feat: update of dockerfile to use more secure image; #1546
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fix Docker build badge
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed python packages have been updated to address vulnerabilities plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020 included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these can be excluded if LOFTEE is not going to be used
…n-path Fix plugin path in command line output
* Deterministic order for software versions * Deterministic order for software versions
|
Hello @mvforster, Thanks for your PR! We are thinking of supporting of creation of a more secure image of the Ensembl VEP with a separate docker But first of all can you create this PR against the |
rebasing the fork so that the pull request can be applied to the correct branch
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed python packages have been updated to address vulnerabilities plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020 included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these can be excluded if LOFTEE is not going to be used
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Dear EnsEMBL team,
I would like to submit the following pull request for review and assessment. The changes to the Dockerfiles are to close as many vulnerabilities as possible.
The changes included are intended to ease the use of the VEP tool within an Air-Gapped environment such as the Genomics England TRE. I have made some modifications to the list of installed plugins to ensure that all plugins are based on code that is being actively maintained. Because of this, I have had to exclude the following plugins:
which require Python2 and Python2-specific packages.
The base image has been updated to Ubuntu 23.04, as 18.04 is End-of-Life. The ubuntu-pacakges.txt file is no longer being copied over, these packages are explicitly installed. The Python requirements file is also not being used given that the depending plugins are being excluded.
Python package vulnerabilities are being explicitly addressed within the base-layer updates.
I have included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233 as this is a requirement of our workflow, these can be excluded if LOFTEE is not going to be used.
I hope this proves useful,
Kind regards,
Matthieu