Skip to content

Commit 51e9cd7

Browse files
author
lrochette
committed
Fix CVE
multistage for smaller image Signed-off-by: lrochette <[email protected]>
1 parent 1e9e7f3 commit 51e9cd7

File tree

5 files changed

+28
-7
lines changed

5 files changed

+28
-7
lines changed
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
build
2+
dist
3+
argocd_app_status.spec

incubating/argocd-app-status/CHANGELOG.md

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
# Changelog
2+
## [1.1.3] - 2024-11-20
3+
4+
### Fixed
5+
* CVE-2024-45491 - upgrade libexpat1
6+
* CVE-2024-45492 - upgrade libexpat1
7+
* CVE-2024-37371 - upgrade libkrb5
8+
* CVE-2023-45853 - upgrade zlib1g
9+
210
## [1.1.2] - 2023-09-18
311
### Changed
412

@@ -8,7 +16,7 @@
816

917
## [1.1.1] - 2023-06-03
1018
### Changed
11-
- Upgrade pythpn version to 3.11.3
19+
- Upgrade python version to 3.11.3
1220

1321
### Fixed
1422
- Link for application
Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,17 @@
1-
FROM python:3.11.5-slim-bookworm
1+
# stage 1 Build
2+
FROM python:3.13.0-slim-bookworm AS builder
23
WORKDIR /app
34
COPY requirements.txt requirements.txt
45
RUN pip3 install -r requirements.txt
56
COPY queries queries/
67
COPY argocd_app_status.py argocd_app_status.py
7-
CMD [ "python3", "argocd_app_status.py"]
8+
9+
RUN pip3 install pyinstaller
10+
RUN pyinstaller --onefile app_status.py
11+
12+
# stage 2 : Prod
13+
FROM scratch
14+
WORKDIR /app
15+
COPY queries queries/
16+
COPY dist/argocd_app_status argocd_app_status
17+
CMD argocd_app_status

incubating/argocd-app-status/requirements.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ docopt==0.6.2
55
gql==3.4.0
66
graphql-core==3.2.3
77
idna==3.4
8-
multidict==6.0.4
8+
multidict==6.1.0
99
pipreqs==0.4.13
1010
requests==2.31.0
1111
requests-toolbelt==0.10.1

incubating/argocd-app-status/step.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
kind: step-type
22
metadata:
33
name: argocd-app-status
4-
version: 1.1.2
4+
version: 1.1.3
55
isPublic: true
66
description: Get Argo CD App status and return its sybc and health status
77
sources:
@@ -61,7 +61,7 @@ spec:
6161
},
6262
"IMAGE_TAG": {
6363
"type": "string",
64-
"default": "1.1.2",
64+
"default": "1.1.3",
6565
"description": "OPTIONAL - To overwrite the tag to use"
6666
}
6767
}
@@ -97,7 +97,7 @@ spec:
9797
[[- end ]]
9898
commands:
9999
- cd /app
100-
- python3 argocd_app_status.py
100+
- ./argocd_app_status
101101
delimiters:
102102
left: '[['
103103
right: ']]'

0 commit comments

Comments
 (0)