + extra_tags: "1.10.12-buster-${CIRCLE_BUILD_NUM},1.10.12-5.dev-buster" context: - quay.io - docker.io @@ -527,8 +533,8 @@ workflows: - push: name: push-1.10.12-buster-onbuild tag: "1.10.12-buster-onbuild" - dev_build: false - extra_tags: "1.10.12-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.12-4-buster-onbuild" + dev_build: true + extra_tags: "1.10.12-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.12-5.dev-buster-onbuild" context: - quay.io - docker.io @@ -620,7 +626,8 @@ workflows: name: build-1.10.14-buster airflow_version: 1.10.14 distribution_name: buster - dev_build: false + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.14.build)" requires: - Need-Approval-1.10.14 - static-checks @@ -639,8 +646,8 @@ workflows: - push: name: push-1.10.14-buster tag: "1.10.14-buster" - dev_build: false - extra_tags: "1.10.14-buster-${CIRCLE_BUILD_NUM},1.10.14-3-buster" + dev_build: true + extra_tags: "1.10.14-buster-${CIRCLE_BUILD_NUM},1.10.14-4.dev-buster" context: - quay.io - docker.io @@ -654,8 +661,8 @@ workflows: - push: name: push-1.10.14-buster-onbuild tag: "1.10.14-buster-onbuild" - dev_build: false - extra_tags: "1.10.14-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.14-3-buster-onbuild" + dev_build: true + extra_tags: "1.10.14-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.14-4.dev-buster-onbuild" context: - quay.io - docker.io @@ -1302,6 +1309,352 @@ workflows: only: - master - slack-build-approvals + nightly: + triggers: + - schedule: + cron: "0 0 * * *" + filters: + branches: + only: + - master + jobs: + - build: + name: build-1.10.7-alpine3.10 + airflow_version: 1.10.7 + distribution_name: alpine3.10 + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.7.build)" + - scan-trivy: + name: scan-trivy-1.10.7-alpine3.10-onbuild + airflow_version: 1.10.7 + distribution: alpine3.10 + distribution_name: alpine3.10-onbuild + requires: + - build-1.10.7-alpine3.10 + - test: + name: test-1.10.7-alpine3.10-images + tag: "1.10.7-alpine3.10" + requires: + - build-1.10.7-alpine3.10 + - push: + name: push-1.10.7-alpine3.10 + tag: "1.10.7-alpine3.10" + dev_build: true + extra_tags: "1.10.7-alpine3.10-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.7-alpine3.10-onbuild + - test-1.10.7-alpine3.10-images + filters: + branches: + only: + - master + - push: + name: push-1.10.7-alpine3.10-onbuild + tag: "1.10.7-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.7-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.7-19.dev-alpine3.10-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.7-alpine3.10-onbuild + - test-1.10.7-alpine3.10-images + filters: + branches: + only: + - master + - build: + name: build-1.10.7-buster + airflow_version: 1.10.7 + distribution_name: buster + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.7.build)" + - scan-trivy: + name: scan-trivy-1.10.7-buster-onbuild + airflow_version: 1.10.7 + distribution: buster + distribution_name: buster-onbuild + requires: + - build-1.10.7-buster + - test: + name: test-1.10.7-buster-images + tag: "1.10.7-buster" + requires: + - build-1.10.7-buster + - push: + name: push-1.10.7-buster + tag: "1.10.7-buster" + dev_build: true + extra_tags: "1.10.7-buster-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.7-buster-onbuild + - test-1.10.7-buster-images + filters: + branches: + only: + - master + - push: + name: push-1.10.7-buster-onbuild + tag: "1.10.7-buster-onbuild" + dev_build: true + extra_tags: "1.10.7-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.7-19.dev-buster-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.7-buster-onbuild + - test-1.10.7-buster-images + filters: + branches: + only: + - master + - build: + name: build-1.10.10-alpine3.10 + airflow_version: 1.10.10 + distribution_name: alpine3.10 + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.10.build)" + - scan-trivy: + name: scan-trivy-1.10.10-alpine3.10-onbuild + airflow_version: 1.10.10 + distribution: alpine3.10 + distribution_name: alpine3.10-onbuild + requires: + - build-1.10.10-alpine3.10 + - test: + name: test-1.10.10-alpine3.10-images + tag: "1.10.10-alpine3.10" + requires: + - build-1.10.10-alpine3.10 + - push: + name: push-1.10.10-alpine3.10 + tag: "1.10.10-alpine3.10" + dev_build: true + extra_tags: "1.10.10-alpine3.10-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.10-alpine3.10-onbuild + - test-1.10.10-alpine3.10-images + filters: + branches: + only: + - master + - push: + name: push-1.10.10-alpine3.10-onbuild + tag: "1.10.10-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.10-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.10-9.dev-alpine3.10-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.10-alpine3.10-onbuild + - test-1.10.10-alpine3.10-images + filters: + branches: + only: + - master + - build: + name: build-1.10.10-buster + airflow_version: 1.10.10 + distribution_name: buster + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.10.build)" + - scan-trivy: + name: scan-trivy-1.10.10-buster-onbuild + airflow_version: 1.10.10 + distribution: buster + distribution_name: buster-onbuild + requires: + - build-1.10.10-buster + - test: + name: test-1.10.10-buster-images + tag: "1.10.10-buster" + requires: + - build-1.10.10-buster + - push: + name: push-1.10.10-buster + tag: "1.10.10-buster" + dev_build: true + extra_tags: "1.10.10-buster-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.10-buster-onbuild + - test-1.10.10-buster-images + filters: + branches: + only: + - master + - push: + name: push-1.10.10-buster-onbuild + tag: "1.10.10-buster-onbuild" + dev_build: true + extra_tags: "1.10.10-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.10-9.dev-buster-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.10-buster-onbuild + - test-1.10.10-buster-images + filters: + branches: + only: + - master + - build: + name: build-1.10.12-alpine3.10 + airflow_version: 1.10.12 + distribution_name: alpine3.10 + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.12.build)" + - scan-trivy: + name: scan-trivy-1.10.12-alpine3.10-onbuild + airflow_version: 1.10.12 + distribution: alpine3.10 + distribution_name: alpine3.10-onbuild + requires: + - build-1.10.12-alpine3.10 + - test: + name: test-1.10.12-alpine3.10-images + tag: "1.10.12-alpine3.10" + requires: + - build-1.10.12-alpine3.10 + - push: + name: push-1.10.12-alpine3.10 + tag: "1.10.12-alpine3.10" + dev_build: true + extra_tags: "1.10.12-alpine3.10-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.12-alpine3.10-onbuild + - test-1.10.12-alpine3.10-images + filters: + branches: + only: + - master + - push: + name: push-1.10.12-alpine3.10-onbuild + tag: "1.10.12-alpine3.10-onbuild" + dev_build: true + extra_tags: "1.10.12-alpine3.10-onbuild-${CIRCLE_BUILD_NUM},1.10.12-5.dev-alpine3.10-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.12-alpine3.10-onbuild + - test-1.10.12-alpine3.10-images + filters: + branches: + only: + - master + - build: + name: build-1.10.12-buster + airflow_version: 1.10.12 + distribution_name: buster + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.12.build)" + - scan-trivy: + name: scan-trivy-1.10.12-buster-onbuild + airflow_version: 1.10.12 + distribution: buster + distribution_name: buster-onbuild + requires: + - build-1.10.12-buster + - test: + name: test-1.10.12-buster-images + tag: "1.10.12-buster" + requires: + - build-1.10.12-buster + - push: + name: push-1.10.12-buster + tag: "1.10.12-buster" + dev_build: true + extra_tags: "1.10.12-buster-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.12-buster-onbuild + - test-1.10.12-buster-images + filters: + branches: + only: + - master + - push: + name: push-1.10.12-buster-onbuild + tag: "1.10.12-buster-onbuild" + dev_build: true + extra_tags: "1.10.12-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.12-5.dev-buster-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.12-buster-onbuild + - test-1.10.12-buster-images + filters: + branches: + only: + - master + - build: + name: build-1.10.14-buster + airflow_version: 1.10.14 + distribution_name: buster + dev_build: true + extra_args: "--build-arg VERSION=$(curl https://pip.astronomer.io/simple/astronomer-certified/latest-1.10.14.build)" + - scan-trivy: + name: scan-trivy-1.10.14-buster-onbuild + airflow_version: 1.10.14 + distribution: buster + distribution_name: buster-onbuild + requires: + - build-1.10.14-buster + - test: + name: test-1.10.14-buster-images + tag: "1.10.14-buster" + requires: + - build-1.10.14-buster + - push: + name: push-1.10.14-buster + tag: "1.10.14-buster" + dev_build: true + extra_tags: "1.10.14-buster-${CIRCLE_BUILD_NUM}" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.14-buster-onbuild + - test-1.10.14-buster-images + filters: + branches: + only: + - master + - push: + name: push-1.10.14-buster-onbuild + tag: "1.10.14-buster-onbuild" + dev_build: true + extra_tags: "1.10.14-buster-onbuild-${CIRCLE_BUILD_NUM},1.10.14-4.dev-buster-onbuild" + context: + - quay.io + - docker.io + requires: + - scan-trivy-1.10.14-buster-onbuild + - test-1.10.14-buster-images + filters: + branches: + only: + - master + jobs: static-checks: executor: machine-executor diff --git a/.circleci/generate_circleci_config.py b/.circleci/generate_circleci_config.py index c2bb74fd..733f7037 100755 --- a/.circleci/generate_circleci_config.py +++ b/.circleci/generate_circleci_config.py @@ -11,10 +11,10 @@ from jinja2 import Environment, FileSystemLoader IMAGE_MAP = collections.OrderedDict([ - ("1.10.7-18", ["alpine3.10", "buster"]), - ("1.10.10-8", ["alpine3.10", "buster"]), - ("1.10.12-4", ["alpine3.10", "buster"]), - ("1.10.14-3", ["buster"]), + ("1.10.7-19.dev", ["alpine3.10", "buster"]), + ("1.10.10-9.dev", ["alpine3.10", "buster"]), + ("1.10.12-5.dev", ["alpine3.10", "buster"]), + ("1.10.14-4.dev", ["buster"]), ("1.10.15-3", ["buster"]), ("2.0.0-8", ["buster"]), ("2.0.2-4", ["buster"]), diff --git a/1.10.10/CHANGELOG.md b/1.10.10/CHANGELOG.md index 52257f8f..118ea7e0 100644 --- a/1.10.10/CHANGELOG.md +++ b/1.10.10/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +Astronomer Certified 1.10.10-9, TBC +-------------------------------------------- + +### Bug Fixes + +- Exclude ``yarn.lock`` from built Python wheel file (#16577) ([commit](https://github.com/astronomer/airflow/commit/06804608f)) +- Only allow webserver to request from the worker log server (#16754) ([commit](https://github.com/astronomer/airflow/commit/1df632588)) +- Dockerfile: Add constraint for installed Airflow version (#274) ([commit](https://github.com/astronomer/ap-airflow/commit/60174ec)) +- Dockerfile: Upgrade Fab Security Manager to 1.6.0 (#272) ([commit](https://github.com/astronomer/ap-airflow/commit/417fd59)) +- Dockerfile: Update / Override PIP version in Env Vars (#263) ([commit](https://github.com/astronomer/ap-airflow/commit/ab60218)) + Astronomer Certified 1.10.10-8, 2021-04-27 -------------------------------------------- diff --git a/1.10.10/alpine3.10/Dockerfile b/1.10.10/alpine3.10/Dockerfile index e620c437..de5fa9b5 100644 --- a/1.10.10/alpine3.10/Dockerfile +++ b/1.10.10/alpine3.10/Dockerfile @@ -17,7 +17,7 @@ FROM alpine:3.10 LABEL maintainer="Astronomer " ARG ORG="astronomer" -ARG VERSION="1.10.10-8" +ARG VERSION="1.10.10-9.*" ARG SUBMODULES="all, statsd, elasticsearch" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG REPO_BRANCH=master diff --git a/1.10.10/buster/Dockerfile b/1.10.10/buster/Dockerfile index e649f467..d0e80299 100644 --- a/1.10.10/buster/Dockerfile +++ b/1.10.10/buster/Dockerfile @@ -110,7 +110,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.10-8" +ARG VERSION="1.10.10-9.*" ARG SUBMODULES="async,azure_blob_storage,azure_cosmos,azure_container_instances,celery,crypto,elasticsearch,gcp,kubernetes,mysql,postgres,s3,emr,redis,slack,ssh,statsd,virtualenv" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG AIRFLOW_VERSION="1.10.10" @@ -144,7 +144,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.10-8" +ARG VERSION="1.10.10-9.*" ARG AIRFLOW_VERSION="1.10.10" LABEL io.astronomer.docker.airflow.version="${AIRFLOW_VERSION}" LABEL io.astronomer.docker.ac.version="${VERSION}" diff --git a/1.10.12/CHANGELOG.md b/1.10.12/CHANGELOG.md index 4a15315a..319b4014 100644 --- a/1.10.12/CHANGELOG.md +++ b/1.10.12/CHANGELOG.md @@ -1,9 +1,23 @@ # Changelog +Astronomer Certified 1.10.12-5, TBC +----------------------------------------------- + +### Bugfixes + +- Only allow webserver to request from the worker log server (#16754) ([commit](https://github.com/astronomer/airflow/commit/0ec3decda)) +- Exclude ``yarn.lock`` from built Python wheel file (#16577) ([commit](https://github.com/astronomer/airflow/commit/492573cd7)) +- [backport] Fix bug with `executor_config` and Volumes ([commit](https://github.com/astronomer/airflow/commit/ae9a5ed41)) +- Dockerfile: Add constraint for installed Airflow version (#274) ([commit](https://github.com/astronomer/ap-airflow/commit/60174ec)) +- Dockerfile: Update / Override PIP version in Env Vars (#263) ([commit](https://github.com/astronomer/ap-airflow/commit/ab60218)) +- Dockerfile: Bump Epoch to fix CVEs (#239) ([commit](https://github.com/astronomer/ap-airflow/commit/6522368)) +- Dockerfile: Add missing '--no-cache-dir' in 1.10.12 alpine image (#230) ([commit](https://github.com/astronomer/ap-airflow/commit/6cc5015)) +- Dockerfile: Upgrade Fab Security Manager to 1.6.0 + Astronomer Certified 1.10.12-4, 2021-03-18 ----------------------------------------------- -## Bugfixes +### Bugfixes - Fix `sync-perm` to work correctly when `update_fab_perms = False` (apache#14847) ([commit](https://github.com/astronomer/airflow/commit/ee476eba705116cd4c2b01ede3645c13b6a226e6)) - Webserver: Sanitize string passed to origin param (apache#14738) ([commit](https://github.com/astronomer/airflow/commit/469faa82f5a449ea4d2c1317942b5ce5b2ae656f)) diff --git a/1.10.12/alpine3.10/Dockerfile b/1.10.12/alpine3.10/Dockerfile index b17a1e47..7bb704cd 100644 --- a/1.10.12/alpine3.10/Dockerfile +++ b/1.10.12/alpine3.10/Dockerfile @@ -17,7 +17,7 @@ FROM alpine:3.10 LABEL maintainer="Astronomer " ARG ORG="astronomer" -ARG VERSION="1.10.12-4" +ARG VERSION="1.10.12-5.