Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing vulnerabilities for source-salesforce - Premium support #28021

Merged
merged 3 commits into from
Jul 7, 2023
Merged

Fixing vulnerabilities for source-salesforce - Premium support #28021

merged 3 commits into from
Jul 7, 2023

Conversation

mauricioalarcon
Copy link
Contributor

@mauricioalarcon mauricioalarcon commented Jul 6, 2023
edited
Loading

Attempt # 2 - this should replace previous PR
CVE-2022-40897
https://security-tracker.debian.org/tracker/CVE-2023-29383
https://security-tracker.debian.org/tracker/CVE-2023-31484
https://security-tracker.debian.org/tracker/CVE-2016-2781

What

Changed source base image to use python:3.9-alpine3.18 instead of slim - Adjusted to update OS packages

How

Switched to use alpine based image

Recommended reading order

n/a

🚨 User Impact 🚨

Are there any breaking changes? What is the end result perceived by the user?
None expected, just more security

So far nothing breaks and all the test are passing on our side, I've bumped the minor version accordingly

If there are breaking changes, please merge this PR with the 🚨🚨 emoji so changelog authors can further highlight this if needed.

Pre-merge Actions

Expand the relevant checklist and delete the others.

New Connector

Community member or Airbyter

  • Community member? Grant edit access to maintainers (instructions)
  • Unit & integration tests added and passing. Community members, please provide proof of success locally e.g: screenshot or copy-paste unit, integration, and acceptance test output. To run acceptance tests for a Python connector, follow instructions in the README. For java connectors run ./gradlew :airbyte-integrations:connectors:<name>:integrationTest.
  • Connector version is set to 0.0.1
    • Dockerfile has version 0.0.1
  • Documentation updated
    • Connector's README.md
    • Connector's bootstrap.md. See description and examples
    • docs/integrations/<source or destination>/<name>.md including changelog with an entry for the initial version. See changelog example
    • docs/integrations/README.md

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • If new credentials are required for use in CI, add them to GSM. Instructions.
Updating a connector

Community member or Airbyter

  • Grant edit access to maintainers (instructions)
  • Unit & integration tests added

Airbyter

If this is a community PR, the Airbyte engineer reviewing this PR is responsible for the below items.

  • Create a non-forked branch based on this PR and test the below items on it
  • Build is successful
  • If new credentials are required for use in CI, add them to GSM. Instructions.
Connector Generator
  • Issue acceptance criteria met
  • PR name follows PR naming conventions
  • If adding a new generator, add it to the list of scaffold modules being tested
  • The generator test modules (all connectors with -scaffold in their name) have been updated with the latest scaffold by running ./gradlew :airbyte-integrations:connector-templates:generator:testScaffoldTemplates then checking in your changes
  • Documentation which references the generator is updated as needed

@github-actions
Copy link
Contributor

github-actions bot commented Jul 6, 2023

Before Merging a Connector Pull Request

Wow! What a great pull request you have here! 🎉

To merge this PR, ensure the following has been done/considered for each connector added or updated:

  • PR name follows PR naming conventions
  • Breaking changes are considered. If a Breaking Change is being introduced, ensure an Airbyte engineer has created a Breaking Change Plan and you've followed all steps in the Breaking Changes Checklist
  • Connector version has been incremented in the Dockerfile and metadata.yaml according to our Semantic Versioning for Connectors guidelines
  • Secrets in the connector's spec are annotated with airbyte_secret
  • All documentation files are up to date. (README.md, bootstrap.md, docs.md, etc...)
  • Changelog updated in docs/integrations/<source or destination>/<name>.md with an entry for the new version. See changelog example
  • The connector tests are passing in CI
  • You've updated the connector's metadata.yaml file (new!)
  • If set, you've ensured the icon is present in the platform-internal repo. (Docs)

If the checklist is complete, but the CI check is failing,

  1. Check for hidden checklists in your PR description

  2. Toggle the github label checklist-action-run on/off to re-run the checklist CI.

@mauricioalarcon mauricioalarcon mentioned this pull request Jul 6, 2023
Closed
@octavia-squidington-iii octavia-squidington-iii added the area/documentation Improvements or additions to documentation label Jul 6, 2023
marcosmarxm
marcosmarxm approved these changes Jul 7, 2023
View reviewed changes
Copy link
Member

@marcosmarxm marcosmarxm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @mauricioalarcon

@marcosmarxm marcosmarxm added the team/tse Technical Support Engineers label Jul 7, 2023
@evantahler
Copy link
Contributor

cc @alafanechere - as we work to remove Dockerfiles in favor of Dagger, there are some good fixes in this PR

@marcosmarxm marcosmarxm merged commit f2b48d0 into airbytehq:master Jul 7, 2023
@sherifnada sherifnada mentioned this pull request Jul 25, 2023
Closed
@sherifnada
Copy link
Contributor

sherifnada commented Jul 25, 2023
edited
Loading

@mauricioalarcon this change seems to have increased the docker build time from ~5 minutes to 4+ hours on CI -- this is really problematic for our ability to quickly address production incidents (there is one going one right now). If we can't fix that build speed issue there's a chance we will likely revert this PR in #28243 until we can resolve that issue. Do you mind taking a look at how we can speed up the docker build time?

cc @marcosmarxm

@marcosmarxm
Copy link
Member

@alafanechere can you confirm the step it got stuck running in the CI is the same as docker build . -t airbyte/source-salesforce:dev? For me it took 20min (a lot more than 5 minutes but way less than 4 hours)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcosmarxm marcosmarxm marcosmarxm approved these changes

Assignees
No one assigned
Labels
area/connectors Connector related issues area/documentation Improvements or additions to documentation community connectors/source/salesforce team/tse Technical Support Engineers
Projects
No open projects
Community Contributed PRs
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@mauricioalarcon @evantahler @sherifnada @marcosmarxm @octavia-squidington-iii