Skip to content

Add CA to docker for mongoDB #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
a-nomad merged 1 commit into from
Mar 18, 2026
Merged

Add CA to docker for mongoDB #257

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@

FROM node:24-alpine

RUN apk add --no-cache ca-certificates && update-ca-certificates

Check failure on line 20 in Dockerfile

View workflow job for this annotation

GitHub Actions / docker-lint 

DL3018 warning: Pin versions in apk add. Instead of `apk add <package>` use `apk add <package>=<version>`
Copy link
Contributor

@coderabbitai coderabbitai bot Mar 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick | 🔵 Trivial

Consider version pinning or explicitly acknowledging the trade-off.

The linter flags DL3018 for unpinned package versions. For ca-certificates, there's a trade-off: pinning improves reproducibility but can break builds when Alpine removes older versions. Since this is a security-critical package that should stay updated anyway, the unpinned approach is defensible here.

If you want to suppress the warning explicitly while keeping the current behavior, you can add an ignore directive:

Option: Suppress linter warning 
+# hadolint ignore=DL3018
 RUN apk add --no-cache ca-certificates && update-ca-certificates

Alternatively, pin the version if strict reproducibility is required for your environment.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN apk add --no-cache ca-certificates && update-ca-certificates
# hadolint ignore=DL3018
RUN apk add --no-cache ca-certificates && update-ca-certificates
🧰 Tools
🪛 GitHub Check: docker-lint

[failure] 20-20:
DL3018 warning: Pin versions in apk add. Instead of apk add <package> use apk add <package>=<version>

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` at line 20, The linter warning DL3018 is triggered by the RUN
line that installs ca-certificates; either pin the package to a specific version
(change the RUN that invokes apk add to use ca-certificates=<version> and update
the comment to record the chosen version) or explicitly suppress the linter
warning while keeping the unpinned install by adding a hadolint ignore directive
to the RUN instruction (e.g., annotate the RUN that calls "apk add --no-cache
ca-certificates && update-ca-certificates" with the appropriate hadolint ignore
comment for DL3018 and add a short comment explaining why unpinned is acceptable
for this security package).


# Create a non-root user and group
RUN addgroup -S appgroup && adduser -S appuser -G appgroup

Expand Down
Loading