Skip to content

Commit

Permalink
Merge pull request #203 from celo-org/jcortejoso/update-dockerfiles
Browse files Browse the repository at this point in the history 
Reduce CVEs: Update dockerfile and dependencies
  • Loading branch information
@soloseng
soloseng authored Dec 20, 2023
2 parents 9671ce5 + a290524 commit 438a17c
Show file tree
Hide file tree
Showing 15 changed files with 93 additions and 337 deletions.
11 changes: 11 additions & 0 deletions .changeset/tender-tomatoes-protect.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
'@celo/phone-number-privacy-combiner': patch
'@celo/phone-number-privacy-monitor': patch
'@celo/phone-number-privacy-signer': patch
'@celo/phone-number-privacy-common': patch
'@celo/encrypted-backup': patch
'@celo/identity': patch
'@celo/odis-identifiers': patch
---

Update package dependencies to reduce CVEs
2 changes: 2 additions & 0 deletions .github/workflows/odis-combiner-container.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-combiner'
- 'apps/combiner/**'
- 'yarn.lock'
branches:
- main
tags:
Expand All @@ -14,6 +15,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-combiner'
- 'apps/combiner/**'
- 'yarn.lock'
workflow_dispatch:

jobs:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/odis-loadtest-container.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-loadtest'
- 'apps/monitor/**'
- 'yarn.lock'
branches:
- main
tags:
Expand All @@ -14,6 +15,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-loadtest'
- 'apps/monitor/**'
- 'yarn.lock'
workflow_dispatch:

jobs:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/odis-signer-container.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-signer'
- 'apps/signer/**'
- 'yarn.lock'
branches:
- main
tags:
Expand All @@ -14,6 +15,7 @@ on:
paths:
- 'dockerfiles/Dockerfile-signer'
- 'apps/signer/**'
- 'yarn.lock'
workflow_dispatch:

jobs:
Expand Down
Empty file modified .husky/pre-push
100644 → 100755
View file
Empty file.
11 changes: 8 additions & 3 deletions .vscode/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,12 @@
"typescript.preferences.importModuleSpecifier": "non-relative",
"typescript.updateImportsOnFileMove.enabled": "always",
"editor.codeActionsOnSave": {
"source.organizeImports": false
"source.organizeImports": "never"
},
"[javascript]": {
"editor.formatOnSave": true,
"editor.codeActionsOnSave": {
"source.organizeImports": false
"source.organizeImports": "never"
}
},
"[javascriptreact]": {
Expand All @@ -43,5 +43,10 @@
"javascript.format.enable": false,
"editor.tabSize": 2,
"editor.detectIndentation": false,
"typescript.tsdk": "node_modules/typescript/lib"
"typescript.tsdk": "node_modules/typescript/lib",
"[javascriptreact][typescript][typescriptreact]": {
"editor.codeActionsOnSave": {
"source.organizeImports": "explicit"
}
}
}
6 changes: 5 additions & 1 deletion dockerfiles/Dockerfile-combiner
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,9 +13,13 @@ COPY packages/identity packages/identity
COPY packages/odis-identifiers packages/odis-identifiers

##### Main stage
FROM node:18
FROM node:18-alpine3.19
LABEL org.opencontainers.image.authors="[email protected]"

# Install dependencies and upgrade OS packages
RUN apk add --no-cache python3 git bash && \
apk upgrade --no-cache

WORKDIR /celo-phone-number-privacy/

# Copy monorepo settings
Expand Down
6 changes: 5 additions & 1 deletion dockerfiles/Dockerfile-loadtest
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,13 @@ COPY packages/identity packages/identity
COPY packages/odis-identifiers packages/odis-identifiers

##### Main stage
FROM node:18
FROM node:18-alpine3.19
LABEL org.opencontainers.image.authors="[email protected]"

# Upgrade OS packages
RUN apk add --no-cache python3 git bash && \
apk upgrade --no-cache

WORKDIR /celo-phone-number-privacy/

# Copy monorepo settings
Expand Down
7 changes: 6 additions & 1 deletion dockerfiles/Dockerfile-signer
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,13 @@ COPY packages/identity packages/identity
COPY packages/odis-identifiers packages/odis-identifiers

##### Main stage
FROM node:18
FROM node:18-alpine3.19
LABEL org.opencontainers.image.authors="[email protected]"

# Upgrade OS packages
RUN apk add --no-cache python3 git bash && \
apk upgrade --no-cache

WORKDIR /celo-phone-number-privacy/

# Copy monorepo settings
Expand All @@ -28,6 +32,7 @@ ARG PACKAGE_SELECTOR=signer
COPY --from=packages celo-phone-number-privacy/apps/${PACKAGE_SELECTOR} apps/${PACKAGE_SELECTOR}
# COMMENT OUT THIS LINE TO USE PUBLISHED DEPENDENCIES
COPY --from=packages celo-phone-number-privacy/packages packages

# Install dependencies and build. need dev deps too so we can build (tsc)
RUN yarn install --network-timeout 100000 --inline-builds && yarn cache clean
RUN yarn workspaces list
Expand Down
4 changes: 2 additions & 2 deletions docs/kubernetes-deployment/combiner/values/values-staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,12 @@ replicaCount: 1

image:
# -- Image repository
repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-combiner
repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-combiner
# -- Image pullpolicy
pullPolicy: Always
# -- Image tag
# Overrides the image tag whose default is the chart appVersion.
tag: "odis-combiner-3.3.2"
tag: latest

# -- Image pull secrets
imagePullSecrets: []
Expand Down
4 changes: 2 additions & 2 deletions docs/kubernetes-deployment/signer/values/staging/values-signer0-staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ env:
fullnameOverride: ""
image:
pullPolicy: Always
repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer
tag: "odis-signer-3.1.1"
repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer
tag: latest
imagePullSecrets: []
ingress:
enabled: true
Expand Down
4 changes: 2 additions & 2 deletions docs/kubernetes-deployment/signer/values/staging/values-signer1-staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ env:
fullnameOverride: ""
image:
pullPolicy: Always
repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer
tag: "odis-signer-3.1.1"
repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer
tag: latest
imagePullSecrets: []
ingress:
enabled: true
Expand Down
4 changes: 2 additions & 2 deletions docs/kubernetes-deployment/signer/values/staging/values-signer2-staging.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ env:
fullnameOverride: ""
image:
pullPolicy: Always
repository: us-west1-docker.pkg.dev/devopsre/social-connect/odis-signer
tag: "odis-signer-3.1.1"
repository: us-west1-docker.pkg.dev/devopsre/dev-images/odis-signer
tag: latest
imagePullSecrets: []
ingress:
enabled: true
Expand Down
11 changes: 10 additions & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,16 @@
"blind-threshold-bls": "npm:@celo/[email protected]",
"ganache": "npm:@celo/[email protected]",
"@types/bn.js": "4.11.6",
"bignumber.js": "9.0.0"
"bignumber.js": "9.0.0",
"crypto-js": "4.2.0",
"flat": "5.0.1",
"protobufjs": "7.2.4",
"@babel/traverse": "7.23.2",
"node-fetch": "2.6.7",
"get-func-name": "2.0.1",
"minimatch": "3.0.5",
"async": "2.6.4",
"browserify-sign": "4.2.2"
},
"packageManager": "[email protected]"
}
Loading

0 comments on commit 438a17c

Please sign in to comment.