From 6ad4a9bdcded29348bf5d40f16cc0d03de68eedf Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Tue, 14 Apr 2026 10:29:42 +0200 Subject: [PATCH 1/2] fix(migrations): upgrade atlas image to fix CVE vulnerabilities Signed-off-by: Jose I. Paris --- app/controlplane/Dockerfile.migrations | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/app/controlplane/Dockerfile.migrations b/app/controlplane/Dockerfile.migrations index 132e85b90..0150efc3f 100644 --- a/app/controlplane/Dockerfile.migrations +++ b/app/controlplane/Dockerfile.migrations @@ -1,9 +1,9 @@ # Container image built by go-releaser that's used to run migrations against the database during deployment # See https://atlasgo.io/guides/deploying/image -# from: arigaio/atlas:1.2.0 -# docker run arigaio/atlas@sha256:69fef5b506378439771fc70e052471780336552dbf35da397f5a7a729da8f7e3 version -# atlas version v1.2.0 -FROM arigaio/atlas@sha256:69fef5b506378439771fc70e052471780336552dbf35da397f5a7a729da8f7e3 as base +# from: arigaio/atlas:latest (v1.2.1-29c7cc3-canary) +# docker run arigaio/atlas@sha256:c9a0e6135c1f9c2761f5ef08b1db7a033ee37eb23a68173fd3909e231fdc2919 version +# atlas version v1.2.1-29c7cc3-canary +FROM arigaio/atlas@sha256:c9a0e6135c1f9c2761f5ef08b1db7a033ee37eb23a68173fd3909e231fdc2919 as base FROM scratch # Update permissions to make it readable by the user From 3d545bf0e5be483f62c872bdec81ed36ecd857d1 Mon Sep 17 00:00:00 2001 From: "Jose I. Paris" Date: Tue, 14 Apr 2026 10:44:15 +0200 Subject: [PATCH 2/2] chore: update ATLAS_VERSION in common.mk and CI workflow, update vulnerability skill Signed-off-by: Jose I. Paris --- .github/workflows/test.yml | 2 +- common.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 74df4f6be..723b3a68a 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -42,7 +42,7 @@ jobs: - name: Generate migrations if: ${{ matrix.app == 'controlplane' }} env: - ATLAS_VERSION: v1.1.6 + ATLAS_VERSION: v1.2.0 run: | wget -q https://release.ariga.io/atlas/atlas-linux-amd64-$ATLAS_VERSION -O /tmp/atlas sudo install /tmp/atlas /usr/local/bin/atlas diff --git a/common.mk b/common.mk index 460a622d2..c09e814f3 100644 --- a/common.mk +++ b/common.mk @@ -9,7 +9,7 @@ init: init-api-tools # in the community version anymore https://github.com/ariga/atlas/issues/2388#issuecomment-1864287189 # install golangci-lint with Go 1.25 support curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $$(go env GOPATH)/bin v2.4.0 - curl -sSf https://atlasgo.sh | ATLAS_VERSION=v1.1.6 sh -s -- -y + curl -sSf https://atlasgo.sh | ATLAS_VERSION=v1.2.0 sh -s -- -y # initialize API tooling .PHONY: init-api-tools