Bump go builder, build dependencies and runtime dependencies by mclasmeier · Pull Request #69 · stackrox/roxie

mclasmeier · 2026-03-20T11:01:53Z

Bumps

go builder (changing to go-toolset, which we also use for other images)
build dependencies
runtime dependencies in Dockerfile

Also removes the helm CLI from the image (which also comes with a critical CVE), thereby only supporting operator-based installs when using the image. I think this is alright, given that the nowadays hidden --helm option is only for specific dev needs until it is deprecated and removed completely.

Before:

After:

GrimmiMeloni

Overall looking good to me.
Question - is there any concern around the downloads we do here from google and github? I.e. shall we rather pin the downloads by SHA? (Or check against checksums?)
The recent wave of supply chain attacks makes me wonder if we can still trust a "known good" source to actually be known good all the time...

Fix tar invocation

tommartensen

LGTM

Bump go builder

36c155f

mclasmeier force-pushed the mc/go-builder branch from 5d8e591 to bffb4d1 Compare March 24, 2026 11:07

Remove apk add

0bbffc9

mclasmeier force-pushed the mc/go-builder branch from bffb4d1 to 0bbffc9 Compare March 24, 2026 11:12

Fix build permissions

a8ff0f1

mclasmeier force-pushed the mc/go-builder branch from 674aa7b to 7e1bb44 Compare March 24, 2026 12:32

mclasmeier changed the title ~~Bump go builder~~ Bump go builder, build dependencies and runtime dependencies Mar 24, 2026

Moritz Clasmeier added 2 commits March 24, 2026 14:00

Version bumps in Dockerfile

46d644e

Go version bumps

dad0467

mclasmeier force-pushed the mc/go-builder branch from 7e1bb44 to dad0467 Compare March 24, 2026 13:00

Remove helm from image -- only support operator in image

a1d95f4

mclasmeier requested review from GrimmiMeloni, tommartensen and vladbologa March 27, 2026 09:51

GrimmiMeloni approved these changes Mar 27, 2026

View reviewed changes

mclasmeier force-pushed the mc/go-builder branch from db07537 to 420023a Compare March 27, 2026 13:04

Pin checksums

61f96b8

mclasmeier force-pushed the mc/go-builder branch from 420023a to 61f96b8 Compare March 27, 2026 13:48

tommartensen reviewed Mar 30, 2026

View reviewed changes

Comment thread Dockerfile

Comment thread Dockerfile Outdated

Comment thread Dockerfile Outdated

Moritz Clasmeier added 3 commits March 30, 2026 11:57

Bump gcloud sdk and reference official docs for checksums

239e4cf

Simplified Dockerfile (WORKDIR setup)

2100bca

Mention kubectl checksum reference

47c0d9b

tommartensen approved these changes Mar 30, 2026

View reviewed changes

Fix gcloud checksum for amd64

9977aac

Fix tar invocation

mclasmeier force-pushed the mc/go-builder branch from 2d2f358 to 9977aac Compare March 30, 2026 12:51

mclasmeier requested a review from tommartensen March 30, 2026 13:21

tommartensen approved these changes Mar 30, 2026

View reviewed changes

mclasmeier merged commit f75bbc6 into main Mar 30, 2026
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump go builder, build dependencies and runtime dependencies#69

Bump go builder, build dependencies and runtime dependencies#69
mclasmeier merged 11 commits into
mainfrom
mc/go-builder

mclasmeier commented Mar 20, 2026 •

edited

Loading

Uh oh!

GrimmiMeloni left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

tommartensen left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

mclasmeier commented Mar 20, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

GrimmiMeloni left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

tommartensen left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

mclasmeier commented Mar 20, 2026 •

edited

Loading