envbuilder icon indicating copy to clipboard operation
envbuilder copied to clipboard

Published 20 hours ago verified publisher icon coder

Update kaniko fork

Open matifali opened this issue 1 year ago • 2 comments

Coder's kaniko fork is outdated and prevents updating some of the dependencies that have vulnerabilities. Details can be seen here: https://github.com/coder/envbuilder/security/dependabot

This is a must-do before we launch 1.0 cc: @bpmct

matifali avatar May 05 '24 18:05 matifali

https://github.com/coder/kaniko/pull/7

kylecarbs avatar May 06 '24 20:05 kylecarbs

Should we add a scheduled workflow to keep it in sync weekly or monthly? https://github.com/wei/pull looks promising

matifali avatar May 14 '24 11:05 matifali

Kaniko has since updated to go1.22 which means we also need to do so. Unfortunately our codersdk deps prevent this right now (see: https://github.com/coder/coder/issues/11342). For now I'm going to manually vendor these in.

johnstcn avatar May 16 '24 10:05 johnstcn

@johnstcn Is there anything left here or can we resolve this issue?

mtojek avatar May 20 '24 07:05 mtojek

@mtojek https://github.com/coder/kaniko/pull/7 is still un-merged. Some of the tests are failing partially due to some changes we have that upstream does not. However, all of our envbuilder tests appear to work fine with these changes.

Then https://github.com/coder/envbuilder/pull/195 can be updated and approved.

johnstcn avatar May 20 '24 08:05 johnstcn

This is done now.

johnstcn avatar May 20 '24 10:05 johnstcn