Upgrade core deps, remove no-op commands from Dockerfile, fix custom cert issues
What does this MR do?
- Bumps the
common
andcommand
libraries to their latest versions. - Removes some commands from the
Dockerfile
that weren't actually doing anything. - Adds a fix to the
Dockerfile
to allow custom certs to work on OpenShift.
The main purpose of this change was to support double star glob patterns, but bumping these packages also resolved an issue with using custom CA certs in the FIPS image.
This problem was caused by a mismatch in the certificate bundle path between the Dockerfile.fips and version 2.24.0 of common
which was being used prior to this bump. You can see evidence of this issue by looking at this pipeline that was run on an earlier commit of this branch. Upgrading the command
package solves this, because the common/cacert
package is indirectly invoked by it, and not the analyser.
Commands in the non-FIPS Dockerfile to set up the semgrep
user and grant it permissions on the .pem
file were also removed, as they were effectively a no-op. USER semgrep
was never specified in the runtime stage of the Dockerfile (so the analyser was running under root
), and the .pem
file is no longer used in common
> 2.24.0. A small change was also made to set the correct permissions on the cert bundle, to allow custom certs to work properly when running on OpenShift.
What are the relevant issue numbers?
- gitlab-org/gitlab#224440 (closed)
- gitlab-org/gitlab#327438 (closed)
- gitlab-org/gitlab#350625 (closed)
Does this MR meet the acceptance criteria?
-
Changelog entry added -
Documentation created/updated for GitLab EE, if necessary -
Documentation created/updated for this project, if necessary -
Documentation reviewed by technical writer or follow-up review issue created -
Tests added for this feature/bug -
Job definition updated, if necessary -
Conforms to the code review guidelines -
Conforms to the Go guidelines -
Security reports checked/validated by reviewer