Pin image versions - Githubissues

opendatahub-io / ai-edge

ODH integration with AI at the Edge usecases

Apache License 2.0

8 stars 17 forks source link

Pin image versions #122

Open piotrpdev opened 10 months ago

piotrpdev commented 10 months ago

Description

These are unpinned:

https://github.com/opendatahub-io/ai-edge/blob/a1fbed4008504f16e9bb9e870ee46e2789bddd0a/pipelines/containerfiles/Containerfile.ab-jq#L1

https://github.com/opendatahub-io/ai-edge/blob/62bb5f6a9c38f7b08a8e85eed2996addf876e3d2/pipelines/tekton/test-mlflow-image-pipeline/test-mlflow-rest-svc-task.yaml#L16

https://github.com/opendatahub-io/ai-edge/blob/a1fbed4008504f16e9bb9e870ee46e2789bddd0a/pipelines/tekton/azureml-container-pipeline/check-model-and-containerfile-exists.yaml#L17

A/C

Pin the version of the images above.
Make sure anything that uses the images still works.

adelton commented 10 months ago

What would pinning (I assume you mean to use a specific tag different than latest) these images actually bring us?

I can see only the downside of forcing images that sooner or later will have CVEs reported for them.

piotrpdev commented 10 months ago

What would pinning (I assume you mean to use a specific tag different than latest) these images actually bring us?

I can see only the downside of forcing images that sooner or later will have CVEs reported to the system.

Good for reproducibility in the future especially considering #134 ¯\(ツ)/¯

adelton commented 10 months ago

The https://github.com/opendatahub-io/ai-edge/issues/134 strives to support exactly using :latest, and still know that nothing broke.