Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: update of dockerfile to use more secure image; #1546

Open
wants to merge 232 commits into
base: release/110
Choose a base branch
from

Conversation

mvforster
Copy link

Dear EnsEMBL team,

I would like to submit the following pull request for review and assessment. The changes to the Dockerfiles are to close as many vulnerabilities as possible.

The changes included are intended to ease the use of the VEP tool within an Air-Gapped environment such as the Genomics England TRE. I have made some modifications to the list of installed plugins to ensure that all plugins are based on code that is being actively maintained. Because of this, I have had to exclude the following plugins:

  • FATHMM
  • FATHMM_MKL
  • PON_P2
    which require Python2 and Python2-specific packages.

The base image has been updated to Ubuntu 23.04, as 18.04 is End-of-Life. The ubuntu-pacakges.txt file is no longer being copied over, these packages are explicitly installed. The Python requirements file is also not being used given that the depending plugins are being excluded.

Python package vulnerabilities are being explicitly addressed within the base-layer updates.

I have included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233 as this is a requirement of our workflow, these can be excluded if LOFTEE is not going to be used.

I hope this proves useful,

Kind regards,

Matthieu

nuno-agostinho and others added 6 commits October 20, 2023 12:44
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life
the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed
python packages have been updated to address vulnerabilities
plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020

included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these
can be excluded if LOFTEE is not going to be used
@nakib103 nakib103 self-requested a review November 2, 2023 16:29
…n-path

Fix plugin path in command line output
* Deterministic order for software versions

* Deterministic order for software versions
@nakib103
Copy link
Contributor

nakib103 commented Dec 5, 2023

Hello @mvforster,

Thanks for your PR! We are thinking of supporting of creation of a more secure image of the Ensembl VEP with a separate docker ARG option instead of replacing some of the plugins and their dependencies altogether.

But first of all can you create this PR against the postrealesefix/112 branch. Thank you.

diegomscoelho and others added 16 commits December 5, 2023 14:33
rebasing the fork so that the pull request can be applied to the correct branch
the base image has been updates to Ubuntu 23.04 as 18.04 is End-of-Life
the ubuntu-pacakges.txt file is no longer being recovered, these packages are explicitly installed
python packages have been updated to address vulnerabilities
plugins which rely on Python2 have been excluded as this version reached End-of-Life 01JAN2020

included instructions on installing the non-canonical LOFTEE plugin on lines 78-84 & 226-233, these
can be excluded if LOFTEE is not going to be used
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

9 participants