Skip to content

Promote v4-beta to v4: ubuntu 24.04 LTS hook image bump #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xnacly merged 2 commits into from
Jun 17, 2026
+2 −2
Merged

Promote v4-beta to v4: ubuntu 24.04 LTS hook image bump #186

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
dbd0c8d
MILAB-6435: bump hook image base to ubuntu 24.04 LTS
xnacly Jun 16, 2026
eb900d0
Merge pull request #185 from milaboratory/MILAB-6435_bump-ubuntu-to-2…
xnacly Jun 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions docker/hook/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM ubuntu:20.04 as aws-installer
FROM ubuntu:24.04 as aws-installer

RUN apt-get update \
&& apt-get install --yes unzip
Expand All @@ -8,7 +8,7 @@ WORKDIR /installer

RUN unzip awscli.zip

FROM ubuntu:20.04
FROM ubuntu:24.04
Comment on lines 1 to +11

@greptile-apps greptile-apps Bot Jun 16, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Floating base image tag — non-reproducible builds

Both stages use ubuntu:24.04, a mutable floating tag. Docker will pull whatever that tag resolves to at build time, so two builds from the same commit can produce different images (e.g. if Canonical pushes a security update between builds). Pinning by digest (e.g. ubuntu:24.04@sha256:<digest>) would make builds fully reproducible. This was true for ubuntu:20.04 as well, so it's a pre-existing pattern rather than a regression introduced here.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: docker/hook/Dockerfile
Line: 1-11

Comment:
**Floating base image tag — non-reproducible builds**

Both stages use `ubuntu:24.04`, a mutable floating tag. Docker will pull whatever that tag resolves to at build time, so two builds from the same commit can produce different images (e.g. if Canonical pushes a security update between builds). Pinning by digest (e.g. `ubuntu:24.04@sha256:<digest>`) would make builds fully reproducible. This was true for `ubuntu:20.04` as well, so it's a pre-existing pattern rather than a regression introduced here.

How can I resolve this? If you propose a fix, please make it concise.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!


COPY --from=aws-installer /installer /aws-cli-installer
RUN /aws-cli-installer/aws/install \
Expand Down