From 4310dbb73419d0f263edab57b4184bdb67348ac5 Mon Sep 17 00:00:00 2001 From: senke Date: Mon, 20 Apr 2026 20:32:01 +0200 Subject: [PATCH] chore(docker): pin MinIO + mc to dated release tags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit MinIO images were pinned to `:latest` in 4 compose files — supply- chain risk (auto-updates on every `docker compose pull`, bit-rot if upstream changes behavior). Pin to dated RELEASE.* tags documented by MinIO (conservative Sep 2025 release). Changed: docker-compose.yml ×2 (minio + mc) docker-compose.dev.yml ×2 docker-compose.prod.yml ×2 docker-compose.staging.yml ×2 Tags: minio/minio:RELEASE.2025-09-07T16-13-09Z minio/mc:RELEASE.2025-09-07T05-25-40Z Operator should bump to latest verified release when they next revisit infra. Tag chosen conservatively — if it does not exist in local Docker cache, `docker compose pull` will surface the error immediately (safer than silent drift). Refs: AUDIT_REPORT.md §6.1 Dette 1 (MinIO :latest 4 occurrences). Co-Authored-By: Claude Opus 4.7 (1M context) --- docker-compose.dev.yml | 4 ++-- docker-compose.prod.yml | 4 ++-- docker-compose.staging.yml | 4 ++-- docker-compose.yml | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index c546b2161..2c0cb72e8 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -130,7 +130,7 @@ services: memory: 64M minio: - image: minio/minio:latest + image: minio/minio:RELEASE.2025-09-07T16-13-09Z container_name: veza_minio restart: unless-stopped command: server /data --console-address ":9001" @@ -151,7 +151,7 @@ services: - veza-net minio-init: - image: minio/mc:latest + image: minio/mc:RELEASE.2025-09-07T05-25-40Z depends_on: minio: condition: service_healthy diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml index e3639f88f..0bbe8ad3d 100644 --- a/docker-compose.prod.yml +++ b/docker-compose.prod.yml @@ -316,7 +316,7 @@ services: retries: 3 minio: - image: minio/minio:latest + image: minio/minio:RELEASE.2025-09-07T16-13-09Z container_name: veza_minio restart: unless-stopped command: server /data --console-address ":9001" @@ -334,7 +334,7 @@ services: retries: 3 minio-init: - image: minio/mc:latest + image: minio/mc:RELEASE.2025-09-07T05-25-40Z depends_on: minio: condition: service_healthy diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml index 395e2d05b..6e6a090ad 100644 --- a/docker-compose.staging.yml +++ b/docker-compose.staging.yml @@ -160,7 +160,7 @@ services: - frontend minio: - image: minio/minio:latest + image: minio/minio:RELEASE.2025-09-07T16-13-09Z container_name: veza_minio_staging restart: unless-stopped command: server /data --console-address ":9001" @@ -176,7 +176,7 @@ services: retries: 5 minio-init: - image: minio/mc:latest + image: minio/mc:RELEASE.2025-09-07T05-25-40Z depends_on: minio: condition: service_healthy diff --git a/docker-compose.yml b/docker-compose.yml index edc83911c..a2227a3ef 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -295,7 +295,7 @@ services: # MinIO - S3-compatible object storage (v0.501 Cloud Storage) minio: - image: minio/minio:latest + image: minio/minio:RELEASE.2025-09-07T16-13-09Z container_name: veza_minio restart: unless-stopped command: server /data --console-address ":9001" @@ -317,7 +317,7 @@ services: # MinIO bucket initialization minio-init: - image: minio/mc:latest + image: minio/mc:RELEASE.2025-09-07T05-25-40Z depends_on: minio: condition: service_healthy