"Updated Alpine image version to 3:20 to remove security vuln" (#3577)

Updated Alpine image version to 3:20 to remove security vuln

---------

Co-authored-by: Ompragash Viswanathan <ompragash@proton.me>
Co-authored-by: OP (oppenheimer) <21008429+Ompragash@users.noreply.github.com>

.drone.yml

@@ -9,14 +9,14 @@ platform:
 
 steps:
 - name: test
-  image: golang:1.14.15
+  image: golang:1.22.7
   commands:
   - go test -race ./...
   - go build -o /dev/null github.com/drone/drone/cmd/drone-server
   - go build -o /dev/null -tags "oss nolimit" github.com/drone/drone/cmd/drone-server
   
 - name: build
-  image: golang:1.14.15
+  image: golang:1.22.7
   commands:
   - sh scripts/build.sh
   environment:
@@ -53,7 +53,7 @@ platform:
 
 steps:
 - name: build
-  image: golang:1.14.15
+  image: golang:1.22.7
   commands:
   - sh scripts/build.sh
   environment:

docker/Dockerfile.agent.linux.amd64

@@ -1,7 +1,7 @@
-FROM alpine:3.19 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.19
+FROM alpine:3.20
 ENV GODEBUG netdns=go
 ENV DRONE_RUNNER_OS=linux
 ENV DRONE_RUNNER_ARCH=amd64

docker/Dockerfile.controller.linux.amd64

@@ -1,7 +1,7 @@
-FROM alpine:3.19 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.19
+FROM alpine:3.20
 ENV GODEBUG netdns=go
 ENV DRONE_RUNNER_OS=linux
 ENV DRONE_RUNNER_ARCH=amd64

docker/Dockerfile.controller.linux.arm

@@ -1,7 +1,7 @@
-FROM alpine:3.11 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.11
+FROM alpine:3.20
 ENV GODEBUG=netdns=go
 ENV DRONE_RUNNER_OS=linux
 ENV DRONE_RUNNER_ARCH=arm

docker/Dockerfile.controller.linux.arm64

@@ -1,7 +1,7 @@
-FROM alpine:3.11 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.11
+FROM alpine:3.20
 ENV GODEBUG=netdns=go
 ENV DRONE_RUNNER_OS=linux
 ENV DRONE_RUNNER_ARCH=arm64

docker/Dockerfile.server.linux.amd64

@@ -1,9 +1,9 @@
 # docker build --rm -f docker/Dockerfile -t drone/drone .
 
-FROM alpine:3.19 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.19
+FROM alpine:3.20
 EXPOSE 80 443
 VOLUME /data
 

docker/Dockerfile.server.linux.arm

@@ -1,9 +1,9 @@
 # docker build --rm -f docker/Dockerfile -t drone/drone .
 
-FROM alpine:3.11 as alpine
+FROM alpine:3.20 as alpine
 RUN apk add -U --no-cache ca-certificates tzdata
 
-FROM alpine:3.11
+FROM alpine:3.20
 EXPOSE 80 443
 VOLUME /data
 

docker/Dockerfile.server.linux.arm64

@@ -1,14 +1,20 @@
 # docker build --rm -f docker/Dockerfile -t drone/drone .
 
-FROM alpine:3.11 as alpine
-RUN apk add -U --no-cache ca-certificates tzdata
+FROM alpine:3.20
 
-FROM alpine:3.11
+# Expose necessary ports and define volume
 EXPOSE 80 443
 VOLUME /data
 
-RUN [ ! -e /etc/nsswitch.conf ] && echo 'hosts: files dns' > /etc/nsswitch.conf
+# Install necessary certificates and timezone data
+RUN apk add -U --no-cache ca-certificates tzdata && \
+    cp -r /usr/share/zoneinfo /etc/zoneinfo && \
+    rm -rf /var/cache/apk/*
 
+# Configure /etc/nsswitch.conf to prevent DNS-related errors
+RUN sh -c "if [ ! -f /etc/nsswitch.conf ]; then echo 'hosts: files dns' > /etc/nsswitch.conf; fi"
+
+# Environment variables
 ENV GODEBUG netdns=go
 ENV XDG_CACHE_HOME /data
 ENV DRONE_DATABASE_DRIVER sqlite3
@@ -20,8 +26,8 @@ ENV DRONE_SERVER_HOST=localhost
 ENV DRONE_DATADOG_ENABLED=true
 ENV DRONE_DATADOG_ENDPOINT=https://stats.drone.ci/api/v1/series
 
-COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=alpine /usr/share/zoneinfo /usr/share/zoneinfo
-
+# Add the binary
 ADD release/linux/arm64/drone-server /bin/
-ENTRYPOINT ["/bin/drone-server"]
+
+# Define the entrypoint
+ENTRYPOINT ["/bin/drone-server"]

go.mod

@@ -6,11 +6,9 @@ require (
 	github.com/766b/chi-prometheus v0.0.0-20211217152057-87afa9aa2ca8
 	github.com/99designs/httpsignatures-go v0.0.0-20170731043157-88528bf4ca7e
 	github.com/Azure/azure-storage-blob-go v0.7.0
-	github.com/Azure/go-autorest/autorest/adal v0.8.3 // indirect
-	github.com/asaskevich/govalidator v0.0.0-20180315120708-ccb8e960c48f
+	github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a
 	github.com/aws/aws-sdk-go v1.37.3
-	github.com/codegangsta/negroni v1.0.0 // indirect
-	github.com/coreos/go-semver v0.2.0
+	github.com/coreos/go-semver v0.3.0
 	github.com/dchest/authcookie v0.0.0-20120917135355-fbdef6e99866
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9
 	github.com/drone/drone-go v1.7.2-0.20220308165842-f9e4fe31c2af
@@ -35,30 +33,69 @@ require (
 	github.com/google/wire v0.2.1
 	github.com/gosimple/slug v1.3.0
 	github.com/h2non/gock v1.0.15
-	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
-	github.com/hashicorp/go-multierror v1.1.0
+	github.com/hashicorp/go-multierror v1.1.1
 	github.com/hashicorp/go-retryablehttp v0.5.4
 	github.com/hashicorp/golang-lru v0.5.1
 	github.com/jmoiron/sqlx v0.0.0-20180614180643-0dae4fefe7c0
 	github.com/joho/godotenv v1.3.0
 	github.com/kelseyhightower/envconfig v1.3.0
-	github.com/kr/pretty v0.2.0 // indirect
 	github.com/lib/pq v1.1.0
 	github.com/mattn/go-sqlite3 v1.9.0
 	github.com/oxtoacart/bpool v0.0.0-20150712133111-4e1c5567d7c2
-	github.com/prometheus/client_golang v0.9.2
-	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
+	github.com/prometheus/client_golang v1.11.1
 	github.com/robfig/cron v0.0.0-20180505203441-b41be1df6967
 	github.com/segmentio/ksuid v1.0.2
-	github.com/sirupsen/logrus v1.6.0
+	github.com/sirupsen/logrus v1.8.1
 	github.com/unrolled/secure v0.0.0-20181022170031-4b6b7cf51606
 	go.starlark.net v0.0.0-20221020143700-22309ac47eac
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9
-	golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9
-	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
-	gopkg.in/yaml.v2 v2.3.0
+	golang.org/x/crypto v0.0.0-20210817164053-32db794688a5
+	golang.org/x/sync v0.0.0-20210220032951-036812b2e83c
+	gopkg.in/yaml.v2 v2.4.0
+)
+
+require (
+	github.com/Azure/azure-pipeline-go v0.2.1 // indirect
+	github.com/Microsoft/go-winio v0.5.2 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/bmatcuk/doublestar v1.1.1 // indirect
+	github.com/buildkite/yaml v2.1.0+incompatible // indirect
+	github.com/cespare/xxhash/v2 v2.1.2 // indirect
+	github.com/codegangsta/negroni v1.0.0 // indirect
+	github.com/containerd/containerd v1.5.18 // indirect
+	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+	github.com/docker/distribution v2.7.1+incompatible // indirect
+	github.com/docker/docker v1.13.1 // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.1 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/mattn/go-ieproxy v0.0.0-20190610004146-91bb50d98149 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/natessilva/dag v0.0.0-20180124060714-7194b8dcc5c4 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/prometheus/client_model v0.2.0 // indirect
+	github.com/prometheus/common v0.26.0 // indirect
+	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
+	github.com/vinzenz/yaml v0.0.0-20170920082545-91409cdd725d // indirect
+	golang.org/x/net v0.0.0-20211216030914-fe4d6282115f // indirect
+	golang.org/x/sys v0.1.0 // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa // indirect
+	google.golang.org/grpc v1.43.0 // indirect
+	google.golang.org/protobuf v1.27.1 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
 )
 
 replace github.com/h2non/gock => gopkg.in/h2non/gock.v1 v1.0.14
 
-go 1.13
+go 1.22.7