Skip to content

Commit

Permalink
Fix lcov
Browse files Browse the repository at this point in the history
  • Loading branch information
@apaillier-ledger
apaillier-ledger committed May 15, 2024
1 parent 0bd985f commit 191b501
Showing 1 changed file with 5 additions and 3 deletions.
8 changes: 5 additions & 3 deletions lite/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,12 @@ RUN python3 -m ensurepip --upgrade \
&& pip3 install --upgrade pip \
&& pip3 install wheel

# lcov is only present in the testing repository of the edge branch
RUN apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov
# lcov is only present in the community repository of the edge branch but its perl-json-xs
# dependency won't work on 3.15 so install it (from the 3.15 repo) first
RUN apk add perl-json-xs && \

Check warning on line 38 in lite/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Unpinned Package Version in Apk Add 

Rule ID: 9b55ae16-9e49-41dc-885f-a59ee0bb54bd
Severity: Medium
Resource: FROM={{alpine:3.15}}.{{RUN apk add perl-json-xs &&     apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov}}

Package version pinning reduces the range of versions that can be installed, reducing the chances of failure due to unanticipated changes
Raw output 
Expected: RUN instruction with 'apk add <package>' should use package pinning form 'apk add <package>=<version>'
Found: RUN instruction apk add perl-json-xs &&     apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov does not use package pinning form

Check notice on line 38 in lite/Dockerfile

View check run for this annotation

Ledger Wiz (CSPM & secret detection) / Wiz IaC Scanner

Apk Add Using Local Cache Path 

Rule ID: 8ac96529-88bd-41af-ad98-b24bf7a8a85c
Severity: None
Resource: FROM={{alpine:3.15}}.{{RUN apk add perl-json-xs &&     apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov}}

When installing packages, use the '--no-cache' switch to avoid the need to use '--update' and remove '/var/cache/apk/*'
Raw output 
Expected: 'RUN' should not contain 'apk add' command without '--no-cache' switch
Found: 'RUN' contains 'apk add' command without '--no-cache' switch
apk add --repository=http://dl-cdn.alpinelinux.org/alpine/edge/community lcov

# This package is required by lcov
# This package is required by lcov (but somehow not listed as such in the Alpine package)
RUN apk add gzip

# So that it still supports things incorrectly pointing to python
Expand Down

0 comments on commit 191b501

Please sign in to comment.