[installer] use image digest for redis image

[iQQBot]

Description

[installer] use image digest for redis image

Related Issue(s)

Fixes ENG-1717

How to test

Documentation

Preview status

Gitpod was successfully deployed to your preview environment.

• 🏷️ Name - pd-image-dbfcbfa4290
• 🔗 URL - pd-image-dbfcbfa4290.preview.gitpod-dev.com/workspaces.
• 📚 Documentation - See our internal documentation for information on how to interact with your preview environment.
• 📦 Version - pd-image-digest-redis-gha.23350
• 🗒️ Logs - GCP Logs Explorer

Build Options

Build

• [ ] /werft with-werft Run the build with werft instead of GHA
• [ ] leeway-no-cache
• [ ] /werft no-test Run Leeway with --dont-test

Publish

• [ ] /werft publish-to-npm
• [ ] /werft publish-to-jb-marketplace

Installer

• [ ] analytics=segment
• [ ] with-dedicated-emulation
• [ ] workspace-feature-flags Add desired feature flags to the end of the line above, space separated

Preview Environment / Integration Tests

• [ ] /werft with-local-preview If enabled this will build install/preview
• [x] /werft with-preview
• [ ] /werft with-large-vm
• [x] /werft with-gce-vm If enabled this will create the environment on GCE infra
• [x] /werft preemptible Saves cost. Untick this only if you're really sure you need a non-preemtible machine.
• [ ] with-integration-tests=all Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh. If enabled, with-preview and with-large-vm will be enabled.
• [ ] with-monitoring

