From b4248c77046e404c10adc93276dbce7f780a462f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Piotr=20Kie=C5=82kowicz?= Date: Tue, 16 Jul 2024 12:37:54 +0200 Subject: [PATCH] Pin docker images to exact digest --- docker/alpine.dockerfile | 2 +- docker/centos-build.dockerfile | 2 +- docker/centos.dockerfile | 2 +- docker/debian-arm64.dockerfile | 2 +- docker/debian.dockerfile | 2 +- examples/demo/Dockerfile | 2 +- test/IntegrationTests/docker/azure.Dockerfile | 2 +- test/IntegrationTests/docker/kafka.Dockerfile | 2 +- test/IntegrationTests/docker/mongodb.Dockerfile | 2 +- test/IntegrationTests/docker/mysql.Dockerfile | 2 +- test/IntegrationTests/docker/oracle.Dockerfile | 2 +- test/IntegrationTests/docker/postgres.Dockerfile | 2 +- test/IntegrationTests/docker/redis.Dockerfile | 2 +- test/IntegrationTests/docker/sql-server.Dockerfile | 2 +- test/IntegrationTests/docker/zookeeper.Dockerfile | 2 +- .../TestApplication.AspNet.NetFramework/Dockerfile | 3 ++- .../TestApplication.Wcf.Server.IIS.NetFramework/Dockerfile | 3 ++- 17 files changed, 19 insertions(+), 17 deletions(-) diff --git a/docker/alpine.dockerfile b/docker/alpine.dockerfile index 08c4acf395..96866c74e7 100644 --- a/docker/alpine.dockerfile +++ b/docker/alpine.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-alpine3.19 +FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-alpine3.19@sha256:812f0a548ddc0ffb80e2053ce3f04e01fd9d1944a40a04bfea242480e4ca5608 RUN apk update \ && apk upgrade \ && apk add --no-cache --update \ diff --git a/docker/centos-build.dockerfile b/docker/centos-build.dockerfile index 5d828321bf..055d1bec2f 100644 --- a/docker/centos-build.dockerfile +++ b/docker/centos-build.dockerfile @@ -1,4 +1,4 @@ -FROM centos:centos7.9.2009 +FROM centos:centos7.9.2009@sha256:be65f488b7764ad3638f236b7b515b3678369a5124c47b8d32916d6487418ea4 RUN yum update -y \ && yum -y install centos-release-scl-2-3.el7.centos \ diff --git a/docker/centos.dockerfile b/docker/centos.dockerfile index 7dbc1e8f79..f831ae25b2 100644 --- a/docker/centos.dockerfile +++ b/docker/centos.dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/open-telemetry/opentelemetry-dotnet-instrumentation-centos7-build-image:main +FROM ghcr.io/open-telemetry/opentelemetry-dotnet-instrumentation-centos7-build-image:main@sha256:84cdf59d27df38a84dc63f0e9fbb309651a778e5106e3f7e2aa79b7665a4832b RUN rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm RUN yum -y install dotnet-sdk-6.0-6.0.425-1 dotnet-sdk-7.0-7.0.410-1 diff --git a/docker/debian-arm64.dockerfile b/docker/debian-arm64.dockerfile index 4340352bbe..065b6b803c 100644 --- a/docker/debian-arm64.dockerfile +++ b/docker/debian-arm64.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-bookworm-slim +FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-bookworm-slim@sha256:a364676fedc145cf88caad4bfb3cc372aae41e596c54e8a63900a2a1c8e364c6 RUN apt-get update && \ apt-get install -y \ diff --git a/docker/debian.dockerfile b/docker/debian.dockerfile index c4913fdb9e..4fb4a72c1e 100644 --- a/docker/debian.dockerfile +++ b/docker/debian.dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-bookworm-slim +FROM mcr.microsoft.com/dotnet/sdk:8.0.401-1-bookworm-slim@sha256:a364676fedc145cf88caad4bfb3cc372aae41e596c54e8a63900a2a1c8e364c6 