Skip to content

update new relic #2759

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
jzbahrai wants to merge 1 commit into
base: main
Choose a base branch
from
Open

update new relic #2759

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .devcontainer/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,15 @@
FROM mcr.microsoft.com/vscode/devcontainers/python:3.12-bookworm

## Ensure we can verify the Yarn repo on Debian/Bookworm
## Use Yarn's official pubkey to avoid expired/rotated key issues.
RUN rm -f /etc/apt/sources.list.d/yarn.list || true && \
apt-get update && \
apt-get install -y --no-install-recommends gnupg dirmngr curl ca-certificates && \
mkdir -p /etc/apt/keyrings && \
curl -fsSL "https://dl.yarnpkg.com/debian/pubkey.gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/yarn-archive-keyring.gpg && \
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The build currently trusts whatever key is returned by the URL at build time. To reduce supply-chain risk, verify the downloaded key before installing it (e.g., check the expected fingerprint in the Dockerfile and fail if it doesn’t match).

Suggested change
curl -fsSL "https://dl.yarnpkg.com/debian/pubkey.gpg" | gpg --dearmor --yes -o /etc/apt/keyrings/yarn-archive-keyring.gpg && \
set -e; \
YARN_EXPECTED_FPR="72ECF46A56B4AD39C907BBB71646B01B86E50310"; \
curl -fsSL "https://dl.yarnpkg.com/debian/pubkey.gpg" -o /tmp/yarn-pubkey.gpg; \
YARN_ACTUAL_FPR="$(gpg --dry-run --import --import-options show-only --with-colons /tmp/yarn-pubkey.gpg | awk -F: '/^fpr:/ {print $10; exit}')"; \
if [ "$YARN_ACTUAL_FPR" != "$YARN_EXPECTED_FPR" ]; then \
echo "ERROR: Yarn GPG key fingerprint mismatch: expected $YARN_EXPECTED_FPR but got $YARN_ACTUAL_FPR" >&2; \
exit 1; \
fi; \
gpg --dearmor --yes -o /etc/apt/keyrings/yarn-archive-keyring.gpg /tmp/yarn-pubkey.gpg && \
rm -f /tmp/yarn-pubkey.gpg && \

Copilot uses AI. Check for mistakes.
echo "deb [signed-by=/etc/apt/keyrings/yarn-archive-keyring.gpg] https://dl.yarnpkg.com/debian/ stable main" > /etc/apt/sources.list.d/yarn.list && \
apt-get update && apt-get clean -y && rm -rf /var/lib/apt/lists/*
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

apt-get clean does not accept -y and may fail the Docker build with an 'option not understood' error. Drop the -y flag (or remove apt-get clean entirely if rm -rf /var/lib/apt/lists/* is already used).

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two apt-get update calls in the same layer. If no packages are installed from the Yarn repo in this step, the second update is unnecessary overhead; consider removing it and only running apt-get update immediately before any later apt-get install that depends on the Yarn repo.

Suggested change
apt-get update && apt-get clean -y && rm -rf /var/lib/apt/lists/*
apt-get clean -y && rm -rf /var/lib/apt/lists/*

Copilot uses AI. Check for mistakes.

ARG KUBENS_VERSION="0.9.4"
ENV POETRY_VERSION="1.7.1"
ENV POETRY_VENV_PATH="/home/vscode/.venv/workspace"
Expand Down
54 changes: 27 additions & 27 deletions poetry.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ marshmallow = "3.22.0"
marshmallow-sqlalchemy = "0.30.0"
more-itertools = "8.14.0"
nanoid = "2.0.0"
newrelic = "11.0.0"
newrelic = "11.0.1"
notifications-python-client = "6.4.1"
notifications-utils = { git = "https://github.com/cds-snc/notifier-utils.git", tag = "53.2.12" }
pre-commit = "^3.7.1"
Expand Down
Loading