*" ARG SUBMODULES="all, statsd, elasticsearch" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG REPO_BRANCH=master @@ -48,6 +48,12 @@ COPY include/humans@astronomer.io.rsa.pub /etc/apk/keys COPY include/pip.conf /etc/pip.conf COPY include/pip-constraints.txt /usr/local/share/astronomer-pip-constraints.txt +# This constraints will be only used during docker-build +# and won't be included in the final image +# It is useful to install airflow-providers that work but still allow users to +# install providers of their choice (as opposed to entries in astronomer-pip-constraints.txt) +COPY build-time-pip-constraints.txt /tmp/build-time-pip-constraints.txt + # Install packages RUN echo https://github.com/astronomer/ap-airflow/raw/${REPO_BRANCH}/alpine-packages/3.10/repo >> /etc/apk/repositories \ && apk update \ @@ -93,7 +99,7 @@ RUN echo https://github.com/astronomer/ap-airflow/raw/${REPO_BRANCH}/alpine-pack && update-ca-certificates \ && cp /usr/share/zoneinfo/UTC /etc/localtime \ && pip3 install --no-cache-dir --upgrade snowflake-connector-python==1.9.1 \ - && pip3 install --no-cache-dir "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-3.7.txt" \ + && pip3 install --no-cache-dir "${AIRFLOW_MODULE}" --constraint /tmp/build-time-pip-constraints.txt \ && pip3 install --no-cache-dir "https://github.com/astronomer/astronomer-airflow-scripts/releases/download/v0.0.5/astronomer_airflow_scripts-0.0.5-py3-none-any.whl" \ && pip3 install --no-cache-dir "astronomer-fab-security-manager~=1.2, >=1.2.2" \ && apk del .build-deps py3-numpy-dev \ diff --git a/1.10.12/alpine3.10/build-time-pip-constraints.txt b/1.10.12/alpine3.10/build-time-pip-constraints.txt new file mode 100644 index 00000000..594ae031 --- /dev/null +++ b/1.10.12/alpine3.10/build-time-pip-constraints.txt @@ -0,0 +1,349 @@ +adal==1.2.4 +alabaster==0.7.12 +alembic==1.4.2 +amqp==2.6.1 +analytics-python==1.2.9 +ansiwrap==0.8.4 +apipkg==1.5 +apispec==1.3.3 +appdirs==1.4.4 +argcomplete==1.12.0 +asn1crypto==1.4.0 +astroid==2.4.2 +astronomer-airflow-version-check==1.0.7 +astronomer-fab-security-manager==1.6.0 +async-generator==1.10 +atlasclient==1.0.0 +attrs==20.3.0 +aws-sam-translator==1.26.0 +aws-xray-sdk==2.6.0 +azure-common==1.1.25 +azure-core==1.12.0 +azure-cosmos==3.2.0 +azure-datalake-store==0.0.49 +azure-identity==1.5.0 +azure-keyvault==4.1.0 +azure-keyvault-certificates==4.2.1 +azure-keyvault-keys==4.3.1 +azure-keyvault-secrets==4.2.0 +azure-mgmt-containerinstance==1.5.0 +azure-mgmt-resource==10.2.0 +azure-nspkg==3.0.2 +azure-storage==0.36.0 +azure-storage-blob==2.1.0 +azure-storage-common==2.1.0 +Babel==2.8.0 +backcall==0.2.0 +bcrypt==3.2.0 +beautifulsoup4==4.7.1 +billiard==3.6.3.0 +bleach==3.3.0 +blinker==1.4 +boto==2.49.0 +boto3==1.14.44 +botocore==1.17.44 +cached-property==1.5.1 +cachetools==4.1.1 +cassandra-driver==3.20.2 +cattrs==1.0.0 +celery==4.4.7 +certifi==2020.6.20 +cffi==1.14.2 +cfgv==3.2.0 +cfn-lint==0.35.0 +cgroupspy==0.1.6 +chardet==3.0.4 +click==6.7 +cloudant==0.5.10 +colorama==0.4.3 +colorlog==4.0.2 +configparser==3.5.3 +coverage==5.2.1 +croniter==0.3.34 +cryptography==3.0 +cx-Oracle==8.0.0 +Cython==0.29.10 +datadog==0.38.0 +decorator==4.4.2 +defusedxml==0.6.0 +dill==0.3.2 +distlib==0.3.1 +distro==1.5.0 +dnspython==1.16.0 +docker==3.7.3 +docker-pycreds==0.4.0 +docopt==0.6.2 +docutils==0.16 +ecdsa==0.14.1 +elasticsearch==5.5.3 +elasticsearch-dsl==5.4.0 +email-validator==1.1.1 +entrypoints==0.3 +execnet==1.7.1 +fastavro==0.24.1 +filelock==3.0.12 +flake8==3.8.3 +flake8-colors==0.1.6 +flaky==3.7.0 +Flask==1.1.2 +Flask-Admin==1.5.4 +Flask-AppBuilder==2.3.2 +Flask-Babel==1.0.0 +Flask-Bcrypt==0.7.1 +Flask-Caching==1.3.3 +Flask-JWT-Extended==3.24.1 +Flask-Login==0.4.1 +Flask-OpenID==1.2.5 +Flask-SQLAlchemy==2.4.4 +flask-swagger==0.2.14 +Flask-WTF==0.14.3 +flower==0.9.5 +freezegun==0.3.15 +fsspec==0.8.0 +funcsigs==1.0.2 +future==0.18.2 +future-fstrings==1.2.0 +gcsfs==0.6.2 +google-api-core==1.22.1 +google-api-python-client==1.10.0 +google-auth==1.20.1 +google-auth-httplib2==0.0.4 +google-auth-oauthlib==0.4.1 +google-cloud-bigquery==1.26.1 +google-cloud-bigtable==1.4.0 +google-cloud-container==1.0.1 +google-cloud-core==1.4.1 +google-cloud-dlp==1.0.0 +google-cloud-language==1.3.0 +google-cloud-secret-manager==1.0.0 +google-cloud-spanner==1.17.1 +google-cloud-speech==1.3.2 +google-cloud-storage==1.30.0 +google-cloud-texttospeech==1.0.1 +google-cloud-translate==1.7.0 +google-cloud-videointelligence==1.15.0 +google-cloud-vision==1.0.0 +google-crc32c==0.1.0 +google-resumable-media==0.7.1 +googleapis-common-protos==1.52.0 +graphviz==0.14.1 +grpc-google-iam-v1==0.12.3 +grpcio==1.31.0 +grpcio-gcp==0.2.2 +gunicorn==20.0.4 +hdfs==2.5.8 +hmsclient==0.1.1 +httplib2==0.18.1 +humanize==2.6.0 +hvac==0.10.5 +identify==1.4.28 +idna==2.10 +ijson==3.1.4 +imagesize==1.2.0 +importlib-metadata==1.7.0 +inflection==0.5.0 +ipdb==0.13.3 +ipython==7.17.0 +ipython-genutils==0.2.0 +iso8601==0.1.12 +isodate==0.6.0 +itsdangerous==1.1.0 +JayDeBeApi==1.2.3 +jedi==0.17.2 +Jinja2==2.11.2 +jira==2.0.0 +jmespath==0.10.0 +JPype1==0.7.2 +json-merge-patch==0.2 +jsondiff==1.1.2 +jsonpatch==1.26 +jsonpickle==1.4.1 +jsonpointer==2.0 +jsonschema==3.2.0 +junit-xml==1.9 +jupyter-client==6.1.6 +jupyter-core==4.6.3 +jupyterlab-pygments==0.1.2 +jwcrypto==0.6.0 +kombu==4.6.11 +kubernetes==11.0.0 +lazy-object-proxy==1.5.1 +ldap3==2.8 +lockfile==0.12.2 +Mako==1.1.3 +Markdown==2.6.11 +MarkupSafe==1.1.1 +marshmallow==2.21.0 +marshmallow-enum==1.5.1 +marshmallow-sqlalchemy==0.23.1 +mccabe==0.6.1 +mistune==0.8.4 +mock==4.0.2 +mongomock==3.20.0 +more-itertools==8.4.0 +moto==1.3.14 +msal==1.10.0 +msal-extensions==0.3.0 +msrest==0.6.18 +msrestazure==0.6.4 +multi-key-dict==2.0.3 +mypy==0.720 +mypy-extensions==0.4.3 +mysqlclient==1.3.14 +natsort==7.0.1 +nbclient==0.4.1 +nbconvert==6.0.7 +nbformat==5.0.7 +nest-asyncio==1.4.0 +networkx==2.4 +nodeenv==1.4.0 +nteract-scrapbook==0.3.1 +ntlm-auth==1.5.0 +numpy==1.19.1 +oauthlib==3.1.0 +oscrypto==1.2.1 +packaging==20.4 +pandas==1.1.0 +pandas-gbq==0.13.2 +pandocfilters==1.4.3 +papermill==1.2.1 +parameterized==0.7.4 +paramiko==2.7.1 +parso==0.7.1 +pathspec==0.8.0 +pbr==5.4.5 +pendulum==1.4.4 +pexpect==4.8.0 +pickleshare==0.7.5 +pinotdb==0.1.1 +pluggy==0.13.1 +portalocker==1.7.1 +pre-commit==2.6.0 +presto-python-client==0.7.0 +prison==0.1.3 +prometheus-client==0.8.0 +prompt-toolkit==3.0.6 +protobuf==3.13.0 +psutil==5.7.2 +psycopg2==2.7.7 +psycopg2-binary==2.8.5 +ptyprocess==0.6.0 +py==1.9.0 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 +pycodestyle==2.6.0 +pycparser==2.20 +pycryptodome==3.9.1 +pycryptodomex==3.9.8 +pydata-google-auth==1.1.0 +pydruid==0.5.8 +pyflakes==2.2.0 +Pygments==2.6.1 +PyHive==0.6.3 +PyJWT==1.7.1 +pykerberos==1.2.1 +pymongo==3.10.1 +pymssql==2.1.4 +PyNaCl==1.4.0 +pyOpenSSL==19.1.0 +pyparsing==2.4.7 +pyrsistent==0.16.0 +pysftp==0.2.9 +PySmbClient==0.1.5 +pytest==5.4.3 +pytest-cov==2.10.1 +pytest-forked==1.3.0 +pytest-instafail==0.4.2 +pytest-rerunfailures==9.0 +pytest-timeout==1.4.2 +pytest-xdist==2.0.0 +python-daemon==2.2.4 +python-dateutil==2.8.1 +python-editor==1.0.4 +python-http-client==3.2.7 +python-jenkins==1.7.0 +python-jose==3.2.0 +python-nvd3==0.15.0 +python-slugify==4.0.1 +python3-openid==3.2.0 +pytz==2020.1 +pytzdata==2020.1 +pywinrm==0.4.1 +PyYAML==5.3.1 +pyzmq==19.0.2 +qds-sdk==1.16.0 +redis==3.5.3 +requests==2.24.0 +requests-futures==0.9.4 +requests-kerberos==0.12.0 +requests-mock==1.8.0 +requests-ntlm==1.1.0 +requests-oauthlib==1.3.0 +requests-toolbelt==0.9.1 +responses==0.10.16 +rsa==4.6 +s3transfer==0.3.3 +sasl==0.2.1 +sendgrid==5.6.0 +sentinels==1.0.0 +sentry-sdk==0.16.5 +setproctitle==1.1.10 +six==1.15.0 +slackclient==1.3.2 +snowballstemmer==2.0.0 +snowflake-connector-python==2.2.10 +snowflake-sqlalchemy==1.2.3 +soupsieve==2.0.1 +Sphinx==3.2.1 +sphinx-argparse==0.2.5 +sphinx-autoapi==1.0.0 +sphinx-copybutton==0.3.0 +sphinx-jinja==1.1.1 +sphinx-rtd-theme==0.5.0 +sphinxcontrib-applehelp==1.0.2 +sphinxcontrib-devhelp==1.0.2 +sphinxcontrib-dotnetdomain==0.4 +sphinxcontrib-golangdomain==0.2.0.dev0 +sphinxcontrib-htmlhelp==1.0.3 +sphinxcontrib-httpdomain==1.7.0 +sphinxcontrib-jsmath==1.0.1 +sphinxcontrib-qthelp==1.0.3 +sphinxcontrib-serializinghtml==1.1.4 +SQLAlchemy==1.3.19 +SQLAlchemy-JSONField==0.9.0 +SQLAlchemy-Utils==0.36.8 +sshpubkeys==3.1.0 +sshtunnel==0.1.5 +statsd==3.3.0 +tabulate==0.8.7 +tenacity==4.12.0 +testpath==0.4.4 +text-unidecode==1.3 +textwrap3==0.9.2 +thrift==0.13.0 +thrift-sasl==0.4.2 +toml==0.10.1 +tornado==5.1.1 +tqdm==4.48.2 +traitlets==4.3.3 +typed-ast==1.4.1 +typing-extensions==3.7.4.2 +tzlocal==1.5.1 +unicodecsv==0.14.1 +Unidecode==1.1.1 +uritemplate==3.0.1 +urllib3==1.25.10 +vertica-python==0.11.0 +vine==1.3.0 +virtualenv==20.0.31 +wcwidth==0.2.5 +webencodings==0.5.1 +websocket-client==0.57.0 +Werkzeug==0.16.1 +wrapt==1.12.1 +WTForms==2.2.1 +xmltodict==0.12.0 +yamllint==1.24.2 +zdesk==2.7.1 +zipp==3.1.0 +zope.deprecation==4.4.0 diff --git a/1.10.12/buster/Dockerfile b/1.10.12/buster/Dockerfile index 74c051d9..be80d072 100644 --- a/1.10.12/buster/Dockerfile +++ b/1.10.12/buster/Dockerfile @@ -110,7 +110,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.12-4" +ARG VERSION="1.10.12-5.*" ARG SUBMODULES="async,azure_blob_storage,azure_cosmos,azure_container_instances,celery,crypto,elasticsearch,gcp,kubernetes,mysql,postgres,s3,emr,redis,slack,ssh,statsd,virtualenv" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG AIRFLOW_VERSION="1.10.12" @@ -120,8 +120,14 @@ ARG AIRFLOW_VERSION="1.10.12" COPY include/pip.conf /etc/pip.conf COPY include/pip-constraints.txt /usr/local/share/astronomer-pip-constraints.txt +# This constraints will be only used during docker-build +# and won't be included in the final image +# It is useful to install airflow-providers that work but still allow users to +# install providers of their choice (as opposed to entries in astronomer-pip-constraints.txt) +COPY build-time-pip-constraints.txt /tmp/build-time-pip-constraints.txt + # Pip install airflow and astro security manager -RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-${PYTHON_MAJOR_MINOR_VERSION}.txt" \ +RUN pip install "${AIRFLOW_MODULE}" --constraint /tmp/build-time-pip-constraints.txt \ && pip install "https://github.com/astronomer/astronomer-airflow-scripts/releases/download/v0.0.5/astronomer_airflow_scripts-0.0.5-py3-none-any.whl" \ && pip install "astronomer-fab-security-manager~=1.2, >=1.2.2" @@ -138,7 +144,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.12-4" +ARG VERSION="1.10.12-5.