-
Notifications
You must be signed in to change notification settings - Fork 589
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
various vulnerability fixes #8950
base: master
Are you sure you want to change the base?
Changes from 2 commits
8834638
63cba3e
f91f496
3a335d6
a922031
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# Use the specified base image | ||
FROM hz-registry.nferx.com/ubuntu as builder | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @vilay-nference Where is the dockerfile for this image? It is not immediately accessible, so we cannot verify its contents. In general, we use base images provided directly from first-party sources (e.g. Please change this to use a standard base image and then we can re-evaluate. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is used for internal purpose. I'll delete this file .. not required for gatk |
||
|
||
# Set the working directory in the container | ||
WORKDIR /usr/src/app | ||
|
||
# Install required packages and dependencies | ||
RUN apt-get update && \ | ||
apt-get install -y \ | ||
openjdk-17-jdk \ | ||
python3-pip \ | ||
python3-venv \ | ||
git \ | ||
build-essential \ | ||
libtool \ | ||
zlib1g-dev \ | ||
liblzma-dev \ | ||
git-lfs && \ | ||
rm -rf /var/lib/apt/lists/* | ||
|
||
# Set up Python environment and install packages | ||
RUN python3 -m venv venv && \ | ||
. venv/bin/activate && \ | ||
pip install --upgrade pip setuptools wheel && \ | ||
pip install Flask pandas && \ | ||
pip cache purge && \ | ||
ln -s /usr/bin/python3 /usr/bin/python &&\ | ||
git lfs install | ||
|
||
# Copy the application files | ||
COPY . gatk/ | ||
|
||
# Build the GATK jar file | ||
RUN cd gatk && \ | ||
./gradlew localJar && \ | ||
mv build/libs/gatk-package* /usr/src/app/gatk.jar && \ | ||
cd .. && \ | ||
rm -rf gatk/ && \ | ||
rm -rf /root/.gradle && \ | ||
apt-get remove -y git-lfs |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -60,14 +60,14 @@ repositories { | |
final htsjdkVersion = System.getProperty('htsjdk.version','4.1.1') | ||
final picardVersion = System.getProperty('picard.version','3.2.0') | ||
final barclayVersion = System.getProperty('barclay.version','5.0.0') | ||
final sparkVersion = System.getProperty('spark.version', '3.5.0') | ||
final hadoopVersion = System.getProperty('hadoop.version', '3.3.6') | ||
final sparkVersion = System.getProperty('spark.version', '3.5.1') | ||
final hadoopVersion = System.getProperty('hadoop.version', '3.4.0') | ||
final disqVersion = System.getProperty('disq.version','0.3.8') | ||
final genomicsdbVersion = System.getProperty('genomicsdb.version','1.5.3') | ||
final bigQueryVersion = System.getProperty('bigQuery.version', '2.35.0') | ||
final bigQueryStorageVersion = System.getProperty('bigQueryStorage.version', '2.47.0') | ||
final guavaVersion = System.getProperty('guava.version', '32.1.3-jre') | ||
final log4j2Version = System.getProperty('log4j2Version', '2.17.1') | ||
final log4j2Version = System.getProperty('log4j2Version', '2.23.1') | ||
final testNGVersion = '7.0.0' | ||
|
||
final googleCloudNioDependency = 'com.google.cloud:google-cloud-nio:0.127.8' | ||
|
@@ -176,6 +176,12 @@ configurations.all { | |
force 'com.twitter:chill_2.12:0.10.0' | ||
force 'org.apache.commons:commons-math3:3.5' | ||
|
||
force 'org.apache.avro:avro:1.11.3' | ||
force 'io.airlift:aircompressor:0.27' | ||
force 'org.apache.commons:commons-compress:1.26.0' | ||
force 'ch.qos.logback:logback-classic:1.2.13' | ||
force 'ch.qos.logback:logback-core:1.2.13' | ||
force 'net.minidev:json-smart:2.5.0' | ||
// make sure we don't pick up an incorrect version of the GATK variant of the google-nio library | ||
// via Picard, etc. | ||
force googleCloudNioDependency | ||
|
@@ -185,6 +191,7 @@ configurations.all { | |
configurations*.exclude group: 'org.slf4j', module: 'slf4j-jdk14' //exclude this to prevent slf4j complaining about to many slf4j bindings | ||
configurations*.exclude group: 'com.google.guava', module: 'guava-jdk5' | ||
configurations*.exclude group: 'junit', module: 'junit' | ||
configurations*.exclude group: 'log4j', module: 'log4j' | ||
} | ||
|
||
tasks.withType(JavaCompile) { | ||
|
@@ -232,6 +239,12 @@ configurations { | |
} | ||
|
||
dependencies { | ||
implementation('net.minidev:json-smart:2.4.9') { | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you explain what these new dependencies are? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This is used as transitive dependencies in one of the package. Overriding the newer version for the compatibles. |
||
exclude group: 'net.minidev', module: 'json-smart' | ||
} | ||
// Example dependencies | ||
implementation 'biz.aQute.bnd:biz.aQute.bndlib:5.1.2' | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Don't add new GATK dependencies here unless absolutely necessary There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Again dnsjava is used from hadoop client. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @droazen . Let us know if any more modifications required |
||
implementation 'org.scala-lang:scala-library:2.13.14' | ||
|
||
implementation ('org.freemarker:freemarker:2.3.30') | ||
implementation 'org.broadinstitute:barclay:' + barclayVersion | ||
|
@@ -299,7 +312,7 @@ dependencies { | |
} | ||
|
||
// TODO: migrate to mllib_2.12.15? | ||
implementation ('org.apache.spark:spark-mllib_2.12:' + sparkVersion) { | ||
implementation ('org.apache.spark:spark-mllib_2.13:' + sparkVersion) { | ||
// JUL is used by Google Dataflow as the backend logger, so exclude jul-to-slf4j to avoid a loop | ||
exclude module: 'jul-to-slf4j' | ||
exclude module: 'javax.servlet' | ||
|
@@ -518,6 +531,7 @@ tasks.withType(ShadowJar) { | |
mergeServiceFiles() | ||
relocate 'com.google.common', 'org.broadinstitute.hellbender.relocated.com.google.common' | ||
zip64 true | ||
exclude 'META-INF/maven/com.google.protobuf/protobuf-java/**' | ||
exclude 'log4j.properties' // from adam jar as it clashes with hellbender's log4j2.xml | ||
exclude '**/*.SF' // these are Manifest signature files and | ||
exclude '**/*.RSA' // keys which may accidentally be imported from other signed projects and then fail at runtime | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Remove this third-party Dockerfile
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. will remove this and update you
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is deleted