From c16650db61971b4109c4a0943535dca46f0f0560 Mon Sep 17 00:00:00 2001 From: Rui Gao Date: Fri, 19 Sep 2025 06:19:14 +0000 Subject: [PATCH 1/3] remove svn since apt doesn't have latest svn package verion 1.14.5 update axios version to 1.12.0 for alert-handler, job-status-change-notification and rest-server change utilization reporter's base image from cbl to python:3.12 update node.js package tar-fs to 3.1.1 update nodemailer version for alert-handler update frameworkcontroller docker image pull policy --- .../build/abnormal-detector.common.dockerfile | 3 + .../build/alert-handler.common.dockerfile | 2 + ...atus-change-notification.common.dockerfile | 2 + .../src/alert-handler/package.json | 7 ++- src/alert-manager/src/alert-handler/yarn.lock | 44 +++++---------- .../package.json | 2 +- .../job-status-change-notification/yarn.lock | 55 +++++++++---------- src/cluster-local-storage/build/build-pre.sh | 0 .../dashboard-data-backup.common.dockerfile | 2 + .../database-controller.common.dockerfile | 2 + src/database-controller/src/package.json | 2 +- src/database-controller/src/yarn.lock | 8 +-- .../deploy/frameworkcontroller.yaml.template | 1 + .../build/rest-server.common.dockerfile | 2 + src/rest-server/package.json | 4 +- src/rest-server/yarn.lock | 24 ++++---- .../utilization-reporter.common.dockerfile | 8 ++- 17 files changed, 87 insertions(+), 81 deletions(-) mode change 100644 => 100755 src/cluster-local-storage/build/build-pre.sh diff --git a/src/alert-manager/build/abnormal-detector.common.dockerfile b/src/alert-manager/build/abnormal-detector.common.dockerfile index f512840d..342ded27 100644 --- a/src/alert-manager/build/abnormal-detector.common.dockerfile +++ b/src/alert-manager/build/abnormal-detector.common.dockerfile @@ -4,6 +4,9 @@ FROM python:3.12 RUN apt update && apt upgrade -y + +RUN apt purge -y subversion && apt autoremove -y + RUN pip install --upgrade pip COPY ./src/abnormal_detector . diff --git a/src/alert-manager/build/alert-handler.common.dockerfile b/src/alert-manager/build/alert-handler.common.dockerfile index 60f215d5..3f407ee8 100755 --- a/src/alert-manager/build/alert-handler.common.dockerfile +++ b/src/alert-manager/build/alert-handler.common.dockerfile @@ -7,6 +7,8 @@ RUN npm install -g npm@latest RUN apt update && apt upgrade -y +RUN apt purge -y subversion && apt autoremove -y + WORKDIR /usr/src/app ENV NODE_ENV=production diff --git a/src/alert-manager/build/job-status-change-notification.common.dockerfile b/src/alert-manager/build/job-status-change-notification.common.dockerfile index e6f135e0..bf023603 100644 --- a/src/alert-manager/build/job-status-change-notification.common.dockerfile +++ b/src/alert-manager/build/job-status-change-notification.common.dockerfile @@ -9,6 +9,8 @@ WORKDIR /usr/src/app RUN apt update && apt upgrade -y +RUN apt purge -y subversion && apt autoremove -y + ENV NODE_ENV=production COPY ./src/job-status-change-notification . diff --git a/src/alert-manager/src/alert-handler/package.json b/src/alert-manager/src/alert-handler/package.json index 4524e19d..58e4c760 100644 --- a/src/alert-manager/src/alert-handler/package.json +++ b/src/alert-manager/src/alert-handler/package.json @@ -35,7 +35,7 @@ }, "dependencies": { "@kubernetes/client-node": "1.2.0", - "axios": "^1.9.0", + "axios": "^1.12.0", "body-parser": "^2.2.0", "cookie-parser": "^1.4.7", "ejs": "^3.1.10", @@ -44,12 +44,13 @@ "express-bearer-token": "^3.0.0", "joi": "^17.13.3", "module-alias": "^2.2.3", - "nodemailer": "^7.0.3", + "nodemailer": "^7.0.7", "winston": "2", "ws": "^8.18.2" }, "resolutions": { - "tar-fs": "^3.0.9", + "nodemailer": "^7.0.7", + "tar-fs": "^3.1.1", "@eslint/plugin-kit": "^0.3.3", "form-data": "^4.0.4" }, diff --git a/src/alert-manager/src/alert-handler/yarn.lock b/src/alert-manager/src/alert-handler/yarn.lock index 8de0799b..d01e65a5 100644 --- a/src/alert-manager/src/alert-handler/yarn.lock +++ b/src/alert-manager/src/alert-handler/yarn.lock @@ -850,14 +850,14 @@ __metadata: languageName: node linkType: hard -"axios@npm:^1.9.0": - version: 1.9.0 - resolution: "axios@npm:1.9.0" +"axios@npm:^1.12.0": + version: 1.12.2 + resolution: "axios@npm:1.12.2" dependencies: follow-redirects: "npm:^1.15.6" - form-data: "npm:^4.0.0" + form-data: "npm:^4.0.4" proxy-from-env: "npm:^1.1.0" - checksum: 10c0/9371a56886c2e43e4ff5647b5c2c3c046ed0a3d13482ef1d0135b994a628c41fbad459796f101c655e62f0c161d03883454474d2e435b2e021b1924d9f24994c + checksum: 10c0/80b063e318cf05cd33a4d991cea0162f3573481946f9129efb7766f38fde4c061c34f41a93a9f9521f02b7c9565ccbc197c099b0186543ac84a24580017adfed languageName: node linkType: hard @@ -3371,24 +3371,10 @@ __metadata: languageName: node linkType: hard -"nodemailer@npm:6.9.16": - version: 6.9.16 - resolution: "nodemailer@npm:6.9.16" - checksum: 10c0/9fd73ab4ab5b81544c3c9820afbe386369aba442f997b2f58d171222a898a7aed580fc100bfe6eebc194f18ba6e169d67ee40ca64d32d69022d89e575cef97a4 - languageName: node - linkType: hard - -"nodemailer@npm:^6.9.13, nodemailer@npm:^6.9.14": - version: 6.10.1 - resolution: "nodemailer@npm:6.10.1" - checksum: 10c0/e81fde258ea4f4e5646e9e3eebe89294d007939999d2d1a8c96c5488fa00bf659e46cf76fccb2697e9aa6ef9807a1ed47ff2aef6ad30b795e3849b6997066d16 - languageName: node - linkType: hard - -"nodemailer@npm:^7.0.3": - version: 7.0.3 - resolution: "nodemailer@npm:7.0.3" - checksum: 10c0/835492262328471b94a080cea43ea20f4232e19a915400cd71c7f4f4ab93a7d361775154eebe30a8fc40379eecf11a0bbc73e6cf4bbee9dccb6dd1cf7a1dc792 +"nodemailer@npm:^7.0.7": + version: 7.0.9 + resolution: "nodemailer@npm:7.0.9" + checksum: 10c0/029af0c89d64a521aa9969196e44c13ef289c7f419264eed8d63682610999e06205b0fc264ab8ac65941dc3eefd3c435f23337a32880614cc199744c9be6209a languageName: node linkType: hard @@ -3607,7 +3593,7 @@ __metadata: resolution: "pai-alert-handler@workspace:." dependencies: "@kubernetes/client-node": "npm:1.2.0" - axios: "npm:^1.9.0" + axios: "npm:^1.12.0" body-parser: "npm:^2.2.0" cookie-parser: "npm:^1.4.7" dotenv: "npm:^16.5.0" @@ -3624,7 +3610,7 @@ __metadata: express-bearer-token: "npm:^3.0.0" joi: "npm:^17.13.3" module-alias: "npm:^2.2.3" - nodemailer: "npm:^7.0.3" + nodemailer: "npm:^7.0.7" prettier: "npm:~3.5.3" winston: "npm:2" ws: "npm:^8.18.2" @@ -4514,9 +4500,9 @@ __metadata: languageName: node linkType: hard -"tar-fs@npm:^3.0.9": - version: 3.0.9 - resolution: "tar-fs@npm:3.0.9" +"tar-fs@npm:^3.1.1": + version: 3.1.1 + resolution: "tar-fs@npm:3.1.1" dependencies: bare-fs: "npm:^4.0.1" bare-path: "npm:^3.0.0" @@ -4527,7 +4513,7 @@ __metadata: optional: true bare-path: optional: true - checksum: 10c0/e7c6c8b7d1bf342bab0e94e0a2d96dc73c18d0cc6b59ee7b57f919adb08f5cee7f417cb4baee8322789292dc51ae67028cfd5d73f3559c919723ec7d71aa8959 + checksum: 10c0/0c677d711c4aa41f94e1a712aa647022ba1910ff84430739e5d9e95a615e3ea1b7112dc93164fc8ce30dc715befcf9cfdc64da27d4e7958d73c59bda06aa0d8e languageName: node linkType: hard diff --git a/src/alert-manager/src/job-status-change-notification/package.json b/src/alert-manager/src/job-status-change-notification/package.json index 9fafe98d..b20f5517 100644 --- a/src/alert-manager/src/job-status-change-notification/package.json +++ b/src/alert-manager/src/job-status-change-notification/package.json @@ -33,7 +33,7 @@ "prettier": "~3.5.3" }, "dependencies": { - "axios": "^1.9.0", + "axios": "^1.12.0", "interval-promise": "^1.4.0", "joi": "^17.13.3", "module-alias": "^2.2.3", diff --git a/src/alert-manager/src/job-status-change-notification/yarn.lock b/src/alert-manager/src/job-status-change-notification/yarn.lock index 974be5e6..c1aee6fd 100644 --- a/src/alert-manager/src/job-status-change-notification/yarn.lock +++ b/src/alert-manager/src/job-status-change-notification/yarn.lock @@ -50,6 +50,15 @@ __metadata: languageName: node linkType: hard +"@eslint/core@npm:^0.15.2": + version: 0.15.2 + resolution: "@eslint/core@npm:0.15.2" + dependencies: + "@types/json-schema": "npm:^7.0.15" + checksum: 10c0/c17a6dc4f5a6006ecb60165cc38bcd21fefb4a10c7a2578a0cfe5813bbd442531a87ed741da5adab5eb678e8e693fda2e2b14555b035355537e32bcec367ea17 + languageName: node + linkType: hard + "@eslint/eslintrc@npm:^3.3.1": version: 3.3.1 resolution: "@eslint/eslintrc@npm:3.3.1" @@ -81,13 +90,13 @@ __metadata: languageName: node linkType: hard -"@eslint/plugin-kit@npm:^0.2.8": - version: 0.2.8 - resolution: "@eslint/plugin-kit@npm:0.2.8" +"@eslint/plugin-kit@npm:^0.3.3": + version: 0.3.5 + resolution: "@eslint/plugin-kit@npm:0.3.5" dependencies: - "@eslint/core": "npm:^0.13.0" + "@eslint/core": "npm:^0.15.2" levn: "npm:^0.4.1" - checksum: 10c0/554847c8f2b6bfe0e634f317fc43d0b54771eea0015c4f844f75915fdb9e6170c830c004291bad57db949d61771732e459f36ed059f45cf750af223f77357c5c + checksum: 