Update images digests

[nataliagranato]

Update images digests

NONE

Changes

Details

diff --git a/distroless/Dockerfile b/distroless/Dockerfile
index 3bcf62e..c59a5c8 100644
--- a/distroless/Dockerfile
+++ b/distroless/Dockerfile
@@ -1,4 +1,4 @@
-FROM cgr.dev/chainguard/python:latest@sha256:136aad7020e00a98f617f3d3343cc7601b7823405eb2bc581eae5f5a8c21e8d0 as builder
+FROM cgr.dev/chainguard/python:latest@sha256:b14c51dcd50db3f476eba232515c9e343058a546c766873991af1e4726f8dbaf as builder
 
 ENV LANG=C.UTF-8
 ENV PYTHONDONTWRITEBYTECODE=1
@@ -12,7 +12,7 @@ COPY requirements.txt .
 
 RUN pip install --no-cache-dir -r requirements.txt
 
-FROM cgr.dev/chainguard/python:latest@sha256:136aad7020e00a98f617f3d3343cc7601b7823405eb2bc581eae5f5a8c21e8d0
+FROM cgr.dev/chainguard/python:latest@sha256:b14c51dcd50db3f476eba232515c9e343058a546c766873991af1e4726f8dbaf
 
 WORKDIR /linky
 

---

Note

Update Chainguard Python base image digest in distroless/Dockerfile for both builder and final stages.

^{Written by Cursor Bugbot for commit fc44770. This will update automatically on new commits. Configure here.}

Summary by CodeRabbit

Notas de Lançamento

• Chores
  • Atualização da imagem base do container para melhor compatibilidade
  • Otimização de configurações de ambiente e variáveis de sistema

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[gemini-code-assist]

Summary of Changes

Hello @nataliagranato, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on enhancing the security and reproducibility of the build process by updating the cryptographic digests for the base Python image within the distroless/Dockerfile. By pinning to a new specific SHA256 digest, the build is guaranteed to use an exact, verified version of the image, mitigating risks associated with upstream image changes and ensuring consistent deployments.

Highlights

• Image Digest Update: The SHA256 digest for the cgr.dev/chainguard/python:latest base image has been updated in the distroless/Dockerfile.
• Dockerfile Consistency: The update was applied consistently to both the builder stage and the final stage of the Dockerfile, ensuring all parts of the build process use the new, pinned image version.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

Walkthrough

Atualização do arquivo Dockerfile para a imagem distroless com mudanças no hash da imagem base (sha256:136aad7020e0 para sha256:b14c51dcd50d) em ambos os estágios builder e final, além de ajustes nas variáveis de ambiente (PYTHONUNBUFFERED=1 e PATH de /linky/venv/bin para /venv/bin).

Changes

Cohort / Arquivo(s)	Resumo da Alteração
Atualização de Configuração Dockerfile distroless/Dockerfile	Substituição do hash da imagem base em ambos os estágios FROM; adição/modificação de variáveis de ambiente (PYTHONUNBUFFERED=1); ajuste do PATH de /linky/venv/bin:$PATH para /venv/bin:$PATH; manutenção de ENV LANG e PYTHONDONTWRITEBYTECODE

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutos

• Mudanças concentradas em um único arquivo de configuração
• Alterações são diretas: atualização de hash de imagem e variáveis de ambiente
• Nenhuma lógica complexa ou efeitos secundários não óbvios

Possibly related PRs

• PR #137: Modifica o mesmo distroless/Dockerfile com atualizações de digests da imagem base e ajustes de PYTHONUNBUFFERED e PATH
• PR #108: Também atualiza distroless/Dockerfile com digests da imagem base e ajustes de localização da virtualenv e variáveis de ambiente
• PR #152: Modifica distroless/Dockerfile atualizando digests de imagem e configurações de PATH/PYTHONUNBUFFERED, incluindo mudança de /linky/venv para /venv

Poem

🐰 Uma imagem nova, fresca e moderna,
Caminhos e variáveis em perfeita terna,
Sem buffer Python a trazer demora,
O venv reorganizado agora funciona!
Base sólida, digests revisitados com esmero. ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	O título 'Update images digests' é claro, conciso e descreve com precisão a mudança principal do PR: atualização dos SHA256 digests das imagens base no Dockerfile.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-digests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

No code suggestions found for the PR.

[gemini-code-assist]

Code Review

This pull request updates the Docker image digests for the Python base image in distroless/Dockerfile. While the change is correct, I've provided suggestions to improve the Dockerfile's maintainability by using a build argument (ARG) to define the base image. This avoids repetition and makes future updates simpler.

[gemini-code-assist]

To improve maintainability and avoid repeating the image digest, consider defining it as a build argument (ARG) at the top of the Dockerfile. This makes future updates easier, as you'll only need to change it in one place.

ARG PYTHON_IMAGE=cgr.dev/chainguard/python:latest@sha256:b14c51dcd50db3f476eba232515c9e343058a546c766873991af1e4726f8dbaf
FROM ${PYTHON_IMAGE} as builder

[gemini-code-assist]

Use the PYTHON_IMAGE build argument here to ensure consistency with the builder stage and improve maintainability. This change depends on the suggestion for the first FROM instruction.

FROM ${PYTHON_IMAGE}