/hold

[socket-security[bot]]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/[email protected]	environment	0	41.3 kB	qix
npm/[email protected]	None	0	8.11 kB	thlorenz
npm/[email protected]	None	0	30.1 kB	tehshrike
npm/[email protected]	shell	0	19.9 kB	lovell
npm/[email protected]	None	0	335 kB	kpdecker
npm/[email protected]	environment, filesystem	0	24.9 kB	motdotla
npm/[email protected]	None	0	244 kB	kilianvalkhof
npm/[email protected]	None	0	2.69 kB	jbnicolai
npm/[email protected]	Transitive: environment, filesystem	+15	2.24 MB	iansu
npm/[email protected]	filesystem, unsafe	+5	1.39 MB	ljharb
npm/[email protected]	filesystem	+5	974 kB	ljharb
npm/[email protected]	None	+2	128 kB	eslintbot
npm/[email protected]	None	0	24.7 kB	eslintbot
npm/[email protected]	environment, filesystem Transitive: eval, unsafe	+31	7.08 MB	eslintbot
npm/[email protected]	None	+1	98 kB	eslintbot
npm/[email protected]	None	0	314 kB	ariya
npm/[email protected]	None	0	37.1 kB	michaelficarra
npm/[email protected]	None	0	23.5 kB	ljharb
npm/[email protected]	None	0	13 kB	esp
npm/[email protected]	None	0	17 kB	esp
npm/[email protected]	None	0	9.44 kB	hiddentao
npm/[email protected]	Transitive: filesystem	+3	29.9 kB	sindresorhus
npm/[email protected]	None	0	26.6 kB	timoxley
npm/[email protected]	None	0	67.4 kB	infusion
npm/[email protected]	None	0	132 kB	ryanzim
npm/[email protected]	None	0	156 kB	pipobscure
npm/[email protected]	None	0	7.72 kB	phated
npm/[email protected]	filesystem Transitive: environment	+4	78.5 kB	isaacs
npm/[email protected]	None	0	820 kB	dibenede
npm/[email protected]	environment, filesystem	0	32.5 kB	isaacs
npm/[email protected]	None	0	20.6 kB	ljharb
npm/[email protected]	None	+1	27.9 kB	ljharb
npm/[email protected]	None	0	96.5 kB	mdevils
npm/[email protected]	None	0	10 kB	evilebottnawi
npm/[email protected]	None	0	6.8 kB	feross
npm/[email protected]	None	0	51.2 kB	kael
npm/[email protected]	Transitive: filesystem, unsafe	+3	19.8 kB	sindresorhus
npm/[email protected]	None	0	3.96 kB	isaacs
npm/[email protected]	None	0	25 kB	ljharb
npm/[email protected]	None	+1	19.8 kB	phated
npm/[email protected]	None	0	3.54 kB	sindresorhus
npm/[email protected]	None	+1	82.4 kB	oss-bot
npm/[email protected]	environment, unsafe Transitive: filesystem, shell	+4	237 kB	simenb
npm/[email protected]	environment, shell	+1	86.2 kB	simenb
npm/[email protected]	None	0	15.1 kB	lydell
npm/[email protected]	Transitive: environment, filesystem	+1	576 kB	vitaly
npm/[email protected]	None	0	10.4 kB	isaacs
npm/[email protected]	environment, eval, filesystem, unsafe	0	125 kB	trentm
npm/[email protected]	None	0	235 kB	jordanbtucker
npm/[email protected]	None	0	36.3 kB	evilebottnawi
npm/[email protected]	eval	0	636 kB	bnjmnt4n
npm/[email protected]	None	0	14 kB	jdalton
npm/[email protected]	None	0	1.41 MB	bnjmnt4n
npm/[email protected]	None	0	119 kB	dcode
npm/[email protected]	filesystem	0	10 kB	sindresorhus
npm/[email protected]	None	0	8.9 kB	zensh
npm/[email protected]	network	0	5.29 kB	dougwilson
npm/[email protected]	None	0	61.5 kB	danez
npm/[email protected]	environment, filesystem	0	51.7 kB	broofa
npm/[email protected]	None	+3	56.9 kB	isaacs
npm/[email protected]	None	0	54.5 kB	ljharb
npm/[email protected]	None	0	6.84 kB	styfle
npm/[email protected]	None	0	24.4 kB	ai
npm/[email protected]	None	0	298 kB	suguru03
npm/[email protected]	None	0	32.2 kB	chicoxyzzy
npm/[email protected]	None	0	9.22 kB	jonschlinkert
npm/[email protected]	None	0	5.49 kB	sindresorhus
npm/[email protected]	None	+1	7.01 kB	isaacs
npm/[email protected]	None	+1	13.8 kB	sindresorhus
npm/[email protected]	None	+3	25.6 kB	sindresorhus
npm/[email protected]	None	0	10.3 kB	dougwilson
npm/[email protected]	None	0	4.55 kB	sindresorhus
npm/[email protected]	None	0	4.51 kB	jbgutierrez
npm/[email protected]	None	0	6.78 kB	blakeembrey
npm/[email protected]	None	0	90 kB	mrmlnc
npm/[email protected]	unsafe	0	13.5 kB	danez
npm/[email protected]	None	0	27.2 kB	evilebottnawi
npm/[email protected]	environment, filesystem	+1	204 kB	ai
npm/[email protected]	None	+2	203 kB	terkelg
npm/[email protected]	filesystem, network	+9	2.87 MB	google-wombot
npm/[email protected]	None	0	32.4 kB	mathias
npm/[email protected]	None	0	6.96 kB	lpinca
npm/[email protected]	None	0	8.46 kB	dougwilson
npm/[email protected]	environment	0	24 kB	gnoff
npm/[email protected]	Transitive: environment, eval, filesystem, network, unsafe	+97	6.25 MB	iansu
npm/[email protected]	environment	0	318 kB	react-bot
npm/[email protected]	None	0	27.4 kB	benjamn
npm/[email protected]	filesystem	0	115 kB	ljharb
npm/[email protected]	filesystem	0	17.3 kB	isaacs
npm/[email protected]	None	0	31.7 kB	feross
npm/[email protected]	None	0	42.3 kB	chalker
npm/[email protected]	None	0	66.2 kB	evilebottnawi
npm/[email protected]	None	0	68.3 kB	lukekarrys
npm/[email protected]	None	0	16.8 kB	okuryu
npm/[email protected]	None	0	4.03 kB	wesleytodd
npm/[email protected]	None	0	140 kB	7rulnik
npm/[email protected]	None	0	31.8 kB	evilebottnawi
npm/[email protected]	None	+2	58.4 kB	sindresorhus
npm/[email protected]	None	0	4.03 kB	sindresorhus
npm/[email protected]	None	0	6.96 kB	sindresorhus
npm/[email protected]	None	0	61 kB	evilebottnawi
npm/[email protected]	environment	+1	9.76 kB	sindresorhus
npm/[email protected]	environment, filesystem	+4	5.56 MB	adamwathan
npm/[email protected]	None	0	46.9 kB	sokra
npm/[email protected]	None	+1	252 kB	evilebottnawi
npm/[email protected]	None	0	4.68 kB	dougwilson
npm/[email protected]	environment, filesystem, unsafe	+11	958 kB	cspotcode
npm/[email protected]	None	+1	57.9 kB	gkz
npm/[email protected]	None	0	42.1 kB	chaijs
npm/[email protected]	None	0	62.7 MB	typescript-bot
npm/[email protected]	environment, eval, filesystem	0	1.28 MB	alexlamsl
npm/[email protected]	None	0	4.31 kB	dougwilson
npm/[email protected]	filesystem, shell Transitive: environment	+2	30.8 kB	ai
npm/[email protected]	None	0	470 kB	garycourt
npm/[email protected]	None	0	5.48 kB	tootallnate
npm/[email protected]	None	0	3.72 kB	jaredhanson
npm/[email protected]	None	0	116 kB	ctavan
npm/[email protected]	None	0	8.75 kB	dougwilson
npm/[email protected]	None	0	43.5 kB	bebraw
npm/[email protected]	environment, filesystem, network, unsafe	+3	4.95 MB	thelarkinn
npm/[email protected]	environment	0	448 kB	eemeli
npm/[email protected]	environment, filesystem	+7	516 kB	oss-bot