*" ARG AIRFLOW_VERSION="1.10.12" LABEL io.astronomer.docker.airflow.version="${AIRFLOW_VERSION}" LABEL io.astronomer.docker.ac.version="${VERSION}" diff --git a/1.10.12/buster/build-time-pip-constraints.txt b/1.10.12/buster/build-time-pip-constraints.txt new file mode 100644 index 00000000..854ad85d --- /dev/null +++ b/1.10.12/buster/build-time-pip-constraints.txt @@ -0,0 +1,179 @@ +adal==1.2.4 +alembic==1.4.2 +amqp==2.6.1 +apispec==1.3.3 +appdirs==1.4.4 +argcomplete==1.12.0 +astronomer-airflow-scripts==0.0.5 +astronomer-airflow-version-check==1.0.7 +astronomer-fab-security-manager==1.6.0 +attrs==20.3.0 +azure-common==1.1.25 +azure-cosmos==3.2.0 +azure-mgmt-containerinstance==1.5.0 +azure-nspkg==3.0.2 +azure-storage==0.36.0 +azure-storage-blob==2.1.0 +azure-storage-common==2.1.0 +Babel==2.8.0 +bcrypt==3.2.0 +billiard==3.6.3.0 +boto3==1.14.44 +botocore==1.17.44 +cached-property==1.5.1 +cachetools==4.1.1 +cattrs==1.0.0 +celery==4.4.7 +certifi==2020.6.20 +cffi==1.14.2 +chardet==3.0.4 +click==6.7 +colorama==0.4.3 +colorlog==4.0.2 +configparser==3.5.3 +croniter==0.3.34 +cryptography==3.0 +defusedxml==0.6.0 +dill==0.3.2 +distlib==0.3.1 +distro==1.5.0 +dnspython==1.16.0 +docutils==0.16 +elasticsearch==5.5.3 +elasticsearch-dsl==5.4.0 +email-validator==1.1.1 +eventlet==0.30.2 +filelock==3.0.12 +Flask==1.1.2 +Flask-Admin==1.5.4 +Flask-AppBuilder==2.3.4 +Flask-Babel==1.0.0 +Flask-Caching==1.3.3 +Flask-JWT-Extended==3.24.1 +Flask-Login==0.4.1 +Flask-OpenID==1.2.5 +Flask-SQLAlchemy==2.4.4 +flask-swagger==0.2.14 +Flask-WTF==0.14.3 +flower==0.9.5 +funcsigs==1.0.2 +future==0.18.2 +gevent==21.1.2 +google-api-core==1.22.1 +google-api-python-client==1.10.0 +google-auth==1.20.1 +google-auth-httplib2==0.0.4 +google-auth-oauthlib==0.4.1 +google-cloud-bigquery==1.26.1 +google-cloud-bigtable==1.4.0 +google-cloud-container==1.0.1 +google-cloud-core==1.4.1 +google-cloud-dlp==1.0.0 +google-cloud-language==1.3.0 +google-cloud-secret-manager==1.0.0 +google-cloud-spanner==1.17.1 +google-cloud-speech==1.3.2 +google-cloud-storage==1.30.0 +google-cloud-texttospeech==1.0.1 +google-cloud-translate==1.7.0 +google-cloud-videointelligence==1.15.0 +google-cloud-vision==1.0.0 +google-crc32c==0.1.0 +google-resumable-media==0.7.1 +googleapis-common-protos==1.52.0 +graphviz==0.14.1 +greenlet==1.0.0 +grpc-google-iam-v1==0.12.3 +grpcio==1.31.0 +grpcio-gcp==0.2.2 +gunicorn==20.0.4 +httplib2==0.18.1 +humanize==2.6.0 +idna==2.10 +importlib-metadata==1.7.0 +iso8601==0.1.12 +isodate==0.6.0 +itsdangerous==1.1.0 +Jinja2==2.11.2 +jmespath==0.10.0 +json-merge-patch==0.2 +jsonschema==3.2.0 +jwcrypto==0.6.0 +kombu==4.6.11 +kubernetes==11.0.0 +lazy-object-proxy==1.5.1 +lockfile==0.12.2 +Mako==1.1.3 +Markdown==2.6.11 +MarkupSafe==1.1.1 +marshmallow==2.21.0 +marshmallow-enum==1.5.1 +marshmallow-sqlalchemy==0.23.1 +msrest==0.6.18 +msrestazure==0.6.4 +mysqlclient==1.3.14 +natsort==7.0.1 +numpy==1.19.1 +oauthlib==3.1.0 +packaging==20.4 +pandas==1.1.0 +pandas-gbq==0.13.2 +paramiko==2.7.1 +pendulum==1.4.4 +prison==0.1.3 +prometheus-client==0.8.0 +protobuf==3.13.0 +psutil==5.7.2 +psycopg2-binary==2.8.5 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 +pycparser==2.20 +pydata-google-auth==1.1.0 +Pygments==2.6.1 +PyJWT==1.7.1 +PyNaCl==1.4.0 +pyOpenSSL==19.1.0 +pyparsing==2.4.7 +pyrsistent==0.16.0 +pysftp==0.2.9 +python-daemon==2.2.4 +python-dateutil==2.8.1 +python-editor==1.0.4 +python-nvd3==0.15.0 +python-slugify==4.0.1 +python3-openid==3.2.0 +pytz==2020.1 +pytzdata==2020.1 +PyYAML==5.3.1 +redis==3.5.3 +requests==2.24.0 +requests-oauthlib==1.3.0 +rsa==4.6 +s3transfer==0.3.3 +setproctitle==1.1.10 +six==1.15.0 +slackclient==1.3.2 +SQLAlchemy==1.3.19 +SQLAlchemy-JSONField==0.9.0 +SQLAlchemy-Utils==0.36.8 +sshtunnel==0.1.5 +statsd==3.3.0 +tabulate==0.8.7 +tenacity==4.12.0 +text-unidecode==1.3 +thrift==0.13.0 +tornado==5.1.1 +typing-extensions==3.7.4.2 +tzlocal==1.5.1 +unicodecsv==0.14.1 +uritemplate==3.0.1 +urllib3==1.25.10 +vine==1.3.0 +virtualenv==20.0.31 +websocket-client==0.57.0 +Werkzeug==0.16.1 +WTForms==2.3.3 +zipp==3.1.0 +zope.deprecation==4.4.0 +zope.event==4.5.0 +zope.interface==5.2.0 diff --git a/1.10.14/CHANGELOG.md b/1.10.14/CHANGELOG.md index 5e8a4dc5..13c5753b 100644 --- a/1.10.14/CHANGELOG.md +++ b/1.10.14/CHANGELOG.md @@ -1,9 +1,22 @@ # Changelog +Astronomer Certified 1.10.14-4, TBC +------------------------------------------ + +### Bugfixes + +- Exclude ``yarn.lock`` from built Python wheel file (#16577) ([commit](https://github.com/astronomer/airflow/commit/25d46e4e9)) +- [backport] Fix bug with `executor_config` and Volumes ([commit](https://github.com/astronomer/airflow/commit/e268afd5c)) +- Only allow webserver to request from the worker log server (#16754) ([commit](https://github.com/astronomer/airflow/commit/815dcd5b4)) +- Dockerfile: Add constraint for installed Airflow version (#274) ([commit](https://github.com/astronomer/ap-airflow/commit/60174ec)) +- Dockerfile: Update / Override PIP version in Env