ci: update CI dockerfile for improved reliability and security#35168
Merged
ci: update CI dockerfile for improved reliability and security#35168
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Pin base image to python:3.9.25-bookworm for reproducibility - Replace internal PyPI mirror with public nexus.tdengine.net - Switch dotnet SDK installation from script to pre-built tarball - Replace zlib1g-dev with libz-dev for compatibility - Create /var/run/sshd directory for SSH daemon - Remove inline comment in SSH configuration block
Contributor
|
Warning You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again! |
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the CI Dockerfile to make CI builds more reproducible and less dependent on internal network resources, while also adjusting a few build dependencies and SSH setup.
Changes:
- Pin the builder base image to
python:3.9.25-bookwormand adjust Debian packages (e.g.,libz-dev). - Switch pip index configuration from an internal IP-based mirror to
nexus.tdengine.net. - Change .NET installation approach to use a prebuilt SDK tarball and ensure
/var/run/sshdexists for SSH startup.
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| tests/ci/dockerfile_ci | Updates base image, apt dependencies, pip index configuration, .NET SDK installation, and SSH runtime directory creation. |
| .gitignore | Ignores .worktrees/ and normalizes the debug_coverage/ entry formatting. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
feici02
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述
更新 CI Dockerfile (
tests/ci/dockerfile_ci),提升构建的可靠性和安全性。主要改动
python:3.9.25改为python:3.9.25-bookworm,确保构建环境可复现192.168.0.212) 替换为公共的nexus.tdengine.net,避免依赖内网环境dotnet-sdk-6.0.100-linux-x64.tar.gz),提升构建速度和稳定性zlib1g-dev替换为libz-dev以提升兼容性/var/run/sshd目录,确保 SSH 服务可正常启动