Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci: build and push Docker image based on Chainguard base image #2036

Merged
merged 1 commit into from
May 14, 2024

Conversation

v1v
Copy link
Member

@v1v v1v commented May 9, 2024

What does this pull request do?

Release two flavours of Docker images:

Please note that we are going to preserve the current Dockerfile, so that users will still be able to build their own custom images based on Alpine: this is needed because docker.elastic.co/wolfi/chainguard-base is not a public base image, so docker build would fail for unauthenticated users.

Tests

I created a feature branch test/docker-images-wolfi:

Then I can test the release workflow without pushing any changes in production but generating docker images with the prefix test- and suffix if -wolfi

See https://github.com/elastic/apm-agent-python/actions/runs/9018252392

Docker images

The ones we usually release

image

Wolfi docker images

image

docker pull docker.elastic.co/observability/apm-agent-python:test-latest-wolfi

@v1v v1v self-assigned this May 9, 2024
@v1v v1v marked this pull request as ready for review May 9, 2024 13:51
@v1v v1v requested review from a team May 9, 2024 13:51
@mgreau
Copy link
Member

mgreau commented May 9, 2024

grype docker.elastic.co/observability/apm-agent-python:test-latest-wolfi
 ✔ Vulnerability DB                [no update available]
 ✔ Loaded image                                                                                                                                                                                          docker.elastic.co/observability/apm-agent-python:test-latest-wolfi
 ✔ Parsed image                                                                                                                                                                                     sha256:32f3de3da9caef11d011ceb668429b03af0b767e3c6c081a00046d7b32b55a20
 ✔ Cataloged contents                                                                                                                                                                                      d58b897cdb7d844a5bf2c2808b255c11b10fe5967a9b9ebed103ef13e7281b33
   ├── ✔ Packages                        [20 packages]
   ├── ✔ File digests                    [103 files]
   ├── ✔ File metadata                   [103 locations]
   └── ✔ Executables                     [28 executables]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found
grype docker.elastic.co/observability/apm-agent-python:test-latest
 ✔ Vulnerability DB                [no update available]
 ✔ Loaded image                                                                                                                                                                                                docker.elastic.co/observability/apm-agent-python:test-latest
 ✔ Parsed image                                                                                                                                                                                     sha256:7e6bf7ba25ba3896785e414cfd2a7d6ee31205b69aaeae312e27ca784be10737
 ✔ Cataloged contents                                                                                                                                                                                      fed1b99e03e2726b53308feb43584a4fd1e16627fb0bc5a2299e0dfb63850eaf
   ├── ✔ Packages                        [20 packages]
   ├── ✔ File digests                    [78 files]
   ├── ✔ File metadata                   [78 locations]
   └── ✔ Executables                     [18 executables]
 ✔ Scanned for vulnerabilities     [22 vulnerability matches]
   ├── by severity: 0 critical, 2 high, 16 medium, 0 low, 0 negligible (4 unknown)
   └── by status:   22 fixed, 0 not-fixed, 0 ignored
NAME        INSTALLED  FIXED-IN   TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.0.8-r3   3.0.12-r0  apk   CVE-2023-5363  High
libcrypto3  3.0.8-r3   3.0.12-r4  apk   CVE-2024-0727  Medium
libcrypto3  3.0.8-r3   3.0.12-r2  apk   CVE-2023-6129  Medium
libcrypto3  3.0.8-r3   3.0.12-r1  apk   CVE-2023-5678  Medium
libcrypto3  3.0.8-r3   3.0.10-r0  apk   CVE-2023-3817  Medium
libcrypto3  3.0.8-r3   3.0.9-r3   apk   CVE-2023-3446  Medium
libcrypto3  3.0.8-r3   3.0.9-r2   apk   CVE-2023-2975  Medium
libcrypto3  3.0.8-r3   3.0.9-r0   apk   CVE-2023-2650  Medium
libcrypto3  3.0.8-r3   3.0.8-r4   apk   CVE-2023-1255  Medium
libcrypto3  3.0.8-r3   3.0.12-r5  apk   CVE-2024-2511  Unknown
libcrypto3  3.0.8-r3   3.0.12-r3  apk   CVE-2023-6237  Unknown
libssl3     3.0.8-r3   3.0.12-r0  apk   CVE-2023-5363  High
libssl3     3.0.8-r3   3.0.12-r4  apk   CVE-2024-0727  Medium
libssl3     3.0.8-r3   3.0.12-r2  apk   CVE-2023-6129  Medium
libssl3     3.0.8-r3   3.0.12-r1  apk   CVE-2023-5678  Medium
libssl3     3.0.8-r3   3.0.10-r0  apk   CVE-2023-3817  Medium
libssl3     3.0.8-r3   3.0.9-r3   apk   CVE-2023-3446  Medium
libssl3     3.0.8-r3   3.0.9-r2   apk   CVE-2023-2975  Medium
libssl3     3.0.8-r3   3.0.9-r0   apk   CVE-2023-2650  Medium
libssl3     3.0.8-r3   3.0.8-r4   apk   CVE-2023-1255  Medium
libssl3     3.0.8-r3   3.0.12-r5  apk   CVE-2024-2511  Unknown
libssl3     3.0.8-r3   3.0.12-r3  apk   CVE-2023-6237  Unknown

@v1v v1v merged commit ecac142 into elastic:main May 14, 2024
94 checks passed
@v1v v1v deleted the feature/support-chainguard-wolfi branch May 14, 2024 19:32
xrmx pushed a commit to xrmx/apm-agent-python that referenced this pull request May 17, 2024
xrmx pushed a commit to xrmx/apm-agent-python that referenced this pull request May 20, 2024
xrmx pushed a commit to xrmx/apm-agent-python that referenced this pull request Jun 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants