Question: Would it be nice to update & upgrade during image build

[Ay1000]

Hi Guys,

Would it be a good idea if the Dockerfile would be extended with apk update & apk upgrade to ensure all used packages are updated to the latest version?

So: `FROM alpine:latest RUN apk --no-cache add ca-certificates

RUN apk update <--- add this RUN apk upgrade <--- add this`

Using the latest alpine will not automatically use the latest tools shipped with alpine:latest.

asking this because based on the current Dockerfile, two CVE's apply:

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3121
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35381

Let me know what you think.

Thanks

[Ay1000]

@lmangani do you have time to look into this?

[Ay1000]

this one is implemented by PR/MR: https://github.com/sipcapture/heplify-server/pull/502

Can we trigger a pipeline @lmangani so that 'https://hub.docker.com/r/sipcapture/heplify-server/tags' is updated ? or is it a scheduled/autotriggered pipeline?

Thanks

[lmangani]

The narwhal bacons at midnight automatically but I can trigger an early build.... but actually that's not going to work unless we increase the release version....

[Ay1000]

The narwhal bacons at midnight automatically but I can trigger an early build.... but actually that's not going to work unless we increase the release version....

@lmangani, I understand. And for the release version there is probably a procedure you are following (?). Sorry i'm new to this project so not really familiar with the release procedures etc.

[Ay1000]

@lmangani Can we increase the release version?

[lmangani]

We're adding a few optimizations and a new build will take a few days. You can build your own image locally to test.

[Ay1000]

We're adding a few optimizations and a new build will take a few days. You can build your own image locally to test.

Hi, what is the status of the optimizations? Can we have a release on docker hub?

[Ay1000]

Tested locally, it works.