Fix MUI license issue

[gtardif]

Fix docker build caching issue with secrets. This is causing the extension to display a "missing license" watermark on the UI table

Building a first time without secrets (to export for scout) introduced some cached layers that are wrongly reused when building with secrets.
See known issue and fix

We can see in this build that the npm build using the secret is not using cache, that is already build in step "Build and export"

[github-actions]

🔍 Vulnerabilities of docker/volumes-backup-extension:pr-132

📦 Image Reference docker/volumes-backup-extension:pr-132

digest	sha256:c877c5bd905c5d1ee9365960ccf5181b3a4aa4b99bba14b67d7a1d404215a640
vulnerabilities
size	45 MB
packages	52

📦 Base Image busybox:1.35

also known as	1.35-uclibc 1.35.0 1.35.0-uclibc unstable unstable-uclibc
digest	sha256:505e5e20edbb5f2ac0abe3622358daf2f4a4c818eea0498445b7248e39db6728
vulnerabilities

golang.org/x/net 0.10.0 (golang) pkg:golang/golang.org/x/net@0.10.0 Uncontrolled Resource Consumption Affected range <0.17.0 Fixed version 0.17.0 CVSS Score 7.5 CVSS Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H EPSS Score 0.00152 EPSS Percentile 0.50824 Description A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

[github-actions]

Docker image tag(s) pushed:

docker/volumes-backup-extension:pr-132

Labels added to images:

org.opencontainers.image.created=2024-04-26T09:16:53.589Z
org.opencontainers.image.description=Back up, clone, restore, and share Docker volumes effortlessly.
org.opencontainers.image.licenses=Apache-2.0
org.opencontainers.image.revision=
org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.title=volumes-backup-extension
org.opencontainers.image.url=https://github.com/docker/volumes-backup-extension
org.opencontainers.image.version=pr-132

[github-actions]

Overview

Image reference	docker/volumes-backup-extension:latest	docker/volumes-backup-extension:pr-132
- digest	e2688d351d8d	c877c5bd905c
- provenance	https://github.com/docker/volumes-backup-extension.git#e44e78a16e0f83dee010998c689af405ca0ce27c/commit/e44e78a16e0f83dee010998c689af405ca0ce27c
- vulnerabilities
- platform	linux/amd64	linux/amd64
- size	40 MB	45 MB (+5.0 MB)
- packages	51	52 (+1)
Base Image	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc	busybox:1.35 also known as: • 1.35-uclibc • 1.35.0 • 1.35.0-uclibc
- vulnerabilities

Environment Variables (2 changes)

• ± 2 changed
• 1 unchanged

-BUGSNAG_APP_VERSION=
+BUGSNAG_APP_VERSION=latest
-BUGSNAG_RELEASE_STAGE=production
+BUGSNAG_RELEASE_STAGE=local
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

Labels (3 changes)

• - 2 removed
• ± 1 changed
• 10 unchanged

 com.docker.desktop.extension.api.version=>= 0.2.3
 com.docker.desktop.extension.icon=https://raw.githubusercontent.com/docker/volumes-backup-extension/main/icon.svg
 com.docker.extension.additional-urls=[     {"title":"Support", "url":"https://github.com/docker/volumes-backup-extension/issues"}     ]
 com.docker.extension.categories=volumes
-com.docker.extension.changelog=<ul>    <li>Fixed current image vulnerabilities (CVEs) using Docker Scout.</li>     </ul>
+com.docker.extension.changelog=<ul>    <li>Fix MUI missing license.</li>     </ul>
 com.docker.extension.detailed-description=<p><strong>The functionality in this extension is now available as a Beta feature in the Volumes tab in Docker Desktop versions 4.29.0 and later. This extension will be deprecated once the features are out of Beta.</strong> <a href='https://docs.docker.com/desktop/use-desktop/volumes/'>Learn more</a></p>     <p>With Volumes Backup & Share you can easily create copies of your volumes and also share them with others through SSH or pushing them to a registry.</p>     <h2 id=-features>✨ What can you do with this extension?</h2>     <ul>     <li>Export a volume:</li>     <ul><li>To a compressed file in your local filesystem</li>     <li>To an existing local image</li>     <li>To a new local image</li>     <li>To a new image in Docker Hub (or another registry)</li></ul>     <li>Import data into a new container or into an existing container:</li>     <ul><li>From a compressed file in your local filesystem</li>     <li>From an existing image</li>     <li>From an existing image in Docker Hub (or another registry)</li></ul>     <li>Transfer a volume via SSH to another host that runs Docker Desktop or Docker engine.</li>     <li>Clone, empty or delete a volume</li>     </ul>     <h2>Acknowledgements</h2>     <ul>     <li><a href="https://github.com/BretFisher/docker-vackup">Vackup project by Bret Fisher</a></li>     <li><a href="https://www.youtube.com/watch?v=BHKp7Sc3VVc">Building Vackup - LiveStream on YouTube</a></li>     <ul>     
 com.docker.extension.publisher-url=https://www.docker.com/
 com.docker.extension.screenshots=[     {"alt": "Home page - list of volumes", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/1-table.png"},     {"alt": "Import data into a new volume", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/2-import-new.png"},     {"alt": "Export volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/3-export.png"},     {"alt": "Transfer volume to another host", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/4-transfer.png"},     {"alt": "Clone volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/5-clone.png"},     {"alt": "Delete volume dialog", "url": "https://raw.githubusercontent.com/docker/volumes-backup-extension/main/docs/images/6-delete.png"}     ]
 org.opencontainers.image.description=Backup, clone, restore, and share Docker volumes effortlessly. Also available as a Beta feature in the Volumes tab in Docker Desktop version 4.29.0 and later. This extension will be soon deprecated.
-org.opencontainers.image.revision=e44e78a16e0f83dee010998c689af405ca0ce27c
-org.opencontainers.image.source=https://github.com/docker/volumes-backup-extension
 org.opencontainers.image.title=Volumes Backup & Share
 org.opencontainers.image.vendor=Docker Inc.

Policies (1 improved, 1 worsened, 1 missing data)

Policy Name	docker/volumes-backup-extension:latest	docker/volumes-backup-extension:pr-132	Change	Standing
Copyleft licenses	✅	✅		No Change
Default non-root user	⚠️	⚠️		No Change
Fixable critical and high vulnerabilities	⚠️ 1	⚠️ 1		No Change
High-profile vulnerabilities	⚠️ 1	✅	-1	Improved
Outdated base images	✅	❓ No data
Supply chain attestations	✅	⚠️ 2	+2	Worsened

Packages and Vulnerabilities (1 package changes and 0 vulnerability changes)

• ♾️ 1 packages changed
• 49 packages unchanged

Changes for packages of type golang (1 changes)

	Package	Version docker/volumes-backup-extension:latest	Version docker/volumes-backup-extension:pr-132
♾️	stdlib	1.21.9	go1.21.9

[chaizeg]

TIL!