Skip to content
This repository has been archived by the owner on May 29, 2024. It is now read-only.

Update to latest ubuntu image in dockerfile to avoid lots of vulnerabilities #588

Merged
merged 2 commits into from
Nov 22, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 16 additions & 9 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,23 +1,30 @@
FROM ubuntu:focal
FROM ubuntu:mantic-20231011

WORKDIR /app
COPY . /app

# installing all system dependencies, yq, ruby-build and rbenv
RUN apt-get update && \
apt-get install --yes --no-install-recommends uuid-runtime curl ca-certificates git make build-essential libssl-dev libreadline-dev zlib1g-dev && \
rm -rf /var/lib/apt/lists/* && \
curl -L https://github.com/mikefarah/yq/releases/download/v4.24.2/yq_linux_amd64.tar.gz | tar -xzvf - && mv yq_linux_amd64 /usr/bin/yq && \
git clone https://github.com/rbenv/rbenv.git ~/.rbenv && \
curl -L https://github.com/sstephenson/ruby-build/archive/v20220324.tar.gz | tar -zxvf - -C /tmp/ && \
cd /tmp/ruby-build-* && ./install.sh
apt-get install --yes --no-install-recommends \
uuid-runtime curl ca-certificates git make build-essential \
libssl-dev libreadline-dev zlib1g-dev && \
rm -rf /var/lib/apt/lists/*
RUN curl -L https://github.com/mikefarah/yq/releases/download/v4.40.2/yq_linux_amd64.tar.gz | tar -xzvf - && \
mv yq_linux_amd64 /usr/bin/yq
RUN git clone https://github.com/rbenv/rbenv.git ~/.rbenv && \
curl -L https://github.com/sstephenson/ruby-build/archive/v20231114.tar.gz | tar -zxvf - -C /tmp/ && \
cd /tmp/ruby-build-* && \
./install.sh

# set the env
ENV PATH /root/.rbenv/bin:/root/.rbenv/shims:$PATH
RUN echo 'eval "$(rbenv init -)"' >> .bashrc
RUN echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh # or /etc/profile
RUN echo 'eval "$(rbenv init -)"' >> /etc/profile.d/rbenv.sh

# run the make file to install the app
RUN make install
# override CFLAGS because -w (warning suppression) screws up ruby-build in newer versions
# when compiling ruby 2.6.x, *but* we need newer ruby-build to compile older openssl
# on newer Ubuntu releases
RUN make install RUBY_CFLAGS=''

CMD ["/bin/bash", "script/run_in_docker.sh"]
1 change: 1 addition & 0 deletions Gemfile.lock
Original file line number Diff line number Diff line change
Expand Up @@ -204,6 +204,7 @@ PLATFORMS
universal-java-11
x86-mingw32
x86_64-darwin-20
x86_64-linux

DEPENDENCIES
activesupport (~> 6.1.7.3)
Expand Down
3 changes: 2 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
YQ ?= "yq"
RUBY_CFLAGS ?= -w
.phony: test ftest lint autocorrect update_config autocorrect-unsafe install build-docker run-docker exec_app tag exec_cli
.phony: build_utility build_service release_utility_dev release_service_dev release_utility release_service build_utility_gem build_service_gem

Expand Down Expand Up @@ -67,7 +68,7 @@ push_gem:
bundle _$(shell cat .bundler-version)_ exec gem push .gems/*

install:
RUBY_CFLAGS="-w" rbenv install -s
RUBY_CFLAGS="$(RUBY_CFLAGS)" rbenv install -s
- gem install bundler -v $(shell cat .bundler-version) && rbenv rehash
bundle _$(shell cat .bundler-version)_ install --jobs 1

Expand Down
Loading