You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by mh...@apache.org on 2020/03/16 08:51:55 UTC

[openwhisk-runtime-dotnet] branch master updated: Get latest security updates with every build. (#32)

This is an automated email from the ASF dual-hosted git repository.

mhenke pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/openwhisk-runtime-dotnet.git


The following commit(s) were added to refs/heads/master by this push:
     new c593769  Get latest security updates with every build. (#32)
c593769 is described below

commit c5937697fccebf45693ad53865bf5aab128ae27e
Author: falkzoll <fa...@de.ibm.com>
AuthorDate: Mon Mar 16 09:51:49 2020 +0100

    Get latest security updates with every build. (#32)
    
    - Add 'apk upgrade' to the image builds to include security fixes with each build in case the used base image is not updated frequently.
        In case the base image is updated frequently, the 'apk upgrade' is a no operation. If not it will catch the security updates available since the last update of the base image.
---
 core/dotnet2.2/CHANGELOG.md | 5 +++++
 core/dotnet2.2/Dockerfile   | 6 ++++++
 core/dotnet3.1/CHANGELOG.md | 5 +++++
 core/dotnet3.1/Dockerfile   | 6 ++++++
 4 files changed, 22 insertions(+)

diff --git a/core/dotnet2.2/CHANGELOG.md b/core/dotnet2.2/CHANGELOG.md
index a3fbb36..71ff900 100644
--- a/core/dotnet2.2/CHANGELOG.md
+++ b/core/dotnet2.2/CHANGELOG.md
@@ -20,6 +20,11 @@
 # .NET Core 2.2 OpenWhisk Runtime Container
 
 
+## 1.15 (next release)
+Changes:
+- Get the latest security fixes (apk upgrade) with every build.
+
+
 ## 1.14
 Changes:
 - Support for async methods. Example:
diff --git a/core/dotnet2.2/Dockerfile b/core/dotnet2.2/Dockerfile
index 70f1067..053ad75 100644
--- a/core/dotnet2.2/Dockerfile
+++ b/core/dotnet2.2/Dockerfile
@@ -29,6 +29,12 @@ WORKDIR /app/Apache.OpenWhisk.Runtime.Dotnet.Minimal
 RUN dotnet publish -c Release -r alpine.3.9-x64 -o out
 
 FROM mcr.microsoft.com/dotnet/core/runtime:2.2-alpine AS runtime
+
+# Get the latest security fixes in case the base image does not contain them already.
+RUN apk update \
+    && apk upgrade \
+    && rm -f /var/cache/apk/*
+
 WORKDIR /app
 COPY --from=build /app/Apache.OpenWhisk.Runtime.Dotnet.Minimal/out ./
 ENV ASPNETCORE_URLS http://+:8080
diff --git a/core/dotnet3.1/CHANGELOG.md b/core/dotnet3.1/CHANGELOG.md
index a499a36..ed867b6 100644
--- a/core/dotnet3.1/CHANGELOG.md
+++ b/core/dotnet3.1/CHANGELOG.md
@@ -20,6 +20,11 @@
 # .NET Core 3.1 OpenWhisk Runtime Container
 
 
+## 1.15 (next release)
+Changes:
+- Get the latest security fixes (apk upgrade) with every build.
+
+
 ## 1.14
 Changes:
 - Initial release
diff --git a/core/dotnet3.1/Dockerfile b/core/dotnet3.1/Dockerfile
index f69c6d2..f636628 100644
--- a/core/dotnet3.1/Dockerfile
+++ b/core/dotnet3.1/Dockerfile
@@ -29,6 +29,12 @@ WORKDIR /app/Apache.OpenWhisk.Runtime.Dotnet.Minimal
 RUN dotnet publish -c Release -r linux-musl-x64 -o out
 
 FROM mcr.microsoft.com/dotnet/core/runtime:3.1-alpine AS runtime
+
+# Get the latest security fixes in case the base image does not contain them already.
+RUN apk update \
+    && apk upgrade \
+    && rm -f /var/cache/apk/*
+
 WORKDIR /app
 COPY --from=build /app/Apache.OpenWhisk.Runtime.Dotnet.Minimal/out ./
 ENV ASPNETCORE_URLS http://+:8080