RUN wget https://packages.microsoft.com/config/debian/12/packages-microsoft-prod.deb -O packages-microsoft-prod.deb && \ dpkg -i packages-microsoft-prod.deb && \ diff --git a/examples/demo/Dockerfile b/examples/demo/Dockerfile index ec3d00fbdc..0b05e4625a 100644 --- a/examples/demo/Dockerfile +++ b/examples/demo/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/dotnet/sdk:8.0-jammy +FROM mcr.microsoft.com/dotnet/sdk:8.0.302-jammy@sha256:838644c2dd735cdf0ba3c6ec282b77bfea80039fb45fe41b70d2e026a1f30a12 # install OpenTelemetry .NET Automatic Instrumentation ARG OTEL_VERSION=1.7.0 diff --git a/test/IntegrationTests/docker/azure.Dockerfile b/test/IntegrationTests/docker/azure.Dockerfile index 8c9c6e4037..1c6a24a1c1 100644 --- a/test/IntegrationTests/docker/azure.Dockerfile +++ b/test/IntegrationTests/docker/azure.Dockerfile @@ -1 +1 @@ -FROM mcr.microsoft.com/azure-storage/azurite:3.32.0 \ No newline at end of file +FROM mcr.microsoft.com/azure-storage/azurite:3.32.0@sha256:47a392f1c93a6b639999fc505dcae348e350183b47f2a7526c765ddd7fa56e0e \ No newline at end of file diff --git a/test/IntegrationTests/docker/kafka.Dockerfile b/test/IntegrationTests/docker/kafka.Dockerfile index 2fba48af38..53dfb9f180 100644 --- a/test/IntegrationTests/docker/kafka.Dockerfile +++ b/test/IntegrationTests/docker/kafka.Dockerfile @@ -1 +1 @@ -FROM confluentinc/cp-kafka:7.7.0 \ No newline at end of file +FROM confluentinc/cp-kafka:7.7.0@sha256:1fa3cdb3ef77b75bc56e7040bbdfa2bd6950b6ee6363381b2493f7a83e07a0b3 \ No newline at end of file diff --git a/test/IntegrationTests/docker/mongodb.Dockerfile b/test/IntegrationTests/docker/mongodb.Dockerfile index 8ea6560f28..fad6f1c17e 100644 --- a/test/IntegrationTests/docker/mongodb.Dockerfile +++ b/test/IntegrationTests/docker/mongodb.Dockerfile @@ -1 +1 @@ -FROM mongo:5.0.28 \ No newline at end of file +FROM mongo:5.0.28@sha256:fd08cf3c5aae3268a032a7064c60a4bc0fb468ee9a7b6b1b45b9b2335e4fda3e \ No newline at end of file diff --git a/test/IntegrationTests/docker/mysql.Dockerfile b/test/IntegrationTests/docker/mysql.Dockerfile index 6a12f87178..05010fac79 100644 --- a/test/IntegrationTests/docker/mysql.Dockerfile +++ b/test/IntegrationTests/docker/mysql.Dockerfile @@ -1 +1 @@ -FROM mysql:9.0.1 \ No newline at end of file +FROM mysql:9.0.1@sha256:c69299937e5e2fc9a2cb26f5cd7a7151e48d9d5a3b3679f62bfd1275de698c0c \ No newline at end of file diff --git a/test/IntegrationTests/docker/oracle.Dockerfile b/test/IntegrationTests/docker/oracle.Dockerfile index 3eb7576c17..45048c4b9b 100644 --- a/test/IntegrationTests/docker/oracle.Dockerfile +++ b/test/IntegrationTests/docker/oracle.Dockerfile @@ -1 +1 @@ -FROM gvenzl/oracle-free:23.3-slim-faststart \ No newline at end of file +FROM gvenzl/oracle-free:23.3-slim-faststart@sha256:f8faced31a95e515eb2664ae0b082eff5d7eb0052780d3819669e306d33777ce \ No newline at end of file diff --git a/test/IntegrationTests/docker/postgres.Dockerfile b/test/IntegrationTests/docker/postgres.Dockerfile index a30f90654d..7dab7dc434 100644 --- a/test/IntegrationTests/docker/postgres.Dockerfile +++ b/test/IntegrationTests/docker/postgres.Dockerfile @@ -1 +1 @@ -FROM postgres:16.4 \ No newline at