You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2020/11/12 14:09:18 UTC

[openwhisk-runtime-ruby] branch master updated: * Add `apt-get upgrade` to always install latest security fixes during every image build. (#50)

This is an automated email from the ASF dual-hosted git repository.

mhenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk-runtime-ruby.git


The following commit(s) were added to refs/heads/master by this push:
     new 5ed6e3d  * Add `apt-get upgrade` to always install latest security fixes during every image build. (#50)
5ed6e3d is described below

commit 5ed6e3d81c2054cf9d756ab6337145205e779a70
Author: falkzoll <fa...@de.ibm.com>
AuthorDate: Thu Nov 12 14:59:28 2020 +0100

    * Add `apt-get upgrade` to always install latest security fixes during every image build. (#50)
    
    This is done to always have an up to date image even when the base image is not updated for some reason.
    * Cleanup apt data once they are not required anymore.
---
 core/ruby2.5Action/CHANGELOG.md      |  3 +++
 core/ruby2.5Action/Dockerfile        | 12 ++++++++++--
 core/ruby2.6ActionLoop/CHANGELOG.txt |  3 +++
 core/ruby2.6ActionLoop/Dockerfile    | 10 +++++++++-
 4 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/core/ruby2.5Action/CHANGELOG.md b/core/ruby2.5Action/CHANGELOG.md
index 8eb3ac5..b1eee83 100644
--- a/core/ruby2.5Action/CHANGELOG.md
+++ b/core/ruby2.5Action/CHANGELOG.md
@@ -19,6 +19,9 @@
 
 # Ruby 2.5 OpenWhisk Runtime Container
 
+## Next Release
+  - Install latest security fixes with every image build.
+
 ## 1.15.0
   - Build proxy using golang 1.15 and openwhisk-runtime-go 1.16.0 (#48)
 
diff --git a/core/ruby2.5Action/Dockerfile b/core/ruby2.5Action/Dockerfile
index 992adc7..6650ddf 100644
--- a/core/ruby2.5Action/Dockerfile
+++ b/core/ruby2.5Action/Dockerfile
@@ -27,8 +27,16 @@ RUN gem install \
         activesupport `#optional` \
         jwt           `#optional`
 
-# create src directory to store action files
-RUN mkdir -p /action/src
+
+RUN \
+    apt-get -y update \
+    # Upgrade installed packages to get latest security fixes if the base image does not contain them already.
+    && apt-get upgrade -y --no-install-recommends \
+    # Cleanup apt data, we do not need them later on.
+    && rm -rf /var/lib/apt/lists/* \
+    # create src directory to store action files
+    && mkdir -p /action/src
+
 ADD rackapp /action/rackapp/
 COPY config.ru /action
 
diff --git a/core/ruby2.6ActionLoop/CHANGELOG.txt b/core/ruby2.6ActionLoop/CHANGELOG.txt
index 7219f9e..10c68a1 100644
--- a/core/ruby2.6ActionLoop/CHANGELOG.txt
+++ b/core/ruby2.6ActionLoop/CHANGELOG.txt
@@ -19,6 +19,9 @@
 
 # Ruby 2.6 OpenWhisk Runtime Container
 
+## Next Release
+  - Install latest security fixes with every image build.
+
 ## 1.15.0
   - Build proxy using golang 1.15 and openwhisk-runtime-go 1.16.0 (#48)
 
diff --git a/core/ruby2.6ActionLoop/Dockerfile b/core/ruby2.6ActionLoop/Dockerfile
index 6272cd2..714a5aa 100644
--- a/core/ruby2.6ActionLoop/Dockerfile
+++ b/core/ruby2.6ActionLoop/Dockerfile
@@ -33,7 +33,15 @@ FROM ruby:2.6
 # select the builder to use
 ARG GO_PROXY_BUILD_FROM=release
 
-RUN mkdir -p /proxy/bin /proxy/lib /proxy/action
+RUN \
+    apt-get -y update \
+    # Upgrade installed packages to get latest security fixes if the base image does not contain them already.
+    && apt-get upgrade -y --no-install-recommends \
+    # Cleanup apt data, we do not need them later on.
+    && rm -rf /var/lib/apt/lists/* \
+    # Create required directories
+    && mkdir -p /proxy/bin /proxy/lib /proxy/action
+
 WORKDIR /proxy
 COPY --from=builder_source /bin/proxy /bin/proxy_source
 COPY --from=builder_release /bin/proxy /bin/proxy_release