Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Use tini as entrypoint #98

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: Use tini as entrypoint #98

wants to merge 1 commit into from

Conversation

reneleonhardt
Copy link

Updates

  • Alpine 3.20 (fixes 5 security findings)
  • Let Dependabot update images in Dockerfile, docker-compose.yml and Kubernetes manifests

Improvements

  • Use tini as entrypoint for Dockerfile and docker-compose.yml example

Transfer size (compressed image) should be

  • amd64 = 7.1 MB
  • arm64 = 7.6 MB
  • multi = 14.7 MB

@jflambert
Copy link
Collaborator

Do you have more info about Dependabot

@reneleonhardt
Copy link
Author

reneleonhardt commented May 27, 2024
edited
Loading

Microsoft offers free usage for Open-Source projects, it automatically creates PRs when it sees updates:
https://docs.github.com/en/code-security/getting-started/dependabot-quickstart-guide
https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file

My example configuration searches for updates of Docker image tags in Dockerfile, docker-compose.yml and Kubernetes manifests.
After you pushed a new pgbouncer image, Dependabot will offer you a PR if you didn't already change all 1.9.0 tags in this repo for example.
Or postgres:17-alpine after it has been released in September 😅

@jflambert
Copy link
Collaborator

jflambert commented May 28, 2024
edited
Loading

I've used tini in other projects where, as you say, I needed to handle some signals gracefully or other esoteric things (subreaping, capture some non-standard output). Which problems does this solve for pgbouncer?

jflambert
jflambert reviewed May 28, 2024
View reviewed changes
Dockerfile
ARG VERSION=1.22.1

# Inspiration from https://github.com/gmr/alpine-pgbouncer/blob/master/Dockerfile
# hadolint ignore=DL3003,DL3018
RUN \
# security
apk add -U --no-cache --upgrade busybox && \
# https://github.com/krallin/tini#existing-entrypoint
apk add -U --no-cache --upgrade tini --repository=https://dl-cdn.alpinelinux.org/alpine/v3.20/community && \
Copy link
Collaborator

@jflambert jflambert May 28, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the --repository switch necessary if we're already using alpine 3.20?

feels like tini could be added to line 8 instead

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jflambert jflambert jflambert left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@reneleonhardt @jflambert