end of file +FROM postgres:16.4@sha256:026d0ab72b34310b68160ab9299aa1add5544e4dc3243456b94f83cb1c119c2c \ No newline at end of file diff --git a/test/IntegrationTests/docker/redis.Dockerfile b/test/IntegrationTests/docker/redis.Dockerfile index 23d749b0d7..fd012e08d4 100644 --- a/test/IntegrationTests/docker/redis.Dockerfile +++ b/test/IntegrationTests/docker/redis.Dockerfile @@ -1 +1 @@ -FROM redis:7.4.0 \ No newline at end of file +FROM redis:7.4.0@sha256:eadf354977d428e347d93046bb1a5569d701e8deb68f090215534a99dbcb23b9 \ No newline at end of file diff --git a/test/IntegrationTests/docker/sql-server.Dockerfile b/test/IntegrationTests/docker/sql-server.Dockerfile index 8b18d05d87..e775880d57 100644 --- a/test/IntegrationTests/docker/sql-server.Dockerfile +++ b/test/IntegrationTests/docker/sql-server.Dockerfile @@ -1 +1 @@ -FROM mcr.microsoft.com/mssql/server:2019-CU17-ubuntu-20.04 \ No newline at end of file +FROM mcr.microsoft.com/mssql/server:2019-CU17-ubuntu-20.04@sha256:f54a84b8a802afdfa91a954e8ddfcec9973447ce8efec519adf593b54d49bedf \ No newline at end of file diff --git a/test/IntegrationTests/docker/zookeeper.Dockerfile b/test/IntegrationTests/docker/zookeeper.Dockerfile index 849d7de5e7..c0bc8eb03a 100644 --- a/test/IntegrationTests/docker/zookeeper.Dockerfile +++ b/test/IntegrationTests/docker/zookeeper.Dockerfile @@ -1 +1 @@ -FROM confluentinc/cp-zookeeper:7.7.0 \ No newline at end of file +FROM confluentinc/cp-zookeeper:7.7.0@sha256:d4312a5b61b45ab5c4d33d4c77e5a235cdd95a16dbfc1d381639520a2af48f01 \ No newline at end of file diff --git a/test/test-applications/integrations/TestApplication.AspNet.NetFramework/Dockerfile b/test/test-applications/integrations/TestApplication.AspNet.NetFramework/Dockerfile index a449b7704f..7c23275e0b 100644 --- a/test/test-applications/integrations/TestApplication.AspNet.NetFramework/Dockerfile +++ b/test/test-applications/integrations/TestApplication.AspNet.NetFramework/Dockerfile @@ -1,7 +1,8 @@ # escape=` ARG windowscontainer_version=ltsc2022 -FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-${windowscontainer_version} +ARG image_digest=sha256:4ad6f775ab425cf19af5c344750e3e259adce5a83f667ab1c9c2106e3e543cb7 +FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8-windowsservercore-${windowscontainer_version}@${image_digest} ARG configuration=Debug ARG platform=x64 WORKDIR /opentelemetry diff --git a/test/test-applications/integrations/TestApplication.Wcf.Server.IIS.NetFramework/Dockerfile b/test/test-applications/integrations/TestApplication.Wcf.Server.IIS.NetFramework/Dockerfile index 2761d0ffdd..2a7ae54318 100644 --- a/test/test-applications/integrations/TestApplication.Wcf.Server.IIS.NetFramework/Dockerfile +++ b/test/test-applications/integrations/TestApplication.Wcf.Server.IIS.NetFramework/Dockerfile @@ -1,7 +1,8 @@ # escape=` ARG windowscontainer_version=ltsc2022 -FROM mcr.microsoft.com/dotnet/framework/wcf:4.8-windowsservercore-${windowscontainer_version} +ARG image_digest=sha256:f0a51f6936f2211e51b5e3cb0b11851f400d6d9fcbf38b3382a596c217827a6c +FROM mcr.microsoft.com/dotnet/framework/wcf:4.8-windowsservercore-${windowscontainer_version}@${image_digest} ARG configuration=Debug ARG platform=x64 WORKDIR /opentelemetry