Update mcr.microsoft.com/vscode/devcontainers/universal:2-linux Docker digest to dca6a98#2602
Conversation
Test Results 16 files ±0 16 suites ±0 3m 48s ⏱️ -7s Results for commit d141d53. ± Comparison against base commit 74ceeff. This pull request removes 6 and adds 6 tests. Note that renamed tests count towards both.♻️ This comment has been updated with latest results. |
SummarySummary
CoverageAnalyzers.Tests - 96.9%
AspNetCore.FluentValidation.OpenApi.Tests - 46%
AspNetCore.Tests - 23.8%
Extensions.Tests - 88.8%
Metadata.Tests - 28.6%
Rocket.Surgery.LaunchPad.Analyzers - 90.1%
Rocket.Surgery.LaunchPad.AspNetCore - 49.7%
Rocket.Surgery.LaunchPad.AspNetCore.FluentValidation.OpenApi - 62.3%
Rocket.Surgery.LaunchPad.AspNetCore.Testing - 47.2%
Rocket.Surgery.LaunchPad.EntityFramework - 29.3%
Rocket.Surgery.LaunchPad.Foundation - 43.3%
Rocket.Surgery.LaunchPad.Foundation.NewtonsoftJson - 64.4%
Rocket.Surgery.LaunchPad.Grpc - 41.1%
Rocket.Surgery.LaunchPad.Hosting - 48%
Rocket.Surgery.LaunchPad.Mapping - 38.3%
Rocket.Surgery.LaunchPad.Metadata - 49.7%
Rocket.Surgery.LaunchPad.Primitives - 71.6%
Rocket.Surgery.LaunchPad.Serilog - 60%
Rocket.Surgery.LaunchPad.Spatial - 59.3%
Rocket.Surgery.LaunchPad.Spatial.NewtonsoftJson - 37.2%
Rocket.Surgery.LaunchPad.StrawberryShake - 47.8%
Rocket.Surgery.LaunchPad.StrawberryShake.Spatial - 8.8%
Rocket.Surgery.LaunchPad.Telemetry - 20.8%
Rocket.Surgery.LaunchPad.Testing - 13.2%
Sample.BlazorServer - 5.2%
Sample.BlazorServer.Tests - 29%
Sample.BlazorWasm.Tests - 15.7%
Sample.Classic.Restful - 3.5%
Sample.Classic.Restful.Tests - 41%
Sample.Command.Tests - 16.3%
Sample.Core - 75.8%
Sample.Core.Tests - 55.3%
Sample.Graphql.Tests - 58.9%
Sample.Grpc - 73.2%
Sample.Grpc.Tests - 41.7%
Sample.Minimal - 16.2%
Sample.Minimal.Tests - 28%
Sample.Pages - 5.6%
Sample.Pages.Tests - 29.6%
Sample.Restful - 4%
Sample.Restful.Tests - 40%
Sample.Worker.Tests - 16.3%
|
027acd4 to
d82d2d6
Compare
8d39b9a to
d82d2d6
Compare
538f4de to
b792053
Compare
65800bb to
b792053
Compare
20cb961 to
fffa81e
Compare
fffa81e to
1e4c39e
Compare
1e4c39e to
b2faf0b
Compare
…r digest to dca6a98
b2faf0b to
d141d53
Compare
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Pull Request Overview
The PR updates the VS Code dev container base image digest to dca6a98. While the project is reported as up to standards, a high-severity reliability and security issue was identified in the Dockerfile. Specifically, the piped command on line 10 is prone to silent failures because it does not enforce pipefail, and the use of sudo is a discouraged pattern in containerized environments. Addressing these will ensure build robustness and follow Docker best practices.
Test suggestions
- Verify the Dockerfile builds successfully with the new image digest.
Prompt proposal for missing tests
Consider implementing these tests if applicable:
1. Verify the Dockerfile builds successfully with the new image digest.
TIP Improve review quality by adding custom instructions
TIP How was this review? Give us feedback
| FROM mcr.microsoft.com/vscode/devcontainers/universal:2-linux@sha256:4da8fdd5ce2815ba943d9df53829d00aab20304ab93caad741874e135d56b026 | ||
| FROM mcr.microsoft.com/vscode/devcontainers/universal:2-linux@sha256:dca6a985ffbbc74007a13b6f56ac0fbbc5febae081350b66e865a5549338134b | ||
|
|
||
| RUN curl -fsSL https://dotnet.microsoft.com/download/dotnet-core/scripts/v1/dotnet-install.sh | sudo bash -s -- --channel Current --install-dir /home/codespace/.dotnet/ |
There was a problem hiding this comment.
🔴 HIGH RISK
This instruction is prone to silent failures and security/permission issues. Piped commands in Docker ignore the exit status of earlier commands (like curl) unless pipefail is set, potentially resulting in a broken image that reports a successful build. Additionally, sudo is unnecessary and discouraged in Dockerfiles; the container should either run as root (via the USER instruction) or have direct ownership of the destination directory (/home/codespace/.dotnet/).\n\nTry running the following prompt in your IDE agent:\n> In .devcontainer/Dockerfile, add 'SHELL ["/bin/bash", "-o", "pipefail", "-c"]' before line 10. Then, remove 'sudo' from the command on line 10 to follow Docker best practices for reliability and security.
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. |
This PR contains the following updates:
4da8fdd→dca6a98Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.