Update non AzLinux Packages in Tools Image#628
Conversation
ComradeCow
changed the title
|
Have we checked best/worst case size impact for this? |
| # | ||
| npm install -q -g @pnp/cli-microsoft365 && \ | ||
| npm install -q -g @pnp/cli-microsoft365 \ | ||
| && m365 version && \ |
There was a problem hiding this comment.
What do we use this version check for?
There was a problem hiding this comment.
Just to output data to stdout, similar to some of the other installs. When I was testing the update logic, I had to hop into the image to find the version. Having it show in the output made that particular step faster.
Best case its zero because there are no new updates and there have been no releases since the last base image was built. Worst case, it probably can be a lot. Locally I ran that and ended up with this layer at 617MB. I think that updated everything but I'm not certain. I know this will increase the image size, which is why the steps are careful to only update if its needed. Our goal is to get releases rolling often enough where generally this layer is small. The dependencies in that list update (generally) monthly. So I expect in most cases there won't be updates available to pull in. But if there are, this change will help us keep our Vulnerability dashboards more clean. |
|
Image size with this change is base: 6127MB, tools: 9780MB. |
2 participants
Adds steps in the Tools image to update dependencies that are distributed outside the AzLinux package feed. This will help us keep vulnerabilities down to an absolute minimum. We want to minimize the work done in the Tools image as it affects the image pull performance more than changes in the Base image, but we need more frequent updates to keep the image secure.
Update steps added for:
Intentionally skipped updates for:
ansible-galaxycollections - they also don't show in the vulnerability scans, so less pressing to upgrade.