update packages#8
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds apt-get upgrade -y commands to three package installation steps in the Dockerfile to update all system packages before installing additional software. The changes affect the base system packages installation, Google Cloud CLI installation, and Node.js/Yarn installation.
Changes:
- Added
apt-get upgrade -yto the initial system packages installation layer - Added
apt-get upgrade -yto the Google Cloud CLI installation layer - Added
apt-get upgrade -yto the Node.js and Yarn installation layer
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - | ||
| RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list | ||
| RUN apt-get update && apt-get -y install nodejs yarn \ | ||
| RUN apt-get update && apt-get upgrade -y && apt-get -y install nodejs yarn \ |
There was a problem hiding this comment.
This change increases Docker layer size and build time by upgrading all installed packages before installing new ones. Additionally, the upgrade operation may pull in new dependencies or change existing ones in unpredictable ways, potentially affecting the stability of tools and dependencies already installed in the base ubuntu:24.04 image. Consider whether this additional overhead is necessary for this layer.
| RUN apt-get update && apt-get upgrade -y && apt-get -y install nodejs yarn \ | |
| RUN apt-get update && apt-get -y install nodejs yarn \ |
| FROM ubuntu:24.04 | ||
| ARG DEBIAN_FRONTEND=noninteractive | ||
| RUN apt-get update && apt-get install -y --no-install-recommends \ | ||
| RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ |
There was a problem hiding this comment.
Adding apt-get upgrade -y in Docker builds is generally discouraged as it can lead to non-reproducible builds. Each time the image is built, different package versions might be installed, making it difficult to ensure consistency across environments. Instead, consider pinning specific package versions or updating the base image (ubuntu:24.04) to a newer version when security patches are needed. This approach ensures reproducible builds while maintaining security.
| RUN apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends \ | |
| RUN apt-get update && apt-get install -y --no-install-recommends \ |
| RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \ | ||
| echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \ | ||
| apt-get update && apt-get install -y --no-install-recommends google-cloud-cli | ||
| apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends google-cloud-cli |
There was a problem hiding this comment.
Adding apt-get upgrade -y in Docker builds is generally discouraged as it can lead to non-reproducible builds. Each time the image is built, different package versions might be installed, making it difficult to ensure consistency across environments. Instead, consider pinning specific package versions or updating the base image (ubuntu:24.04) to a newer version when security patches are needed. This approach ensures reproducible builds while maintaining security.
| RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - | ||
| RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list | ||
| RUN apt-get update && apt-get -y install nodejs yarn \ | ||
| RUN apt-get update && apt-get upgrade -y && apt-get -y install nodejs yarn \ |
There was a problem hiding this comment.
Adding apt-get upgrade -y in Docker builds is generally discouraged as it can lead to non-reproducible builds. Each time the image is built, different package versions might be installed, making it difficult to ensure consistency across environments. Instead, consider pinning specific package versions or updating the base image (ubuntu:24.04) to a newer version when security patches are needed. This approach ensures reproducible builds while maintaining security.
| RUN curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | gpg --dearmor -o /usr/share/keyrings/cloud.google.gpg && \ | ||
| echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | tee -a /etc/apt/sources.list.d/google-cloud-sdk.list && \ | ||
| apt-get update && apt-get install -y --no-install-recommends google-cloud-cli | ||
| apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends google-cloud-cli |
There was a problem hiding this comment.
This change increases Docker layer size and build time by upgrading all installed packages before installing new ones. Additionally, the upgrade operation may pull in new dependencies or change existing ones in unpredictable ways, potentially affecting the stability of tools and dependencies already installed in the base ubuntu:24.04 image. Consider whether this additional overhead is necessary for this layer.
No description provided.