Comments (14)
timkelty
commented on June 5, 2024
3
@jessedobbelaere almost – Currently we only build/push on releases so the job would also have to tag/release.
But you've inspired me – gonna work on this right now.
from docker.
timkelty
commented on June 5, 2024
2
@elivz here is fine, or ping me on Discord.
I'll be automating this shortly, so we'll just get new upstreams nightly.
from docker.
elivz
commented on June 5, 2024
2
Ok fine. I take back all those things I said about you, Tim.
from docker.
timkelty
commented on June 5, 2024
1
I think that's why I've been dragging my feet. 🫂
from docker.
timkelty
commented on June 5, 2024
1
new phone, who dis?
😆 https://github.com/craftcms/docker/actions/runs/5467130524
from docker.
elivz
commented on June 5, 2024
1
Ah well. Looks like setuptools isn't updated upstream yet. Still getting the same error. Might have to try again in a day or two.
from docker.
jessedobbelaere
commented on June 5, 2024
1
@timkelty Any idea about the automatic nightly builds? Could be as simple as adding a schedule to .github/workflows/build-and-push.yml probably?
on:
workflow_dispatch:
push:
branches:
- develop
release:
types: [published]
+ schedule:
+ - cron: "30 2 * * *" # Runs at 02:30 UTC every day
permissions:
contents: read
env:
BUILD_PLATFORMS: linux/amd64, linux/arm64from docker.
timkelty
commented on June 5, 2024
1
We did it, folks…finally!
Thanks to @jessedobbelaere for the nudge and @elivz and @pixleight for the patience.
Images will be rebuilt and tagged nightly to get upstream patches.
❤️ to open source!
from docker.
jessedobbelaere
commented on June 5, 2024
1
Thanks so much @timkelty 🥳 !
from docker.
elivz
commented on June 5, 2024
Amazing! Admit it, though....you'll miss hearing from me.
from docker.
elivz
commented on June 5, 2024
@timkelty We've got a few more CVE alerts this week - ncurses & setuptools. Mind rebuilding when get a sec?
from docker.
elivz
commented on June 5, 2024
@timkelty It's me! Hi! Got a couple more high priority alerts, this time with setuptools and cups. Rebuild plz?
from docker.
pixleight
commented on June 5, 2024
Hey @timkelty , piggybacking on @elivz — any chance can we try a new build? Looks like we've got a few new vulnerabilities in addition to setuptools:
Vulnerability Severity Package Type Fix version URL
- CVE-2023-36664 High ghostscript-9.56.1-r1 APKG 9.56.1-r2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36664
- CVE-2023-3446 Unknown libcrypto1.1-1.1.1u-r1 APKG 1.1.1u-r2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
- CVE-2023-3446 Unknown libssl1.1-1.1.1u-r1 APKG 1.1.1u-r2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
- CVE-2023-35945 Unknown nghttp2-libs-1.47.0-r0 APKG 1.47.0-r1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-35945
- CVE-2023-3446 Unknown openssl-1.1.1u-r1 APKG 1.1.1u-r2 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446
- CVE-2022-29858 Medium assets-1.0.0 npm None https://nvd.nist.gov/vuln/detail/CVE-2022-29858
- CVE-2022-38724 Medium assets-1.0.0 npm None https://nvd.nist.gov/vuln/detail/CVE-2022-38724
- VULNDB-306015 High setuptools-59.4.0 python 65.5.1 https://us2.app.sysdig.com/secure//#/scanning/vulnerabilities/VULNDB-306015
from docker.
timkelty
commented on June 5, 2024
@pixleight 🤞 https://github.com/craftcms/docker/actions/runs/5626052568
from docker.
Related Issues (20)
- Craft install fails - nl is not a valid language. HOT 4
- [8.x] Missing Locales HOT 9
- Security vulnerabilities reported in container re. libpq and zlib HOT 2
- Expat security vulnerability HOT 6
- Security vulnerabilities reported in container HOT 4
- Imagick does not limit its memory usage, can crash php-fpm processes HOT 3
- Python security vulnerability HOT 1
- libtasn1 vulnerability reported HOT 2
- High vulnerability reported in `libde265` HOT 2
- Dev image performance is 10x slower than prod HOT 3
- High vulnerability reported in `tar-1.34-r0` HOT 1
- CVEs HOT 5
- Make Nginx document root configurable
- Upgrade pgdump to 15.3 HOT 2
- github-tag-action runs too often HOT 2
- Supervisord INFO reaped unknown pid HOT 1
- Update Alpine so CVE-2023-38545 can be resolved HOT 2
- README Example for database tools to enable exports/backups needs to be updated
- Add PHP 8.3 images HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.