10c0/c178c1b58c574200c0fd125af3e4bc775daba7ce434ba6d1eeaf9bcb64b2e9fea75efabffb3ed3ab28858e55a016a5efa95f509994ee4341b341199ca630b89e languageName: node linkType: hard @@ -419,14 +428,14 @@ __metadata: languageName: node linkType: hard -"axios@npm:^1.9.0": - version: 1.9.0 - resolution: "axios@npm:1.9.0" +"axios@npm:^1.12.0": + version: 1.12.2 + resolution: "axios@npm:1.12.2" dependencies: follow-redirects: "npm:^1.15.6" - form-data: "npm:^4.0.0" + form-data: "npm:^4.0.4" proxy-from-env: "npm:^1.1.0" - checksum: 10c0/9371a56886c2e43e4ff5647b5c2c3c046ed0a3d13482ef1d0135b994a628c41fbad459796f101c655e62f0c161d03883454474d2e435b2e021b1924d9f24994c + checksum: 10c0/80b063e318cf05cd33a4d991cea0162f3573481946f9129efb7766f38fde4c061c34f41a93a9f9521f02b7c9565ccbc197c099b0186543ac84a24580017adfed languageName: node linkType: hard @@ -1320,15 +1329,16 @@ __metadata: languageName: node linkType: hard -"form-data@npm:^4.0.0": - version: 4.0.2 - resolution: "form-data@npm:4.0.2" +"form-data@npm:^4.0.4": + version: 4.0.4 + resolution: "form-data@npm:4.0.4" dependencies: asynckit: "npm:^0.4.0" combined-stream: "npm:^1.0.8" es-set-tostringtag: "npm:^2.1.0" + hasown: "npm:^2.0.2" mime-types: "npm:^2.1.12" - checksum: 10c0/e534b0cf025c831a0929bf4b9bbe1a9a6b03e273a8161f9947286b9b13bf8fb279c6944aae0070c4c311100c6d6dbb815cd955dc217728caf73fad8dc5b8ee9c + checksum: 10c0/373525a9a034b9d57073e55eab79e501a714ffac02e7a9b01be1c820780652b16e4101819785e1e18f8d98f0aee866cc654d660a435c378e16a72f2e7cac9695 languageName: node linkType: hard @@ -1838,7 +1848,7 @@ __metadata: version: 0.0.0-use.local resolution: "job-status-change-notification@workspace:." dependencies: - axios: "npm:^1.9.0" + axios: "npm:^1.12.0" eslint: "npm:^9.26.0" eslint-config-prettier: "npm:~10.1.2" eslint-plugin-import: "npm:^2.31.0" @@ -1849,7 +1859,6 @@ __metadata: interval-promise: "npm:^1.4.0" joi: "npm:^17.13.3" module-alias: "npm:^2.2.3" - npm-check-updates: "npm:^18.0.1" openpaidbsdk: "file:./openpaidbsdk" prettier: "npm:~3.5.3" sequelize: "npm:^6.37.7" @@ -2069,16 +2078,6 @@ __metadata: languageName: node linkType: hard -"npm-check-updates@npm:^18.0.1": - version: 18.0.1 - resolution: "npm-check-updates@npm:18.0.1" - bin: - ncu: build/cli.js - npm-check-updates: build/cli.js - checksum: 10c0/0f4f8c26e8a51a413ee724fe76f0860bd360e0c096a52e928916ef6fe3ff0c2ea0f346ca8d291a43f46a269d05450e2a879fed8aa11871f73970d5f9dfdd162a - languageName: node - linkType: hard - "object-assign@npm:^4": version: 4.1.1 resolution: "object-assign@npm:4.1.1" @@ -2169,11 +2168,11 @@ __metadata: "openpaidbsdk@file:./openpaidbsdk::locator=job-status-change-notification%40workspace%3A.": version: 1.0.2 - resolution: "openpaidbsdk@file:./openpaidbsdk#./openpaidbsdk::hash=8f34d7&locator=job-status-change-notification%40workspace%3A." + resolution: "openpaidbsdk@file:./openpaidbsdk#./openpaidbsdk::hash=2318c0&locator=job-status-change-notification%40workspace%3A." dependencies: pg: "npm:^8.15.6" sequelize: "npm:6.37.7" - checksum: 10c0/6d4cf9f022c3e32c6ab3ad6fe8fcfa2672f8a5b01570623d3862b355ba70af628130a5bba35fdbe5c53b8e4670cad2f3222555dfb4d6039f662f649727078201 + checksum: 10c0/37403f99e7805e802bf87b19a93033e444fc0b753c55ad569c080eeda9f0f6b3fdb16e008107c215737147cc9a4a32b4432ea25474f193ee752a31e8a3db34f7 languageName: node linkType: hard diff --git a/src/cluster-local-storage/build/build-pre.sh b/src/cluster-local-storage/build/build-pre.sh old mode 100644 new mode 100755 diff --git a/src/dashboard-data-backup/build/dashboard-data-backup.common.dockerfile b/src/dashboard-data-backup/build/dashboard-data-backup.common.dockerfile index c710373f..4bd333c1 100644 --- a/src/dashboard-data-backup/build/dashboard-data-backup.common.dockerfile +++ b/src/dashboard-data-backup/build/dashboard-data-backup.common.dockerfile @@ -3,6 +3,8 @@ FROM python:3.12 # Install cron RUN apt-get update && apt-get upgrade -y && apt-get install -y cron && rm -rf /var/lib/apt/lists/* +RUN apt-get purge -y subversion && apt-get autoremove -y + # Set working directory WORKDIR /app diff --git a/src/database-controller/build/database-controller.common.dockerfile b/src/database-controller/build/database-controller.common.dockerfile index 1acbad09..956695d8 100644 --- a/src/database-controller/build/database-controller.common.dockerfile +++ b/src/database-controller/build/database-controller.common.dockerfile @@ -7,6 +7,8 @@ RUN npm install -g npm@latest RUN apt update && apt upgrade -y +RUN apt purge -y subversion && apt autoremove -y + WORKDIR /database-controller COPY ./src ./src diff --git a/src/database-controller/src/package.json b/src/database-controller/src/package.json index bd9d0edd..180c9805 100644 --- a/src/database-controller/src/package.json +++ b/src/database-controller/src/package.json @@ -35,7 +35,7 @@ "ws": "^8.18.2" }, "resolutions": { - "tar-fs": "^3.0.9", + "tar-fs": "^3.1.1", "@eslint/plugin-kit": "^0.3.3", "form-data": "^4.0.4" }, diff --git a/src/database-controller/src/yarn.lock b/src/database-controller/src/yarn.lock index 0e02d48f..fb53cd64 100644 --- a/src/database-controller/src/yarn.lock +++ b/src/database-controller/src/yarn.lock @@ -2907,10 +2907,10 @@ synckit@^0.11.0: "@pkgr/core" "^0.2.3" tslib "^2.8.1" -tar-fs@^3.0.8, tar-fs@^3.0.9: - version "3.1.0" - resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.1.0.tgz#4675e2254d81410e609d91581a762608de999d25" - integrity sha512-5Mty5y/sOF1YWj1J6GiBodjlDc05CUR8PKXrsnFAiSG0xA+GHeWLovaZPYUDXkH/1iKRf2+M5+OrRgzC7O9b7w== +tar-fs@^3.0.8, tar-fs@^3.1.1: + version "3.1.1" + resolved "https://registry.yarnpkg.com/tar-fs/-/tar-fs-3.1.1.tgz#4f164e59fb60f103d472360731e8c6bb4a7fe9ef" + integrity sha512-LZA0oaPOc2fVo82Txf3gw+AkEd38szODlptMYejQUhndHMLQ9M059uXR+AfS7DNo0NpINvSqDsvyaCrBVkptWg== dependencies: pump "^3.0.0" tar-stream "^3.1.5" diff --git a/src/frameworkcontroller/deploy/frameworkcontroller.yaml.template