[docker] allow docker container builds to pass when security advistory (#6662)

Right now, we test the container at the end of the build rather than before publishing so while we decouple that work, we should not fail the build step if a security advisory was found - it's too late, the containers are released so we should instead catch the advisory and that will allow our release pipeline to continue
2021-03-31 15:22:58 +01:00 · 2021-03-31 15:22:58 +01:00 · 4efec0f791
parent bf1a8d3387
commit 4efec0f791
3 changed files with 3 additions and 4 deletions
--- a/.github/workflows/trigger-container-build-event.yml
+++ b/.github/workflows/trigger-container-build-event.yml
@ -201,6 +201,7 @@ jobs:
    name: scan container images
    runs-on: ubuntu-latest
    needs: os_sdk
+    continue-on-error: true
    strategy:
      matrix:
        image: [ "base", "nodejs", "python", "go" ]
--- a/docker/nodejs/Dockerfile
+++ b/docker/nodejs/Dockerfile
@ -2,12 +2,11 @@
 # Interim container so we can copy pulumi binaries
 # Must be defined first
 ARG PULUMI_VERSION=latest
-ARG RUNTIME_VERSION=13.14.0
 ARG PULUMI_IMAGE=pulumi/pulumi-base
 FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi

 # The runtime container
-FROM node:${RUNTIME_VERSION}-buster-slim
+FROM node:lts-buster-slim
 WORKDIR /pulumi/projects

 # Install needed tools, like git
--- a/docker/nodejs/Dockerfile.alpine
+++ b/docker/nodejs/Dockerfile.alpine
@ -2,12 +2,11 @@
 # Interim container so we can copy pulumi binaries
 # Must be defined first
 ARG PULUMI_VERSION=latest
-ARG RUNTIME_VERSION=12.18.0
 ARG PULUMI_IMAGE=pulumi/pulumi-base
 FROM ${PULUMI_IMAGE}:${PULUMI_VERSION} as pulumi

 # The runtime container
-FROM node:${RUNTIME_VERSION}-alpine3.12
+FROM node:lts-alpine3.12
 WORKDIR /pulumi/projects

 # Install needed tools, like git