From 15800aed9e0fa0feb896918084aaa44998e5fdd8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 5 Dec 2025 00:33:47 +0000 Subject: [PATCH 1/3] Initial plan From bd3fca5a4687b819898af2fcb6d076cb2f162e0e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 5 Dec 2025 00:36:42 +0000 Subject: [PATCH 2/3] Add apk upgrade to final stage to address security vulnerabilities This change adds `apk upgrade` in the final stage of the Dockerfile, ensuring that all Alpine packages are upgraded to their latest versions with security patches. This addresses the vulnerabilities reported in the docker image scan: - CVE-2025-62171 (imagemagick packages) - CVE-2025-64720, CVE-2025-65018 (libpng) - CVE-2025-49794, CVE-2025-49796, CVE-2025-49795, CVE-2025-6021 (libxml2) - CVE-2025-12818 (postgresql packages) Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 8245eff..0f7b97d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -173,6 +173,7 @@ RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone RUN \ apk update \ + && apk upgrade \ && apk add --no-cache --virtual .deps \ linux-headers \ make \ From e701af283f78ea82fd369b83b9da62f4157ecd60 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 9 Dec 2025 02:26:35 +0000 Subject: [PATCH 3/3] Apply changes from PR #55: use docker-cli-compose package - Remove manual docker-compose installation - Replace with docker-cli-compose Alpine package - Remove DOCKER_CONFIG and DOCKER_COMPOSE_VERSION env vars - Add RUN set -ex for better error visibility - Add docker compose version test Co-authored-by: stnguyen90 <1477010+stnguyen90@users.noreply.github.com> --- Dockerfile | 11 +++-------- tests.yaml | 4 ++++ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0f7b97d..a21ff74 100644 --- a/Dockerfile +++ b/Dockerfile @@ -166,11 +166,10 @@ FROM $BASEIMAGE AS final LABEL maintainer="team@appwrite.io" -ENV DOCKER_CONFIG=${DOCKER_CONFIG:-$HOME/.docker} -ENV DOCKER_COMPOSE_VERSION="v2.33.1" - RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone +RUN set -ex + RUN \ apk update \ && apk upgrade \ @@ -202,6 +201,7 @@ RUN \ libmaxminddb-dev \ certbot \ docker-cli \ + docker-cli-compose \ libgomp \ git \ zip \ @@ -210,11 +210,6 @@ RUN \ && apk del .deps \ && rm -rf /var/cache/apk/* -RUN mkdir -p $DOCKER_CONFIG/cli-plugins \ - && ARCH=$(uname -m) && if [ $ARCH == "armv7l" ]; then ARCH="armv7"; fi \ - && curl -SL https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VERSION/docker-compose-linux-$ARCH -o $DOCKER_CONFIG/cli-plugins/docker-compose \ - && chmod +x $DOCKER_CONFIG/cli-plugins/docker-compose - WORKDIR /usr/src/code COPY --from=swoole /usr/local/lib/php/extensions/no-debug-non-zts-20240924/swoole.so /usr/local/lib/php/extensions/no-debug-non-zts-20240924/ diff --git a/tests.yaml b/tests.yaml index b68e42d..276f1f6 100644 --- a/tests.yaml +++ b/tests.yaml @@ -17,6 +17,10 @@ commandTests: command: "docker" args: ["--version"] expectedOutput: ["Docker version 28.*"] + - name: 'Docker Compose command' + command: "docker" + args: ["compose", "version"] + expectedOutput: ["Docker Compose version v.*"] - name: 'PHP modules' command: "php" args: ["-m"]