Vars (#263) ([commit](https://github.com/astronomer/ap-airflow/commit/ab60218)) +- Dockerfile: Bump Epoch to fix CVEs (#239) ([commit](https://github.com/astronomer/ap-airflow/commit/6522368)) +- Dockerfile: Upgrade Fab Security Manager to 1.6.0 + Astronomer Certified 1.10.14-3, 2021-03-18 ------------------------------------------ -## Bugfixes +### Bugfixes - Fix `sync-perm` to work correctly when `update_fab_perms = False` (apache#14847) ([commit](https://github.com/astronomer/airflow/commit/c5ea249db4d1a5528118e4168f125da3eadb59ed)) - Webserver: Sanitize string passed to origin param (apache#14738) ([commit](https://github.com/astronomer/airflow/commit/d38d3625540a0d802470177a32efb5991158f70a)) diff --git a/1.10.14/buster/Dockerfile b/1.10.14/buster/Dockerfile index 98f6ad2a..c15fdccc 100644 --- a/1.10.14/buster/Dockerfile +++ b/1.10.14/buster/Dockerfile @@ -110,7 +110,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.14-3" +ARG VERSION="1.10.14-4.*" ARG SUBMODULES="async,azure_blob_storage,azure_cosmos,azure_container_instances,celery,crypto,elasticsearch,gcp,kubernetes,mysql,postgres,s3,emr,redis,slack,ssh,statsd,virtualenv" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG AIRFLOW_VERSION="1.10.14" @@ -120,8 +120,14 @@ ARG AIRFLOW_VERSION="1.10.14" COPY include/pip.conf /etc/pip.conf COPY include/pip-constraints.txt /usr/local/share/astronomer-pip-constraints.txt +# This constraints will be only used during docker-build +# and won't be included in the final image +# It is useful to install airflow-providers that work but still allow users to +# install providers of their choice (as opposed to entries in astronomer-pip-constraints.txt) +COPY build-time-pip-constraints.txt /tmp/build-time-pip-constraints.txt + # Pip install airflow and astro security manager -RUN pip install "${AIRFLOW_MODULE}" --constraint "https://raw.githubusercontent.com/apache/airflow/constraints-${AIRFLOW_VERSION}/constraints-${PYTHON_MAJOR_MINOR_VERSION}.txt" \ +RUN pip install "${AIRFLOW_MODULE}" --constraint /tmp/build-time-pip-constraints.txt \ && pip install "https://github.com/astronomer/astronomer-airflow-scripts/releases/download/v0.0.5/astronomer_airflow_scripts-0.0.5-py3-none-any.whl" \ && pip install "astronomer-fab-security-manager~=1.2, >=1.2.2" @@ -138,7 +144,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.14-3" +ARG VERSION="1.10.14-4.*" ARG AIRFLOW_VERSION="1.10.14" LABEL io.astronomer.docker.airflow.version="${AIRFLOW_VERSION}" LABEL io.astronomer.docker.ac.version="${VERSION}" diff --git a/1.10.14/buster/build-time-pip-constraints.txt b/1.10.14/buster/build-time-pip-constraints.txt new file mode 100644 index 00000000..1641743e --- /dev/null +++ b/1.10.14/buster/build-time-pip-constraints.txt @@ -0,0 +1,187 @@ +adal==1.2.5 +alembic==1.4.3 +amqp==2.6.1 +apispec==1.3.3 +appdirs==1.4.4 +argcomplete==1.12.2 +astronomer-airflow-scripts==0.0.5 +astronomer-airflow-version-check==1.0.7 +astronomer-fab-security-manager==1.6.0 +attrs==20.3.0 +azure-common==1.1.26 +azure-core==1.9.0 +azure-cosmos==3.2.0 +azure-mgmt-containerinstance==1.5.0 +azure-nspkg==3.0.2 +azure-storage==0.36.0 +azure-storage-blob==12.6.0 +azure-storage-common==2.1.0 +Babel==2.9.0 +bcrypt==3.2.0 +billiard==3.6.3.0 +boto3==1.10.50 +botocore==1.13.50 +cached-property==1.5.2 +cachetools==4.1.1 +cattrs==1.1.2 +celery==4.4.7 +certifi==2020.11.8 +cffi==1.14.4 +chardet==3.0.4 +click==6.7 +colorama==0.4.4 +colorlog==4.0.2 +configparser==3.5.3 +croniter==0.3.36 +cryptography==3.2.1 +defusedxml==0.6.0 +dill==0.3.3 +distlib==0.3.1 +distro==1.5.0 +dnspython==1.16.0 +docutils==0.15.2 +elasticsearch==5.5.3 +elasticsearch-dsl==5.4.0 +email-validator==1.1.2 +eventlet==0.30.2 +filelock==3.0.12 +Flask==1.1.2 +Flask-Admin==1.5.4 +Flask-AppBuilder==2.3.4 +Flask-Babel==1.0.0 +Flask-Caching==1.3.3 +Flask-JWT-Extended==3.25.0 +Flask-Login==0.4.1 +Flask-OpenID==1.2.5 +Flask-SQLAlchemy==2.4.4 +flask-swagger==0.2.14 +Flask-WTF==0.14.3 +flower==0.9.5 +funcsigs==1.0.2 +future==0.18.2 +gevent==21.1.2 +google-api-core==1.23.0 +google-api-python-client==1.12.8 +google-auth==1.23.0 +google-auth-httplib2==0.0.4 +google-auth-oauthlib==0.4.2 +google-cloud-bigquery==2.4.0 +google-cloud-bigquery-storage==2.1.0 +google-cloud-bigtable==1.6.0 +google-cloud-container==1.0.1 +google-cloud-core==1.4.3 +google-cloud-dlp==1.0.0 +google-cloud-language==1.3.0 +google-cloud-secret-manager==1.0.0 +google-cloud-spanner==1.19.1 +google-cloud-speech==1.3.2 +google-cloud-storage==1.33.0 +google-cloud-texttospeech==1.0.1 +google-cloud-translate==1.7.0 +google-cloud-videointelligence==1.16.1 +google-cloud-vision==1.0.0 +google-crc32c==1.0.0 +google-resumable-media==1.1.0 +googleapis-common-protos==1.52.0 +graphviz==0.15 +greenlet==1.0.0 +grpc-google-iam-v1==0.12.3 +grpcio==1.33.2 +grpcio-gcp==0.2.2 +gunicorn==20.0.4 +httplib2==0.18.1 +humanize==3.1.0 +idna==2.8 +importlib-metadata==2.1.0 +importlib-resources==1.5.0 +iso8601==0.1.13 +isodate==0.6.0 +itsdangerous==1.1.0 +Jinja2==2.11.2 +jmespath==0.10.0 +json-merge-patch==0.2 +jsonschema==3.2.0 +jwcrypto==0.6.0 +kombu==4.6.11 +kubernetes==11.0.0 +lazy-object-proxy==1.4.3 +libcst==0.3.14 +lockfile==0.12.2 +Mako==1.1.3 +Markdown==2.6.11 +MarkupSafe==1.1.1 +marshmallow==2.21.0 +marshmallow-enum==1.5.1 +marshmallow-sqlalchemy==0.23.1 +msrest==0.6.19 +msrestazure==0.6.4 +mypy-extensions==0.4.3 +mysqlclient==1.3.14 +natsort==7.1.0 +numpy==1.19.4 +oauthlib==3.1.0 +packaging==20.7 +pandas==1.1.4 +pandas-gbq==0.14.1 +paramiko==2.7.2 +pendulum==1.4.4 +prison==0.1.3 +prometheus-client==0.8.0 +proto-plus==1.11.0 +protobuf==3.14.0 +psutil==5.7.3 +psycopg2-binary==2.8.6 +pyarrow==2.0.0 +pyasn1==0.4.8 +pyasn1-modules==0.2.8 +pycparser==2.20 +pydata-google-auth==1.1.0 +Pygments==2.7.2 +PyJWT==1.7.1 +PyNaCl==1.4.0 +pyOpenSSL==20.0.0 +pyparsing==2.4.7 +pyrsistent==0.17.3 +pysftp==0.2.9 +python-daemon==2.2.4 +python-dateutil==2.8.1 +python-editor==1.0.4 +python-nvd3==0.15.0 +python-slugify==4.0.1 +python3-openid==3.2.0 +pytz==2020.4 +pytzdata==2020.1 +PyYAML==5.3.1 +redis==3.5.3 +requests==2.23.0 +requests-oauthlib==1.3.0 +rsa==4.6 +s3transfer==0.2.1 +setproctitle==1.2 +six==1.15.0 +slackclient==1.3.2 +SQLAlchemy==1.3.20 +SQLAlchemy-JSONField==0.9.0 +SQLAlchemy-Utils==0.36.8 +sshtunnel==0.1.5 +statsd==3.3.0 +tabulate==0.8.7 +tenacity==4.12.0 +text-unidecode==1.3 +thrift==0.13.0 +tornado==5.1.1 +typing-extensions==3.7.4.3 +typing-inspect==0.6.0 +tzlocal==1.5.1 +unicodecsv==0.14.1 +uritemplate==3.0.1 +urllib3==1.25.11 +vine==1.3.0 +virtualenv==20.2.1 +websocket-client==0.54.0 +Werkzeug==0.16.1 +WTForms==2.3.3 +zipp==3.4.0 +zope.deprecation==4.4.0 +zope.event==4.5.0 +zope.interface==5.2.0 diff --git a/1.10.15/CHANGELOG.md b/1.10.15/CHANGELOG.md index e13d14b9..c068ace4 100644 --- a/1.10.15/CHANGELOG.md +++ b/1.10.15/CHANGELOG.md @@ -9,7 +9,7 @@ Astronomer Certified 1.10.15-3, 2021-07-14 - [backport] Fix bug with `executor_config` and Volumes ([commit](https://github.com/astronomer/airflow/commit/7813076ac)) - Only allow webserver to request from the worker log server (#16754) ([commit](https://github.com/astronomer/airflow/commit/b8db31c19)) - Dockerfile: Add constraint for installed Airflow version (#274) ([commit](https://github.com/astronomer/ap-airflow/commit/60174ec)) -- Dockerfile: Upgrade Fab sec manager to 1.6.0 (#272) ([commit](https://github.com/astronomer/ap-airflow/commit/417fd59)) +- Dockerfile: Upgrade Fab Security Manager to 1.6.0 (#272) ([commit](https://github.com/astronomer/ap-airflow/commit/417fd59)) Astronomer Certified 1.10.15-2, 2021-06-04 ------------------------------------------ diff --git a/1.10.7/CHANGELOG.md b/1.10.7/CHANGELOG.md index b28674eb..9ed8325d 100644 --- a/1.10.7/CHANGELOG.md +++ b/1.10.7/CHANGELOG.md @@ -1,5 +1,16 @@ # Changelog +Astronomer Certified 1.10.7-19, TBC +-------------------------------------------- + +### Bug Fixes + +- Exclude ``yarn.lock`` from built Python wheel file (#16577) ([commit](https://github.com/astronomer/airflow/commit/fc685c2ad)) +- Only allow webserver to request from the worker log server (#16754) ([commit](https://github.com/astronomer/airflow/commit/878e7aac4)) +- Dockerfile: Add constraint for installed Airflow version (#274) ([commit](https://github.com/astronomer/ap-airflow/commit/60174ec)) +- Dockerfile: Upgrade Fab Security Manager to 1.6.0 (#272) ([commit](https://github.com/astronomer/ap-airflow/commit/417fd59)) +- Dockerfile: Update / Override PIP version in Env Vars (#263) ([commit](https://github.com/astronomer/ap-airflow/commit/ab60218)) + Astronomer Certified 1.10.7-18, 2021-04-27 -------------------------------------------- diff --git a/1.10.7/alpine3.10/Dockerfile b/1.10.7/alpine3.10/Dockerfile index bd44a955..77c1d56d 100644 --- a/1.10.7/alpine3.10/Dockerfile +++ b/1.10.7/alpine3.10/Dockerfile @@ -17,7 +17,7 @@ FROM alpine:3.10 LABEL maintainer="Astronomer " ARG ORG="astronomer" -ARG VERSION="1.10.7-18" +ARG VERSION="1.10.7-19.*" ARG SUBMODULES="all, statsd, elasticsearch" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG REPO_BRANCH=master diff --git a/1.10.7/buster/Dockerfile b/1.10.7/buster/Dockerfile index 2378fc82..aec6a472 100644 --- a/1.10.7/buster/Dockerfile +++ b/1.10.7/buster/Dockerfile @@ -110,7 +110,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.7-18" +ARG VERSION="1.10.7-19.*" ARG SUBMODULES="async,azure_blob_storage,azure_cosmos,azure_container_instances,celery,crypto,elasticsearch,gcp,kubernetes,mysql,postgres,s3,emr,redis,slack,ssh,statsd,virtualenv" ARG AIRFLOW_MODULE="astronomer_certified[${SUBMODULES}]==$VERSION" ARG AIRFLOW_VERSION="1.10.7" @@ -144,7 +144,7 @@ RUN apt-get update \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -ARG VERSION="1.10.7-18" +ARG VERSION="1.10.7-19.*" ARG AIRFLOW_VERSION="1.10.7" LABEL io.astronomer.docker.airflow.version="${AIRFLOW_VERSION}" LABEL io.astronomer.docker.ac.version="${VERSION}"