b/src/frameworkcontroller/deploy/frameworkcontroller.yaml.template index caff4a62..d90c1389 100644 --- a/src/frameworkcontroller/deploy/frameworkcontroller.yaml.template +++ b/src/frameworkcontroller/deploy/frameworkcontroller.yaml.template @@ -34,6 +34,7 @@ spec: containers: - name: frameworkcontroller image: {{ cluster_cfg['cluster']['docker-registry']['prefix'] }}frameworkcontroller:{{ cluster_cfg['cluster']['docker-registry']['tag'] }} + imagePullPolicy: Always {%- if cluster_cfg['cluster']['common']['k8s-rbac'] != 'true' %} env: - name: KUBE_APISERVER_ADDRESS diff --git a/src/rest-server/build/rest-server.common.dockerfile b/src/rest-server/build/rest-server.common.dockerfile index 3efacb50..5a0f812b 100644 --- a/src/rest-server/build/rest-server.common.dockerfile +++ b/src/rest-server/build/rest-server.common.dockerfile @@ -21,6 +21,8 @@ RUN npm install -g npm@latest RUN apt update && apt upgrade -y +RUN apt purge -y subversion && apt autoremove -y + WORKDIR /usr/src/app ENV NODE_ENV=production \ diff --git a/src/rest-server/package.json b/src/rest-server/package.json index 39747a78..54ed0923 100644 --- a/src/rest-server/package.json +++ b/src/rest-server/package.json @@ -30,7 +30,7 @@ "ajv": "^8.17.1", "async": "~3.2.6", "async-mutex": "^0.5.0", - "axios": "^1.9.0", + "axios": "^1.12.0", "chai": "~5.2.0", "chai-as-promised": "~8.0.1", "chai-http": "^5.1.2", @@ -70,7 +70,7 @@ "xml2js": "~0.6.2" }, "resolutions": { - "tar-fs": "^3.0.9", + "tar-fs": "^3.1.1", "@eslint/plugin-kit": "^0.3.3", "form-data": "^4.0.4" }, diff --git a/src/rest-server/yarn.lock b/src/rest-server/yarn.lock index a05be9e6..e8eb5e1f 100644 --- a/src/rest-server/yarn.lock +++ b/src/rest-server/yarn.lock @@ -1100,14 +1100,14 @@ __metadata: languageName: node linkType: hard -"axios@npm:^1.9.0": - version: 1.9.0 - resolution: "axios@npm:1.9.0" +"axios@npm:^1.12.0": + version: 1.12.2 + resolution: "axios@npm:1.12.2" dependencies: follow-redirects: "npm:^1.15.6" - form-data: "npm:^4.0.0" + form-data: "npm:^4.0.4" proxy-from-env: "npm:^1.1.0" - checksum: 10c0/9371a56886c2e43e4ff5647b5c2c3c046ed0a3d13482ef1d0135b994a628c41fbad459796f101c655e62f0c161d03883454474d2e435b2e021b1924d9f24994c + checksum: 10c0/80b063e318cf05cd33a4d991cea0162f3573481946f9129efb7766f38fde4c061c34f41a93a9f9521f02b7c9565ccbc197c099b0186543ac84a24580017adfed languageName: node linkType: hard @@ -4287,11 +4287,11 @@ __metadata: "openpaidbsdk@file:./openpaidbsdk::locator=pai-rest-server%40workspace%3A.": version: 1.0.2 - resolution: "openpaidbsdk@file:./openpaidbsdk#./openpaidbsdk::hash=71acdd&locator=pai-rest-server%40workspace%3A." + resolution: "openpaidbsdk@file:./openpaidbsdk#./openpaidbsdk::hash=2318c0&locator=pai-rest-server%40workspace%3A." dependencies: pg: "npm:^8.15.6" sequelize: "npm:6.37.7" - checksum: 10c0/9da024672faaf32262b169b54c9f99feb7bc13781eed6e3c91f719f4d076fdc8c76cb667ca4c2407dd479c88f78c5c082f26329695f7b3ec7008a4f9bff763d9 + checksum: 10c0/37403f99e7805e802bf87b19a93033e444fc0b753c55ad569c080eeda9f0f6b3fdb16e008107c215737147cc9a4a32b4432ea25474f193ee752a31e8a3db34f7 languageName: node linkType: hard @@ -4407,7 +4407,7 @@ __metadata: ajv: "npm:^8.17.1" async: "npm:~3.2.6" async-mutex: "npm:^0.5.0" - axios: "npm:^1.9.0" + axios: "npm:^1.12.0" chai: "npm:~5.2.0" chai-as-promised: "npm:~8.0.1" chai-http: "npm:^5.1.2" @@ -5580,9 +5580,9 @@ __metadata: languageName: node linkType: hard -"tar-fs@npm:^3.0.9": - version: 3.0.9 - resolution: "tar-fs@npm:3.0.9" +"tar-fs@npm:^3.1.1": + version: 3.1.1 + resolution: "tar-fs@npm:3.1.1" dependencies: bare-fs: "npm:^4.0.1" bare-path: "npm:^3.0.0" @@ -5593,7 +5593,7 @@ __metadata: optional: true bare-path: optional: true - checksum: 10c0/e7c6c8b7d1bf342bab0e94e0a2d96dc73c18d0cc6b59ee7b57f919adb08f5cee7f417cb4baee8322789292dc51ae67028cfd5d73f3559c919723ec7d71aa8959 + checksum: 10c0/0c677d711c4aa41f94e1a712aa647022ba1910ff84430739e5d9e95a615e3ea1b7112dc93164fc8ce30dc715befcf9cfdc64da27d4e7958d73c59bda06aa0d8e languageName: node linkType: hard diff --git a/src/utilization-reporter/build/utilization-reporter.common.dockerfile b/src/utilization-reporter/build/utilization-reporter.common.dockerfile index cf91058f..8cd50a5a 100644 --- a/src/utilization-reporter/build/utilization-reporter.common.dockerfile +++ b/src/utilization-reporter/build/utilization-reporter.common.dockerfile @@ -1,4 +1,10 @@ -FROM mcr.microsoft.com/cbl-mariner/base/python:3 +FROM python:3.12 + +RUN apt update && apt upgrade -y + +RUN apt purge -y subversion && apt autoremove -y + +RUN pip install --upgrade pip WORKDIR /utilization-reporter From 281443d250ebaf6c8d8930dfa2009bbc85fb77f8 Mon Sep 17 00:00:00 2001 From: Rui Gao Date: Thu, 16 Oct 2025 03:23:46 +0000 Subject: [PATCH 2/3] add apk upgrade to update system components for alpine-based images --- .../build/frameworkbarrier.common.dockerfile | 2 ++ .../build/frameworkcontroller.common.dockerfile | 2 ++ src/hivedscheduler/build/hivedscheduler.common.dockerfile | 2 ++ src/log-manager/build/log-manager-cleaner.k8s.dockerfile | 2 ++ src/watchdog/build/watchdog.common.dockerfile | 2 ++ 5 files changed, 10 insertions(+) diff --git a/src/frameworkcontroller/build/frameworkbarrier.common.dockerfile b/src/frameworkcontroller/build/frameworkbarrier.common.dockerfile index 4c003a17..83b50433 100644 --- a/src/frameworkcontroller/build/frameworkbarrier.common.dockerfile +++ b/src/frameworkcontroller/build/frameworkbarrier.common.dockerfile @@ -38,6 +38,8 @@ FROM alpine:3.21 ENV INSTALL_DIR=/opt/frameworkcontroller/frameworkbarrier RUN apk update && apk add --no-cache bash +RUN apk upgrade --no-cache + COPY --from=builder ${INSTALL_DIR} ${INSTALL_DIR} WORKDIR ${INSTALL_DIR} diff --git a/src/frameworkcontroller/build/frameworkcontroller.common.dockerfile b/src/frameworkcontroller/build/frameworkcontroller.common.dockerfile index 31f005ac..ed3a82b2 