From b3c4b209532c5f8c21fa169314e9472aa34d98da Mon Sep 17 00:00:00 2001
From: Kevin Minehart <kmineh0151@gmail.com>
Date: Fri, 20 Aug 2021 06:54:03 -0500
Subject: [PATCH] Docker: Update base alpine version (fix CVE-2021-36159)
 (#38088)

* update base alpine version and update apk packages in Dockerfile

* update base alpine version

* don't need to apk update

* remove space

* Update to alpine 3.14.1

Co-authored-by: Malcolm Holmes <mdh@odoko.co.uk>
---
 .drone.yml                                    | 24 +++++++++----------
 Dockerfile                                    |  4 ++--
 .../grafana-plugin-ci-alpine/Dockerfile       |  2 +-
 packaging/docker/Dockerfile                   |  2 +-
 packaging/docker/build.sh                     |  2 +-
 scripts/lib.star                              |  2 +-
 6 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index fe7344fc642..ea7f3cc6d74 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -9,7 +9,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -253,7 +253,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -636,7 +636,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -724,7 +724,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -1083,7 +1083,7 @@ clone:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -1579,7 +1579,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -1687,7 +1687,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -2035,7 +2035,7 @@ clone:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -2525,7 +2525,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -2633,7 +2633,7 @@ platform:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -2952,7 +2952,7 @@ clone:
 
 steps:
 - name: identify-runner
-  image: alpine:3.13
+  image: alpine:3.14.1
   commands:
   - echo $DRONE_RUNNER_NAME
 
@@ -3529,6 +3529,6 @@ get:
 
 ---
 kind: signature
-hmac: 57545e503a446cf31e661b472e3145ccf1c59c811708047bca0d6ba241ba3fdb
+hmac: 80b19bbc75555ea1f675017ec9b98241b331a624a5f4ee7f3b169b75258d51be
 
 ...
diff --git a/Dockerfile b/Dockerfile
index 2571aaa428a..0c89168df9b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:14.16.0-alpine3.13 as js-builder
+FROM node:16-alpine3.14 as js-builder
 
 WORKDIR /usr/src/app/
 
@@ -33,7 +33,7 @@ RUN go mod verify
 RUN go run build.go build
 
 # Final stage
-FROM alpine:3.13
+FROM alpine:3.14.1
 
 LABEL maintainer="Grafana team <hello@grafana.com>"
 
diff --git a/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile b/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile
index 8f515eca4af..85d77918b2c 100644
--- a/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile
+++ b/packages/grafana-toolkit/docker/grafana-plugin-ci-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.13
+FROM alpine:3.14.1
 
 USER root
 
diff --git a/packaging/docker/Dockerfile b/packaging/docker/Dockerfile
index 70c6e36f4a2..052814b2bcf 100644
--- a/packaging/docker/Dockerfile
+++ b/packaging/docker/Dockerfile
@@ -1,4 +1,4 @@
-ARG BASE_IMAGE=alpine:3.13
+ARG BASE_IMAGE=alpine:3.14.1
 FROM ${BASE_IMAGE}
 
 ARG GRAFANA_TGZ="grafana-latest.linux-x64-musl.tar.gz"
diff --git a/packaging/docker/build.sh b/packaging/docker/build.sh
index ffad5199af3..8175ff80cc1 100755
--- a/packaging/docker/build.sh
+++ b/packaging/docker/build.sh
@@ -60,7 +60,7 @@ docker_build () {
   if [ $UBUNTU_BASE = "0" ]; then
     libc="-musl"
     dockerfile="Dockerfile"
-    base_image="${base_arch}alpine:3.13"
+    base_image="${base_arch}alpine:3.14.1"
   else
     libc=""
     dockerfile="ubuntu.Dockerfile"
diff --git a/scripts/lib.star b/scripts/lib.star
index 1d24979514b..1fdd65aa790 100644
--- a/scripts/lib.star
+++ b/scripts/lib.star
@@ -5,7 +5,7 @@ build_image = 'grafana/build-container:1.4.1'
 publish_image = 'grafana/grafana-ci-deploy:1.3.1'
 grafana_docker_image = 'grafana/drone-grafana-docker:0.3.2'
 deploy_docker_image = 'us.gcr.io/kubernetes-dev/drone/plugins/deploy-image'
-alpine_image = 'alpine:3.13'
+alpine_image = 'alpine:3.14.1'
 windows_image = 'mcr.microsoft.com/windows:1809'
 dockerize_version = '0.6.1'
 wix_image = 'grafana/ci-wix:0.1.1'