Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use image digests for docker-compose files #5664

Merged
merged 1 commit into from
Jun 20, 2024
Merged

Use image digests for docker-compose files #5664

merged 1 commit into from
Jun 20, 2024

Conversation

rdimitrov
Copy link
Contributor

Which problem is this PR solving?

  • Hey, I noticed you have some docker-compose files that are using floating tags to reference images. Pinning images and actions to their commit hash ensures that the same version of the image or action is used every time the workflow runs. This is important for reproducibility and security and it is a security practice recommended by GitHub.

Description of the changes

  • The following PR used frizbee CLI to update the docker-compose files and pin the container images referenced by tags to their commit hash.

How was this change tested?

Checklist

@rdimitrov rdimitrov requested a review from a team as a code owner June 20, 2024 11:10
@rdimitrov rdimitrov requested a review from albertteoh June 20, 2024 11:10
@yurishkuro yurishkuro added the changelog:dependencies Update to dependencies label Jun 20, 2024
@codecov Codecov
Copy link

codecov bot commented Jun 20, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 96.38%. Comparing base (79352d9) to head (6dfcdaf).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #5664   +/-   ##
=======================================
  Coverage   96.38%   96.38%           
=======================================
  Files         329      329           
  Lines       16056    16056           
=======================================
  Hits        15475    15475           
  Misses        404      404           
  Partials      177      177
Flag Coverage Δ
badger_v1 8.04% <ø> (ø)
badger_v2 1.92% <ø> (ø)
cassandra-3.x-v1 16.60% <ø> (ø)
cassandra-3.x-v2 1.84% <ø> (ø)
cassandra-4.x-v1 16.60% <ø> (ø)
cassandra-4.x-v2 1.84% <ø> (ø)
elasticsearch-7.x-v1 18.87% <ø> (-0.05%) ⬇️
elasticsearch-8.x-v1 19.06% <ø> (-0.05%) ⬇️
elasticsearch-8.x-v2 19.06% <ø> (-0.04%) ⬇️
grpc_v1 9.47% <ø> (ø)
grpc_v2 7.49% <ø> (ø)
kafka 9.76% <ø> (ø)
opensearch-1.x-v1 18.91% <ø> (-0.07%) ⬇️
opensearch-2.x-v1 18.92% <ø> (-0.05%) ⬇️
opensearch-2.x-v2 18.91% <ø> (-0.07%) ⬇️
unittests 94.23% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

yurishkuro
yurishkuro approved these changes Jun 20, 2024
View reviewed changes
Copy link
Member

@yurishkuro yurishkuro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@yurishkuro yurishkuro merged commit d856ae7 into jaegertracing:main Jun 20, 2024
42 checks passed
yurishkuro added a commit to renovate-bot/jaegertracing-_-jaeger that referenced this pull request Jun 20, 2024
@yurishkuro
Revert "Use image digests for docker-compose files (jaegertracing#5664)"
19a7ec1 
This reverts commit d856ae7.

Signed-off-by: Yuri Shkuro <[email protected]>
@yurishkuro yurishkuro mentioned this pull request Jun 20, 2024
Merged
@yurishkuro
Copy link
Member

Reverting this in #5668

yurishkuro added a commit that referenced this pull request Jun 20, 2024
@renovate-bot @yurishkuro
Revert PR 5664 - Use image digests for docker-compose files (#5668)
3057242 
Renovate bot does not work well with the change introduced in #5664.
Reverting. We don't need that because these docker-compose files are for
integration testing, they do not affect repeatable builds.

Also resolve #5670.

---------

Signed-off-by: Mend Renovate <[email protected]>
Signed-off-by: Yuri Shkuro <[email protected]>
Co-authored-by: Yuri Shkuro <[email protected]>
Co-authored-by: Yuri Shkuro <[email protected]>
@rdimitrov rdimitrov deleted the frizbee-pin branch June 21, 2024 13:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yurishkuro yurishkuro yurishkuro approved these changes

@albertteoh albertteoh Awaiting requested review from albertteoh albertteoh is a code owner automatically assigned from jaegertracing/jaeger-maintainers

Assignees
No one assigned
Labels
changelog:dependencies Update to dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rdimitrov @yurishkuro