Closed etiennetremel closed 8 months ago
Visit the deploys page to approve it
Name | Link |
---|---|
Latest commit | de7643dff739daafeb9de61f778f701e9345c8e5 |
Visit the deploys page to approve it
Name | Link |
---|---|
Latest commit | de7643dff739daafeb9de61f778f701e9345c8e5 |
Nice, I love that smaller image size!
Anything else I can help with?
@etiennetremel It looks the CI job for building the bot container failed. Should be good to merge once that's fixed
ah, that's interesting.. it worked on my machine 😛 I made a few changes, let's see how that goes
@chdsbd anychance you could run the docker build job with credentials?
Not sure why CI is failing
Not sure why CI is failing
Error was being triggered during the pip install of poetry, for this use case I reckon we can safely use the flag --root-ignore-action=ignore
as we then use kodiak as user to run the app from supervisord.
Oh I think we need to update CI to install git
for the script to pass:
since the slim version of the image doesn't have it
@etiennetremel @sbdchd any change you could give this another look? it would be really nice to get vulnerabilities resolved
@novascreen it's pretty old but I just rebased the branch. The Docker credentials are missing in CircleCI, I reckon only @sbdchd or @chdsbd would be able to help with it.
Awesome, thank you!
While scanning the Kodiak Docker image with Grype, we noticed a significant amount of vulnerabilities.
This PR upgrade the base image to the latest 3.7 image and use the slim version which come with a smaller size and reduce the attack surface. I also took the opportunity to use a non root user.