Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CI: Build linux binaries using ubuntu 20-04 and add vulnerabilities check #1043

Merged
merged 9 commits into from
Jul 12, 2023
Merged

CI: Build linux binaries using ubuntu 20-04 and add vulnerabilities check #1043

merged 9 commits into from
Jul 12, 2023

Conversation

Alenar
Copy link
Collaborator

@Alenar Alenar commented Jul 10, 2023
edited
Loading

Content

This PR changes the ubuntu version used to build the linux binaries in order to depends on a earlier version of glibc (2.31 instead of 2.35) to be compatible with more systems.
The minimum required version is now stated in the documentation.

It also add the dependency-review action to our check step.

Pre-submit checklist

  • Branch
    • Commit sequence broadly makes sense
    • Key commits have useful messages
  • PR
    • Self-reviewed the diff
    • Useful pull request description
    • Reviewer requested
  • Documentation
    • Update README file (if relevant)
    • Update documentation website (if relevant)
    • Add dev blog post (if relevant)

Comments

This PR also update the documentation regarding the fact that sqlite is not required anymore to build & run the binaries (see #837).

Issue(s)

Closes #874, Closes #1037, Relates to #834 and #837

@Alenar Alenar changed the title Djo/874 1037/ci ubuntu.20 04.build add vulnerabilities check CI: Build linux binaries using ubuntu 20-04 and add vulnerabilities check Jul 10, 2023
@github-actions
Copy link

github-actions bot commented Jul 10, 2023
edited
Loading

Test Results

    3 files  ±0    16 suites  ±0   6m 17s ⏱️ +30s
616 tests ±0  616 ✔️ ±0  0 💤 ±0  0 ±0 
654 runs  ±0  654 ✔️ ±0  0 💤 ±0  0 ±0 

Results for commit 8b7eb3c. ± Comparison against base commit 3ad37c0.

♻️ This comment has been updated with latest results.

@Alenar Alenar temporarily deployed to testing-preview July 10, 2023 12:52 — with GitHub Actions Inactive
@Alenar Alenar force-pushed the djo/874-1037/ci-ubuntu.20-04.build-add-vulnerabilities-check branch 2 times, most recently from 0df0ad7 to 3675535 Compare July 11, 2023 10:14
@Alenar Alenar temporarily deployed to testing-preview July 11, 2023 10:32 — with GitHub Actions Inactive
@Alenar
Build linux binaries using ubuntu 20.04 instead of 22.04
cde7451 
The goal of this is to have binaries that depends on earlier version of
glibc to be compatible with more systems.
Using 22.04 (libc 2.35) we are compatible with debian Bookworm (12,
libc 2.36.9) minimum, the latest version released.
Using 20.04 (libc 2.31) we are also compatible with debian Bulleye (11,
libc 2.31.13).
@Alenar Alenar force-pushed the djo/874-1037/ci-ubuntu.20-04.build-add-vulnerabilities-check branch from 3675535 to 7e38bbf Compare July 11, 2023 14:12
@Alenar Alenar temporarily deployed to testing-preview July 11, 2023 14:29 — with GitHub Actions Inactive
Alenar
Alenar commented Jul 11, 2023
View reviewed changes
docs/root/compiled-binaries.md
@@ -4,10 +4,13 @@ hide_title: true
hide_table_of_contents: true
---

## Download compiled binary
Copy link
Collaborator Author

@Alenar Alenar Jul 11, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sadly this title did not show in the sidebars (and it's level wasn't always appropriate) so I had to remove it from this common file to put it manually each time this file is used.

@Alenar Alenar requested review from jpraynaud and ghubertpalo July 11, 2023 14:48
@Alenar Alenar marked this pull request as ready for review July 11, 2023 14:49
@Alenar Alenar force-pushed the djo/874-1037/ci-ubuntu.20-04.build-add-vulnerabilities-check branch from aa817e1 to 288f9fc Compare July 11, 2023 14:53
@Alenar Alenar mentioned this pull request Jul 11, 2023
Closed
5 tasks
@Alenar Alenar temporarily deployed to testing-preview July 11, 2023 15:07 — with GitHub Actions Inactive
ghubertpalo
ghubertpalo reviewed Jul 11, 2023
View reviewed changes
mithril-aggregator/Dockerfile
@@ -37,7 +29,7 @@ RUN /app/target/release/mithril-aggregator --version
###############################
# STEP 2: build a small image
###############################
FROM ubuntu:22.04
FROM debian:11-slim
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why isn't the ubuntu-20.04 image used (the same as the CI)?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two reasons:

  • I want to use debian in the dockerfiles as "compatibility test" to check that our ubuntu 20.04 built binaries are compatible with a later version of debian.
  • this allow for the "dev" dockerfiles (the one without the .ci suffix) to use the rust builder images that are debian based, allowing a simplification of the builder step.

jpraynaud
jpraynaud approved these changes Jul 11, 2023
View reviewed changes
Copy link
Member

@jpraynaud jpraynaud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Maybe we can create a test Docker image before merging to see if everything works as expected?

docs/root/compiled-binaries.md Outdated Show resolved Hide resolved
@Alenar
Copy link
Collaborator Author

Alenar commented Jul 11, 2023

LGTM +1

Maybe we can create a test Docker image before merging to see if everything works as expected?

Already done locally using debian 11 as the image base and the binaries built by this branch CI :).

@Alenar Alenar force-pushed the djo/874-1037/ci-ubuntu.20-04.build-add-vulnerabilities-check branch from 288f9fc to 8b7eb3c Compare July 11, 2023 15:55
@Alenar Alenar temporarily deployed to testing-preview July 11, 2023 16:04 — with GitHub Actions Inactive
@Alenar Alenar merged commit b8cc787 into main Jul 12, 2023
@Alenar Alenar deleted the djo/874-1037/ci-ubuntu.20-04.build-add-vulnerabilities-check branch July 12, 2023 07:44
@Alenar Alenar mentioned this pull request Jul 13, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ghubertpalo ghubertpalo ghubertpalo approved these changes

@jpraynaud jpraynaud jpraynaud approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Check vulnerabilities in CI Build static binaries in CI
3 participants
@Alenar @jpraynaud @ghubertpalo