Dockerfile: update to GDAL 3.8.0

[pjonsson]

Use the same version of the image for the builder
and the main image.

[codecov]

Codecov Report

Merging #960 (515051e) into master (80988e8) will not change coverage.
Report is 3 commits behind head on master.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #960   +/-   ##
=======================================
  Coverage   93.72%   93.72%           
=======================================
  Files          43       43           
  Lines        6489     6489           
=======================================
  Hits         6082     6082           
  Misses        407      407           

[pjonsson]

@SpacemanPaul I've seen other PRs being marked as ready for review, but I'm not sure how to do that, could you please take a look at this? I don't think the failed jobs are caused by this PR.

The ubuntu-small-latest tag has not been updated for 9 months on Docker Hub, so here's what Trivy reports for opendatacube/ows:latest at the time of writing:

The "H" means there are vulnerabilities classified with a severity of "high". My experience is that it's usually less effort to fix the vulnerabilities marked as high or critical than it is to try to convince corporate IT that some software is not affected by the issue flagged.

Switching from a moving target like ubuntu-small-latest to a fixed version means the image built by the release can be reproduced at a later time. (It's possible other things inside the image are not fixed, but having fewer variables to worry about tends to be a positive.)

[SpacemanPaul]

Hi @pjonsson - thanks heaps for your recent contributions - they are really appreciated.

This PR IS ready for review - apart from the failing checks. I was hoping the PRs I did yesterday would resolve the failed checks - but I can see you've rebased onto them and nothing has changed.

I suspect there's something in the relevant github actions that is breaking for PRs from non-org-owned forks. I'll try reproducing this as an internal PR today to see if that fixes it.

I don't mind building to a moving target on active repos - it's a useful "canary in the mine" for advance warning of emerging issues in the upstream world - but OWS isn't very active at the moment, and given the current status of the "moving" target in question, I'm happy to merge this. I just need to sort out what's happening with the checks.

[pjonsson]

@SpacemanPaul I think you're right about non-org users, the documentation-preview action worked when I made pull requests against my forked repository of datacube-explorer, but fails on the pull requests I make to the real repository. (But that experience was before the updated actions, but if it didn't fix things in this repository, I doubt it will have made any difference there.)

If you are short on time, I think fixing the failing actions can be postponed until later; I don't have any intention of making contributions that require documentation updates, I just want to fix the immediate issues I have with the docker image.

If it's just the red crosses on the pull requests that you want prevent, it might be possible to quick-fix by only running the two failing steps when an org user makes the pull request.

[SpacemanPaul]

Reproduced as local PR#970 - confirmed that those github actions just don't like remote forks.

Moving discusion/review over there.