Closed MthwRobinson closed 1 week ago
Appreciate this work - these changes to dockefile seem to improve security scans tremendously. Is the goal here to get the dockerfile secure for vulnerability scans?
Thanks @hughesadam87 ! Yeah the change to wolfi
is intended to improve the security posture for our images.
Thanks @hughesadam87 ! Yeah the change to
wolfi
is intended to improve the security posture for our images.
Ah great. Let me ask this - your full installation depends on libreoffice. Wolfi recently started supported libreoffice. Is the libreoffice bundled with the full install of unstructured planning use the wofli libreoffice build?
Coming soon! We have a PR in our base images repo that will switch to using the libreoffice
package from the wolfi
package manager. We'll have libreoffice
available for the arm64
build once we switch to the new upstream base image. Planning to have that in before the end of the week.
Summary
Updates the
arm64
build to use the sameDockerfile
asamd64
, since there are now upstream base images forwolfi-base
for both architectures. The legacyrockylinux-9.4
is now stashed in a subdirectory thedocker
subdirectory and is no longer built in CI, but is available is users would like to build it themselves.Additionally, this PR includes a fix to symlink
python3
topython3.11
, which had caused a CI failure here.BREAKING CHANGE: the
arm64
image no longer supports.doc
,.pptx
, or.xls
because we do not yet have alibreoffice
apk
built forwolfi-base
. We intend to address that as a follow on. All other filetypes work.Testing
Successfully docker builds, tests, and smoke tests for amd64 and arm64 on the feature branch (with publish disabled).