Skip to content

Update Dockerfile nginx#8

Open
shirilat wants to merge 2 commits intodevelopmentfrom
shirilat-nginx-fix
Open

Update Dockerfile nginx#8
shirilat wants to merge 2 commits intodevelopmentfrom
shirilat-nginx-fix

Conversation

@shirilat
Copy link

@shirilat shirilat commented Oct 5, 2025
edited by pull-request-agent bot
Loading

PR Type

Enhancement

Description

  • Upgrade nginx base image to 1.29-alpine

  • Align production stage with latest unprivileged image

Diagram Walkthrough

flowchart LR
  base["nginx-unprivileged:1.21-alpine"] -- "upgrade" --> newbase["nginx-unprivileged:1.29-alpine"]
  Dockerfile["Dockerfile production stage"] -- "FROM image" --> newbase
Loading

File Walkthrough
Relevant files
Enhancement
Dockerfile
Upgrade production base image to 1.29-alpine                         

Dockerfile

  • Update production stage base image tag to 1.29-alpine.
  • Keep unprivileged nginx alignment with UID/GID args.
 +1/-1     

@pull-request-agent
Copy link

pull-request-agent bot commented Oct 5, 2025
edited
Loading

PR Reviewer Guide 🔍

(Review updated until commit 3271828)

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪
🧪 No relevant tests
🔒 No security concerns identified
⚡ Recommended focus areas for review

Compatibility Check

Verify that the move to nginx-unprivileged:1.29-alpine does not change default config paths, user, ports, or module availability that downstream stages or runtime assume. Confirm any COPY, permissions, or healthcheck expectations still align with the new base image.

 
FROM gcr.io/iguazio/nginx-unprivileged:1.29-alpine as production-stage

# align UID & GID with nginx-unprivileged image UID & GID
ARG UID=101
ARG GID=101

@pull-request-agent
Copy link

pull-request-agent bot commented Oct 5, 2025
edited
Loading

PR Code Suggestions ✨

Latest suggestions up to 3271828
Explore these optional code suggestions:

CategorySuggestion                                                                                                                                    Impact
Security
Pin image to digest

Pin the base image to a specific digest to avoid unexpected breaking changes from
future tag updates. This ensures reproducible builds and mitigates supply-chain
risks.

Dockerfile [37]

-FROM gcr.io/iguazio/nginx-unprivileged:1.29-alpine as production-stage
+FROM gcr.io/iguazio/nginx-unprivileged:1.29-alpine@sha256:<KNOWN_DIGEST> as production-stage
Suggestion importance[1-10]: 7

__

Why: Recommending digest pinning is accurate for the updated FROM gcr.io/iguazio/nginx-unprivileged:1.29-alpine line and improves supply-chain security and reproducibility, though it’s a best-practice rather than fixing a functional bug.

Medium

Previous suggestions

Suggestions up to commit d501ad1
CategorySuggestion                                                                                                                                    Impact
Possible issue
Fix invalid image tag delimiter

The double colon in the image reference is invalid and will break the build. Use a
single colon to separate the image name from the tag.

Dockerfile [37]

-FROM gcr.io/iguazio/nginx-unprivileged::1.29-alpine as production-stage
+FROM gcr.io/iguazio/nginx-unprivileged:1.29-alpine as production-stage
Suggestion importance[1-10]: 9

__

Why: The new hunk shows FROM gcr.io/iguazio/nginx-unprivileged::1.29-alpine as production-stage with a double colon, which is invalid Docker syntax and would fail the build; changing to a single colon correctly mirrors the old image tag format.

High

@pull-request-agent
Copy link

pull-request-agent bot commented Oct 5, 2025

Persistent review updated to latest commit 3271828

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@shirilat