Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make singleton container readonly #937

Merged
merged 13 commits into from
Apr 23, 2024
Merged

Make singleton container readonly #937

merged 13 commits into from
Apr 23, 2024

Conversation

NovemberTang
Copy link
Contributor

@NovemberTang NovemberTang commented Apr 22, 2024
edited
Loading

What does this change?

Create a custom docker image for the singleton container, so we don't need to install awscli and jq.

Why?

This is part of the work to resolve AWS FSBP ECS.5 (No write access to root file system by default

How has it been verified?

Tested on CODE to verify expected behaviour for one job, and multiple concurrent ones.

What next

Create a reusable workflow for creating container images, as we now have 3 of these. This will be done in a follow-up PR

@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 22, 2024
edited
Loading

Deploy build 4434 of deploy::service-catalogue to CODE

All deployment options

From guardian/actions-riff-raff.

@NovemberTang NovemberTang marked this pull request as ready for review April 22, 2024 14:42
@NovemberTang NovemberTang requested review from a team as code owners April 22, 2024 14:42
akash1810
akash1810 reviewed Apr 23, 2024
View reviewed changes
containers/singleton/Dockerfile Outdated Show resolved Hide resolved
containers/singleton/Dockerfile
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did we consider using the AWS CLI image plus some awk as a replacement for jq?

I was meant to experiment with this previously...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We talked about this, but I think it represents an extra level of scope creep on a ticket that's already crept up massively, and could probably be a separate investigation.

@NovemberTang NovemberTang requested a review from akash1810 April 23, 2024 11:23
tjsilver
tjsilver approved these changes Apr 23, 2024
View reviewed changes
Copy link
Contributor

@tjsilver tjsilver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@NovemberTang NovemberTang merged commit b2e79a5 into main Apr 23, 2024
3 checks passed
@NovemberTang NovemberTang deleted the nt/more-readonly branch April 23, 2024 15:57
@NovemberTang NovemberTang mentioned this pull request Apr 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tjsilver tjsilver tjsilver approved these changes

@akash1810 akash1810 Awaiting requested review from akash1810

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@NovemberTang @akash1810 @tjsilver @AshCorr