Merge pull request #1719 from hyperledger/update-dockerfile

peterbroadhurst · web-flow · commit 18900d18a7fb · 2026-03-09T11:15:09.000-04:00
fix: Dockerfile psql and trivy versions
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -156,6 +156,15 @@ jobs:
       - name: Load Docker image
         run: docker load --input firefly.tar.gz
 
+      # Pre-pull fabric-ccenv so the Fabric peer's chaincode build finds it. Required on
+      # GitHub Actions with Docker 29: the peer invokes the host Docker build API to build
+      # chaincode (FROM hyperledger/fabric-ccenv:2.5); with Docker 29/containerd image store
+      # the base image is not always pulled automatically, causing "No such image" (see
+      # GitHub runner Docker 29 upgrade and moby/moby#51779 re multi-arch/image identity).
+      - name: Pull Fabric chaincode build image
+        if: matrix.stack-type == 'fabric'
+        run: docker pull hyperledger/fabric-ccenv:2.5
+
       - name: Run E2E tests
         env:
           BUILD_FIREFLY: false
diff --git a/Dockerfile b/Dockerfile
@@ -66,7 +66,7 @@ FROM alpine:3.21 AS sbom
 WORKDIR /
 ADD . /SBOM
 RUN apk add --no-cache curl
-RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.68.1
+RUN curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.69.3
 RUN trivy fs --format spdx-json --output /sbom.spdx.json /SBOM
 RUN trivy sbom /sbom.spdx.json --severity UNKNOWN,HIGH,CRITICAL --db-repository public.ecr.aws/aquasecurity/trivy-db --exit-code 1
 
@@ -76,7 +76,7 @@ ARG UI_TAG
 ARG UI_RELEASE
 RUN apk add --update --no-cache \
   sqlite=3.48.0-r4 \
-  postgresql16-client=16.11-r0 \
+  postgresql16-client=16.12-r0 \
   curl=8.14.1-r2 \
   jq=1.7.1-r0
 WORKDIR /firefly
