| Message ID | 20230531140654.1141145-1-berrange@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | gitlab: switch from 'stable' to 'latest' docker container tags | expand |
On Wed, May 31, 2023 at 3:07 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > > The 'stable' and 'stable-dind' tags are not documented as supported > tags at: > > https://hub.docker.com/_/docker > > Looking at their content they reflect docker 19.x.x release series, > were last built in Dec 2020, and have 3 critical and 20 high rated > CVEs unfixed. This obsolete status is attested by this commit: > > https://github.com/docker-library/docker/commit/606c63960a4845af7077721eb3900c706f5d0c5e > > The 'stable-dind' tag in particular appears buggy as it is unable to > resolve DNS for Fedora repos: > > - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64&countme=1 [getaddrinfo() thread failed to start] > > We used the 'stable' tag previously at the recommendation of GitLab > docs, but those docs are wrong and pending a fix: > > https://gitlab.com/gitlab-org/gitlab/-/issues/409430 > > Fixes: 5f63a67adb58478974b91f5e5c2b1222b5c7f2cc > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > .gitlab-ci.d/container-template.yml | 4 ++-- > .gitlab-ci.d/opensbi.yml | 4 ++-- > 2 files changed, 4 insertions(+), 4 deletions(-) > > diff --git a/.gitlab-ci.d/container-template.yml b/.gitlab-ci.d/container-template.yml > index 9ac4a0ee25..8c1370b8f0 100644 > --- a/.gitlab-ci.d/container-template.yml > +++ b/.gitlab-ci.d/container-template.yml > @@ -1,9 +1,9 @@ > .container_job_template: > extends: .base_job_template > - image: docker:stable > + image: docker:latest > stage: containers > services: > - - docker:stable-dind > + - docker:dind > before_script: > - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest" > - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest" > diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml > index 2e9d51764e..b4d7eef688 100644 > --- a/.gitlab-ci.d/opensbi.yml > +++ b/.gitlab-ci.d/opensbi.yml > @@ -42,9 +42,9 @@ > docker-opensbi: > extends: .opensbi_job_rules > stage: containers > - image: docker:stable > + image: docker:latest > services: > - - docker:stable-dind > + - docker:dind > variables: > GIT_DEPTH: 3 > IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build > -- > 2.40.1 > Reviewed-by: Camilla Conte <cconte@redhat.com>
diff --git a/.gitlab-ci.d/container-template.yml b/.gitlab-ci.d/container-template.yml index 9ac4a0ee25..8c1370b8f0 100644 --- a/.gitlab-ci.d/container-template.yml +++ b/.gitlab-ci.d/container-template.yml @@ -1,9 +1,9 @@ .container_job_template: extends: .base_job_template - image: docker:stable + image: docker:latest stage: containers services: - - docker:stable-dind + - docker:dind before_script: - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest" - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest" diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml index 2e9d51764e..b4d7eef688 100644 --- a/.gitlab-ci.d/opensbi.yml +++ b/.gitlab-ci.d/opensbi.yml @@ -42,9 +42,9 @@ docker-opensbi: extends: .opensbi_job_rules stage: containers - image: docker:stable + image: docker:latest services: - - docker:stable-dind + - docker:dind variables: GIT_DEPTH: 3 IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build
The 'stable' and 'stable-dind' tags are not documented as supported tags at: https://hub.docker.com/_/docker Looking at their content they reflect docker 19.x.x release series, were last built in Dec 2020, and have 3 critical and 20 high rated CVEs unfixed. This obsolete status is attested by this commit: https://github.com/docker-library/docker/commit/606c63960a4845af7077721eb3900c706f5d0c5e The 'stable-dind' tag in particular appears buggy as it is unable to resolve DNS for Fedora repos: - Curl error (6): Couldn't resolve host name for https://mirrors.fedoraproject.org/metalink?repo=fedora-37&arch=x86_64&countme=1 [getaddrinfo() thread failed to start] We used the 'stable' tag previously at the recommendation of GitLab docs, but those docs are wrong and pending a fix: https://gitlab.com/gitlab-org/gitlab/-/issues/409430 Fixes: 5f63a67adb58478974b91f5e5c2b1222b5c7f2cc Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- .gitlab-ci.d/container-template.yml | 4 ++-- .gitlab-ci.d/opensbi.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-)