Merge branch 'main' of github.com:nationalarchives/docker into featur…

…e/poetry-1_7_1
nationalarchives · Dec 4, 2023 · 09e7c1f · 09e7c1f
2 parents 99f3880 + a3f61d0
commit 09e7c1f
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 23 deletions.
diff --git a/.github/workflows/_docker-build-deploy.yml b/.github/workflows/_docker-build-deploy.yml
@@ -89,17 +89,17 @@ jobs:
         push: true
         tags: ${{ env.IMAGE_ID }}:latest
         provenance: false
-    - name: Scan for vulnerabilities
-      if: inputs.publish
-      id: scan
-      uses: crazy-max/ghaction-container-scan@v2
-      with:
-        image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
-        dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
-        severity_threshold: CRITICAL
-        annotations: true
-    - name: Upload SARIF file
-      if: steps.scan.outputs.sarif != '' && inputs.publish
-      uses: github/codeql-action/upload-sarif@v2
-      with:
-        sarif_file: ${{ steps.scan.outputs.sarif }}
+    # - name: Scan for vulnerabilities
+    #   if: inputs.publish
+    #   id: scan
+    #   uses: crazy-max/ghaction-container-scan@v2
+    #   with:
+    #     image: ${{ env.IMAGE_ID }}:${{ env.TAG }}
+    #     dockerfile: ${{ inputs.docker-context }}/${{ inputs.dockerfile }}
+    #     severity_threshold: CRITICAL
+    #     annotations: true
+    # - name: Upload SARIF file
+    #   if: steps.scan.outputs.sarif != '' && inputs.publish
+    #   uses: github/codeql-action/upload-sarif@v2
+    #   with:
+    #     sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,12 +11,15 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Update Poetry to [1.7.1](https://github.com/python-poetry/poetry/releases/tag/1.7.1)
+- Updated Base Docker image from `python:3.11-slim` to `python:3.12-slim-bookworm`
 
 ### Deprecated
 ### Removed
 ### Fixed
 ### Security
 
+- Upgrade all Debian packages
+
 ## [0.1.11](https://github.com/nationalarchives/docker/compare/v0.1.10...v0.1.11) - 2023-10-16
 
 ### Added

diff --git a/docker/tna-python/Dockerfile b/docker/tna-python/Dockerfile
@@ -1,4 +1,4 @@
-FROM python:3.11-slim
+FROM python:3.12-slim-bookworm
 
 # ==========================================
 # Label this container image with a semantic
@@ -92,17 +92,22 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 # Update the package index files and install
 # a specific version of curl that we know to
 # have no issues which is required later for
-# installing Poetry then create a new system
-# -level non-root user, a home directory for
-# "them" where we can install libraries into
-# (along with our build and run scripts) and
-# create an /app directory in the root which
-# will contain all the application code
+# installing Poetry and create a new system-
+# level nonroot user who has with a new home
+# directory where we will be able to install
+# libraries into (along with our scripts for
+# building and running) and create an "/app"
+# directory in the root (for the application
+# code)
 # ==========================================
 RUN set -eux; \
+    \
+    export DEBIAN_FRONTEND=noninteractive; \
     \
     apt-get update; \
+    apt-get -y upgrade; \
     apt-get install -y --no-install-recommends curl=7.88.1-10+deb12u4 build-essential=12.9 libmagic-dev=1:5.44-3; \
+    \
     apt-get clean; \
     apt-get autoremove -y --purge; \
 	rm -rfv /var/lib/apt/lists/*; \
@@ -167,10 +172,10 @@ USER app
 # ==========================================
 # Install the latest LTS version of Node.js,
 # but keeping within the releases code-named
-# as "hydrogen" (v18)
+# as "iron" (v20)
 # ==========================================
 RUN . "$NVM_DIR/nvm.sh"; \
-    nvm install lts/hydrogen
+    nvm install lts/iron
 
 # ==========================================
 # Into our .local/bin/ directory copy in the