feat: [CI-21188]: fix alpine deps#327
Open
spahuja-harness wants to merge 16 commits intotmate-io:masterfrom
Open
feat: [CI-21188]: fix alpine deps#327spahuja-harness wants to merge 16 commits intotmate-io:masterfrom
spahuja-harness wants to merge 16 commits intotmate-io:masterfrom
Conversation
Adding account id as tmate user
Set basic image to compile from
Add support for building tmate Docker images via Harness CI pipeline. Tmate is a C-based terminal sharing application (tmux fork). Changes: - Created docker/Dockerfile-tmate for building binary images * Multi-stage build using GAR Alpine 3.21 * Builds libssh and tmate with static linking * Scratch-based final image with binary at /binaries/tmate * Includes build metadata labels - Added config/manifest.yaml for Harness CI pipeline integration This enables building harness/harness-vm-runner-tmate images that will be bundled into harness-vm-runner-binaries for VM injection. Note: Tmate is a C project and does not use Go versioning patterns. Version is managed via configure.ac (autotools).
feat: [CI-21188]: Add Dockerfile for tmate binary for Harness CI builds
…3.21 - Remove libexecinfo, libexecinfo-dev, libexecinfo-static packages - These packages were removed in Alpine 3.21 - tmate builds successfully without them as backtrace functionality is not critical
- Switch from Alpine to Debian Bullseye for better C library compatibility - Build libssh 0.10.6 from source with GSSAPI disabled - Use dynamic linking instead of static to avoid compat library issues - Create forkpty-linux.c stub for build system compatibility - Include runtime dependencies in final image (libevent, libssh, etc) - Successfully builds tmate 2.4.0 binary
- Create dummy Helm chart in chart/ directory - Chart contains only metadata, no deployable resources - Add HELM_CHART_SOURCE_DIRECTORY to manifest.yaml - Chart exists solely to satisfy build pipeline requirements for binary-only services
spahuja-harness
changed the title
- Upgrade from Debian Bullseye to Bookworm for security improvements - Reduces vulnerabilities to only 3 (all unfixable/recent) - Grype scan: 0 fixable vulnerabilities - Trivy scan: 1 CRITICAL (will_not_fix MiniZip), 2 HIGH (no patch yet) - Bookworm provides updated OpenSSL, zlib, and other packages
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.