100644 --- a/src/frameworkcontroller/build/frameworkcontroller.common.dockerfile +++ b/src/frameworkcontroller/build/frameworkcontroller.common.dockerfile @@ -38,6 +38,8 @@ FROM alpine:3.21 ENV INSTALL_DIR=/opt/frameworkcontroller/frameworkcontroller RUN apk update && apk add --no-cache bash +RUN apk upgrade --no-cache + COPY --from=builder ${INSTALL_DIR} ${INSTALL_DIR} WORKDIR ${INSTALL_DIR} diff --git a/src/hivedscheduler/build/hivedscheduler.common.dockerfile b/src/hivedscheduler/build/hivedscheduler.common.dockerfile index f109693f..dceee175 100644 --- a/src/hivedscheduler/build/hivedscheduler.common.dockerfile +++ b/src/hivedscheduler/build/hivedscheduler.common.dockerfile @@ -41,6 +41,8 @@ FROM alpine:3.21 ENV INSTALL_DIR=/opt/hivedscheduler/hivedscheduler RUN apk update && apk add --no-cache bash +RUN apk upgrade --no-cache + COPY --from=builder ${INSTALL_DIR} ${INSTALL_DIR} WORKDIR ${INSTALL_DIR} diff --git a/src/log-manager/build/log-manager-cleaner.k8s.dockerfile b/src/log-manager/build/log-manager-cleaner.k8s.dockerfile index 656ee3be..b2c26354 100644 --- a/src/log-manager/build/log-manager-cleaner.k8s.dockerfile +++ b/src/log-manager/build/log-manager-cleaner.k8s.dockerfile @@ -19,6 +19,8 @@ FROM alpine:3.21.3 # install dev tools RUN apk update && apk add --no-cache tini bash findutils rsync +RUN apk upgrade --no-cache + COPY src/cleaner/ /usr/bin/cleaner/ ENTRYPOINT ["/sbin/tini","--","/usr/bin/cleaner/entrypoint.sh"] diff --git a/src/watchdog/build/watchdog.common.dockerfile b/src/watchdog/build/watchdog.common.dockerfile index 759e5443..753cd6c2 100644 --- a/src/watchdog/build/watchdog.common.dockerfile +++ b/src/watchdog/build/watchdog.common.dockerfile @@ -17,5 +17,7 @@ FROM alpine:3.21 ENV INSTALL_DIR=/opt/watchdog RUN apk update && apk add --no-cache bash +RUN apk upgrade --no-cache + COPY --from=builder ${INSTALL_DIR} ${INSTALL_DIR} WORKDIR ${INSTALL_DIR} From e12217500efecff5af19651ca6d85e7bc62091bc Mon Sep 17 00:00:00 2001 From: Rui Gao Date: Thu, 16 Oct 2025 05:29:18 +0000 Subject: [PATCH 3/3] update cluster-local-storage docker file to fix svn security warnings --- .../build/cluster-local-storage.common.dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cluster-local-storage/build/cluster-local-storage.common.dockerfile b/src/cluster-local-storage/build/cluster-local-storage.common.dockerfile index 81ed061b..cfc95d98 100644 --- a/src/cluster-local-storage/build/cluster-local-storage.common.dockerfile +++ b/src/cluster-local-storage/build/cluster-local-storage.common.dockerfile @@ -32,6 +32,8 @@ RUN mkdir -p /root/.ssh && \ echo "* soft nofile 1048576\n* hard nofile 1048576" >> /etc/security/limits.conf && \ echo "root soft nofile 1048576\nroot hard nofile 1048576" >> /etc/security/limits.conf +RUN apt purge -y subversion && apt autoremove -y + WORKDIR /usr/src/app COPY ./src . COPY --chmod=0755 ./bin/*.sh /usr/local/cluster-local-storage/