From 34379d4cf191c2a4d1126edc775ce5988a9b407f Mon Sep 17 00:00:00 2001
From: Aliaksandr Valialkin <valyala@victoriametrics.com>
Date: Thu, 9 Feb 2023 14:01:16 -0800
Subject: [PATCH] all: run `apk update && apk upgrade` in base Alpine Docker
 image in order to get all the recent security fixes

---
 app/vmagent/multiarch/Dockerfile   | 2 +-
 app/vmalert/multiarch/Dockerfile   | 2 +-
 app/vmauth/multiarch/Dockerfile    | 2 +-
 app/vmbackup/multiarch/Dockerfile  | 2 +-
 app/vmctl/multiarch/Dockerfile     | 2 +-
 app/vminsert/multiarch/Dockerfile  | 2 +-
 app/vmrestore/multiarch/Dockerfile | 2 +-
 app/vmselect/multiarch/Dockerfile  | 2 +-
 app/vmstorage/multiarch/Dockerfile | 2 +-
 deployment/docker/Makefile         | 2 +-
 deployment/docker/base/Dockerfile  | 2 +-
 11 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/app/vmagent/multiarch/Dockerfile b/app/vmagent/multiarch/Dockerfile
index c1eca858f..47370c9cd 100644
--- a/app/vmagent/multiarch/Dockerfile
+++ b/app/vmagent/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmalert/multiarch/Dockerfile b/app/vmalert/multiarch/Dockerfile
index 2311d3082..500b9bcb1 100644
--- a/app/vmalert/multiarch/Dockerfile
+++ b/app/vmalert/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmauth/multiarch/Dockerfile b/app/vmauth/multiarch/Dockerfile
index 77382d4e2..96aa589b2 100644
--- a/app/vmauth/multiarch/Dockerfile
+++ b/app/vmauth/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmbackup/multiarch/Dockerfile b/app/vmbackup/multiarch/Dockerfile
index 15954766e..747c6b7b4 100644
--- a/app/vmbackup/multiarch/Dockerfile
+++ b/app/vmbackup/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmctl/multiarch/Dockerfile b/app/vmctl/multiarch/Dockerfile
index ed75e7809..d48338309 100644
--- a/app/vmctl/multiarch/Dockerfile
+++ b/app/vmctl/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vminsert/multiarch/Dockerfile b/app/vminsert/multiarch/Dockerfile
index 8b7aadc36..a65371747 100644
--- a/app/vminsert/multiarch/Dockerfile
+++ b/app/vminsert/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmrestore/multiarch/Dockerfile b/app/vmrestore/multiarch/Dockerfile
index 2cdf012ab..504656508 100644
--- a/app/vmrestore/multiarch/Dockerfile
+++ b/app/vmrestore/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmselect/multiarch/Dockerfile b/app/vmselect/multiarch/Dockerfile
index 0731c4383..7ae8f091b 100644
--- a/app/vmselect/multiarch/Dockerfile
+++ b/app/vmselect/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/app/vmstorage/multiarch/Dockerfile b/app/vmstorage/multiarch/Dockerfile
index f4f034ece..924aeef33 100644
--- a/app/vmstorage/multiarch/Dockerfile
+++ b/app/vmstorage/multiarch/Dockerfile
@@ -2,7 +2,7 @@
 ARG certs_image
 ARG root_image
 FROM $certs_image as certs
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image
 COPY --from=certs /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
diff --git a/deployment/docker/Makefile b/deployment/docker/Makefile
index af5fb0b1a..5ad58705d 100644
--- a/deployment/docker/Makefile
+++ b/deployment/docker/Makefile
@@ -6,7 +6,7 @@ ROOT_IMAGE ?= alpine:3.17.1
 CERTS_IMAGE := alpine:3.17.1
 GO_BUILDER_IMAGE := golang:1.20.0-alpine
 BUILDER_IMAGE := local/builder:2.0.0-$(shell echo $(GO_BUILDER_IMAGE) | tr :/ __)-1
-BASE_IMAGE := local/base:1.1.3-$(shell echo $(ROOT_IMAGE) | tr :/ __)-$(shell echo $(CERTS_IMAGE) | tr :/ __)
+BASE_IMAGE := local/base:1.1.4-$(shell echo $(ROOT_IMAGE) | tr :/ __)-$(shell echo $(CERTS_IMAGE) | tr :/ __)
 
 package-base:
 	(docker image ls --format '{{.Repository}}:{{.Tag}}' | grep -q '$(BASE_IMAGE)$$') \
diff --git a/deployment/docker/base/Dockerfile b/deployment/docker/base/Dockerfile
index 376f8f16e..6d06e75ce 100644
--- a/deployment/docker/base/Dockerfile
+++ b/deployment/docker/base/Dockerfile
@@ -3,7 +3,7 @@ ARG certs_image
 ARG root_image
 FROM $certs_image as certs
 
-RUN apk --update --no-cache add ca-certificates
+RUN apk update && apk upgrade && apk --update --no-cache add ca-certificates
 
 FROM $root_image