From 3a7135c1d7b9aae925289bc067e8e0b87a7afc4f Mon Sep 17 00:00:00 2001 From: Javier Cortejoso Date: Thu, 14 Dec 2023 17:04:16 +0100 Subject: [PATCH] Update celotool container image (#10821) ### Description Update celotool container image: - Using golang 1.18 - Update debian packages in dockerfile to reduce vulnerabilities - ~~Build linux/arm64 image~~ - Using latest [container-cicd](https://github.com/celo-org/reusable-workflows/blob/v1.13.0/.github/workflows/container-cicd.yaml) shared workflow - Increase GCP token lifetime (because dockerbuild for linux/arm64 is taking ages) ### Vulnerabilities changes. From: ``` 10758 vulnerabilities found in 122 packages UNSPECIFIED 52 LOW 2396 MEDIUM 3527 HIGH 4162 CRITICAL 621 ``` To: ``` 290 vulnerabilities found in 122 packages UNSPECIFIED 20 LOW 92 MEDIUM 85 HIGH 78 CRITICAL 15 ``` --- .github/workflows/containers.yaml | 2 ++ .vscode/settings.json | 11 ++++++++--- dockerfiles/celotool/Dockerfile | 3 ++- dockerfiles/cli-standalone/Dockerfile | 2 +- 4 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/containers.yaml b/.github/workflows/containers.yaml index 4e42a06a1bc..eb35d7d3100 100644 --- a/.github/workflows/containers.yaml +++ b/.github/workflows/containers.yaml @@ -41,6 +41,7 @@ jobs: service-account: 'celo-monorepo-dev@devopsre.iam.gserviceaccount.com' artifact-registry: us-west1-docker.pkg.dev/devopsre/dev-images/celotool tags: ${{ github.sha }} + platforms: linux/amd64 context: . file: dockerfiles/celotool/Dockerfile trivy: true @@ -56,6 +57,7 @@ jobs: service-account: 'celo-monorepo@devopsre.iam.gserviceaccount.com' artifact-registry: us-west1-docker.pkg.dev/devopsre/celo-monorepo/celotool tags: ${{ github.sha }} + platforms: linux/amd64 context: . file: dockerfiles/celotool/Dockerfile trivy: true diff --git a/.vscode/settings.json b/.vscode/settings.json index 928574330b1..9b1004ffe9f 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -14,12 +14,12 @@ "typescript.preferences.importModuleSpecifier": "non-relative", "typescript.updateImportsOnFileMove.enabled": "always", "editor.codeActionsOnSave": { - "source.organizeImports": false + "source.organizeImports": "never" }, "[javascript]": { "editor.formatOnSave": true, "editor.codeActionsOnSave": { - "source.organizeImports": false + "source.organizeImports": "never" } }, "[javascriptreact]": { @@ -44,5 +44,10 @@ "editor.tabSize": 2, "editor.detectIndentation": false, "tslint.jsEnable": true, - "typescript.tsdk": "node_modules/typescript/lib" + "typescript.tsdk": "node_modules/typescript/lib", + "[javascriptreact][typescript][typescriptreact]": { + "editor.codeActionsOnSave": { + "source.organizeImports": "explicit" + } + } } diff --git a/dockerfiles/celotool/Dockerfile b/dockerfiles/celotool/Dockerfile index 6273c95feea..18a1356a29c 100644 --- a/dockerfiles/celotool/Dockerfile +++ b/dockerfiles/celotool/Dockerfile @@ -5,6 +5,7 @@ WORKDIR /celo-monorepo # Needed for gsutil RUN apt-get update && \ + apt-get upgrade -y && \ apt-get install -y lsb-release && \ apt-get install -y curl build-essential git python3 && \ export CLOUD_SDK_REPO="cloud-sdk-$(lsb_release -c -s)" && \ @@ -68,7 +69,7 @@ RUN rm .gitmodules ENV PATH="/celo-monorepo/packages/celotool/bin:${PATH}" -COPY --from=golang:1.16-stretch /usr/local/go/ /usr/local/go/ +COPY --from=golang:1.18-stretch /usr/local/go/ /usr/local/go/ ENV PATH="/usr/local/go/bin:${PATH}" diff --git a/dockerfiles/cli-standalone/Dockerfile b/dockerfiles/cli-standalone/Dockerfile index 89a3759f06e..3c3775d0f64 100644 --- a/dockerfiles/cli-standalone/Dockerfile +++ b/dockerfiles/cli-standalone/Dockerfile @@ -3,7 +3,7 @@ # Example build command: # # VERSION=x.y.z; docker build . --build-arg VERSION=$VERSION -t gcr.io/celo-testnet/celocli-standalone:$VERSION -FROM node:12-alpine +FROM node:20-alpine LABEL org.opencontainers.image.authors="devops@clabs.co" # Install cli install dependencies.