curl: command not found

[zhangxiaotaotao]

cypress/included:9.5.1

cypress/included:9.5.2

cypress/included:9.5.3

cypress/included:9.5.4

[olereidar]

Hello, I am facing the same problem - curl seems to be missing from the images since cypress/base:12.22.8.

Is this by design? I need curl in my build-pipeline :(

[olereidar]

If you need curl you can always run apt-get update && apt-get install curl -y

[mirobo]

All new images created for 12.3.0 and 12.4.0 which have a much longer names such as cypress-12.4.0-node-16.18.1-chrome-109.0.5414.74-1-ff-109.0-edge-109.0.1518.52-1 don't include cURL because the Cypress team apparently uses their new "factory" image which cleans up some packages: https://github.com/cypress-io/cypress-docker-images/blob/master/factory/factory.Dockerfile.

I'm not sure if those "long" image names are just some tests but this is not practical when using "renovate" to update the reference to the Cypress image. We cannot guess how the name of the image will be once they update the included browsers.

Also I'm not sure why they would clean such a small package out of the "included" image (don't think that 8 MB matter when the image is much bigger anyway).

In this case I wonder why I should even build my own image with the "factory" docker image if I need to reinstall cURL anyway? Seems to be a missing feature in the docker/linux universe where you could just define dependencies and they are installed automatically if they are missing :-P

[mjhenkes]

Curl has been re-introduced to the package: #834

Any new docker containers released (or built by the factory) will contain curl by default. Normally we don't include dependencies not directly used by cypress, but the curl dep is tiny and will help users out.

@mirobo Also we are now tagging the cypress/included docker images with both the long name including the node and browser versions and the short cypress only version. The reason we include the long name is that without it you don't have any awareness of what browser versions you're testing with, nor would we have the ability to re-release a cypress/included version where the cypress version remains the same, but the browser version has changed.

https://hub.docker.com/repository/docker/cypress/included/tags?page=1&ordering=last_updated

[mirobo]

Curl has been re-introduced to the package: #834

Any new docker containers released (or built by the factory) will contain curl by default. Normally we don't include dependencies not directly used by cypress, but the curl dep is tiny and will help users out.

@mirobo Also we are now tagging the cypress/included docker images with both the long name including the node and browser versions and the short cypress only version. The reason we include the long name is that without it you don't have any awareness of what browser versions you're testing with, nor would we have the ability to re-release a cypress/included version where the cypress version remains the same, but the browser version has changed.

https://hub.docker.com/repository/docker/cypress/included/tags?page=1&ordering=last_updated

Thank you so much!

[mjhenkes]

Unfortunately we're going to have to remove curl for the time being to mitigate a CVE: #852

Sorry all.

[mjhenkes]

For now to add curl in for your workflows you'll have to extend our docker image and install curl yourselves.

[Phonesis]

@mjhenkes any update on this? It is causing major problems with Slack notifications etc (orbs in CircleCI that require curl)

The fix appears to be to add curl manually, but this is a bit of a frustration and gotcha for people

[nagash77]

@Phonesis we have decided to exclude curl in our docker images due to the CVE: #852

Unfortunately there is not a solution here that makes everyone happy as some users want curl and others say the CVE is a deal breaker. As such we have chosen to go the route of leaving curl out and suggesting folks add curl in as part of their Dockerfile if their specific use case requires it.