🚮 Removed packages: npm/@babel/[email protected], npm/@csstools/[email protected], npm/@csstools/[email protected], npm/@discoveryjs/[email protected], npm/@floating-ui/[email protected], npm/@floating-ui/[email protected], npm/@floating-ui/[email protected], npm/@gitbeaker/[email protected], npm/@gitbeaker/[email protected], npm/@google-cloud/[email protected], npm/@google-cloud/[email protected], npm/@google-cloud/[email protected], npm/@hapi/[email protected], npm/@improbable-eng/[email protected], npm/@improbable-eng/[email protected], npm/@improbable-eng/[email protected], npm/@improbable-eng/[email protected], npm/@ioredis/[email protected], npm/@ioredis/[email protected], npm/@jmondi/[email protected], npm/@mapbox/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@octokit/[email protected], npm/@popperjs/[email protected], npm/@probot/[email protected], npm/@probot/[email protected], npm/@probot/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@radix-ui/[email protected], npm/@segment/[email protected], npm/@sqltools/[email protected], npm/@stripe/[email protected], npm/@stripe/[email protected], npm/@tailwindcss/[email protected], npm/@tanstack/[email protected], npm/@tanstack/[email protected], npm/@tanstack/[email protected], npm/@tanstack/[email protected], npm/@tanstack/[email protected], npm/@testdeck/[email protected], npm/@testdeck/[email protected], npm/@testing-library/[email protected], npm/@testing-library/[email protected], npm/@testing-library/[email protected], npm/@testing-library/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@useorbital/[email protected], npm/@webassemblyjs/[email protected], npm/@webassemblyjs/[email protected], npm/@webpack-cli/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[iQQBot]

/hold

wait for https://github.com/gitpod-io/gitpod-dedicated/blob/af8aa69fa964a201c44fa518a55a07c1b00178ed/ops/images/push-images.sh#L21C1-L26C7

[iQQBot]

verify image is correct and we can start workspace

[kylos101]

/hold

wait for https://github.com/gitpod-io/gitpod-dedicated/blob/af8aa69fa964a201c44fa518a55a07c1b00178ed/ops/images/push-images.sh#L21C1-L26C7

Hi @iQQBot , what is left/preventing removal of the hold for this PR? I ask because https://github.com/gitpod-io/gitpod/pull/19402 landed on Feb 7. I assume there is some other PR or Linear issue or Slack thread remaining. Can you share?

[iQQBot]

@kylos101 not all cell upgrade to this version

[kylos101]

@kylos101 not all cell upgrade to this version

Gotcha, thank you, @iQQBot !

[stale[bot]]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[socket-security[bot]]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note
Install scripts	npm/[email protected]	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"

View full report↗︎

Next steps

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]

[iQQBot]

Tested again, it can start a workspace, and redis pod is healthy

[iQQBot]

/unhold