WIP: DevX Alpine package dependencies versioning Tracking issue

[jhchabran]

Plan

Problem

We are pinning Alpine package versions down to the minor level, which can lead to breakage when the Alpine releases bump a given package.

See https://wiki.alpinelinux.org/wiki/Enable_Community_Repository#Using_specific_package_versions

Related documents

• https://docs.google.com/document/d/1bihAwN05cS1KKvddIMtxSOgTREgU2KmhNQa6D9N9yKU/edit#

Availability

If you have planned unavailability this iteration (e.g., vacation), you can note that here.

Tracked issues

Legend

• 🐛 Bug
• 🧶 Technical debt
• 🎩 Quality of life
• 🔒 Security issue

[github-actions]

Heads up @taylorsperry @pdubroy - the "team/dev-experience" label was applied to this issue.

[github-actions]

Heads up @taylorsperry @pdubroy - the "team/dev-experience" label was applied to this issue.

[bobheadxi]

I've gone ahead and relaxed the requirements here based on what I believe might be the "right" policy: https://github.com/sourcegraph/sourcegraph/pull/29493

Alpine packages only keep the most recent few releases, with older releases being dropped on a regular basis. We enforce versions, it seems, mostly to ensure the inclusion of particular security patches. Since not upgrading will only break our builds, and when we run into issues we just upgrade anyway, we should just only ever pin minimum versions.

I think we should make this official and close it out, WDYT @jhchabran @davejrt ?

[jhchabran]

I think we should make this official and close it out

Agreed! Thank you so much for taking over this 🙏