chore(docker): pin MinIO + mc to dated release tags

MinIO images were pinned to `:latest` in 4 compose files — supply- chain risk (auto-updates on every `docker compose pull`, bit-rot if upstream changes behavior). Pin to dated RELEASE.* tags documented by MinIO (conservative Sep 2025 release). Changed: docker-compose.yml ×2 (minio + mc) docker-compose.dev.yml ×2 docker-compose.prod.yml ×2 docker-compose.staging.yml ×2 Tags: minio/minio:RELEASE.2025-09-07T16-13-09Z minio/mc:RELEASE.2025-09-07T05-25-40Z Operator should bump to latest verified release when they next revisit infra. Tag chosen conservatively — if it does not exist in local Docker cache, `docker compose pull` will surface the error immediately (safer than silent drift). Refs: AUDIT_REPORT.md §6.1 Dette 1 (MinIO :latest 4 occurrences). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-20 20:32:01 +02:00 · 2026-04-20 20:32:01 +02:00 · 4310dbb734
commit 4310dbb734
parent 12f873bdb8
4 changed files with 8 additions and 8 deletions
--- a/docker-compose.dev.yml
+++ b/docker-compose.dev.yml
@ -130,7 +130,7 @@ services:
          memory: 64M

  minio:
-    image: minio/minio:latest
+    image: minio/minio:RELEASE.2025-09-07T16-13-09Z
    container_name: veza_minio
    restart: unless-stopped
    command: server /data --console-address ":9001"
@ -151,7 +151,7 @@ services:
      - veza-net

  minio-init:
-    image: minio/mc:latest
+    image: minio/mc:RELEASE.2025-09-07T05-25-40Z
    depends_on:
      minio:
        condition: service_healthy
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@ -316,7 +316,7 @@ services:
      retries: 3

  minio:
-    image: minio/minio:latest
+    image: minio/minio:RELEASE.2025-09-07T16-13-09Z
    container_name: veza_minio
    restart: unless-stopped
    command: server /data --console-address ":9001"
@ -334,7 +334,7 @@ services:
      retries: 3

  minio-init:
-    image: minio/mc:latest
+    image: minio/mc:RELEASE.2025-09-07T05-25-40Z
    depends_on:
      minio:
        condition: service_healthy
--- a/docker-compose.staging.yml
+++ b/docker-compose.staging.yml
@ -160,7 +160,7 @@ services:
      - frontend

  minio:
-    image: minio/minio:latest
+    image: minio/minio:RELEASE.2025-09-07T16-13-09Z
    container_name: veza_minio_staging
    restart: unless-stopped
    command: server /data --console-address ":9001"
@ -176,7 +176,7 @@ services:
      retries: 5

  minio-init:
-    image: minio/mc:latest
+    image: minio/mc:RELEASE.2025-09-07T05-25-40Z
    depends_on:
      minio:
        condition: service_healthy
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -295,7 +295,7 @@ services:

  # MinIO - S3-compatible object storage (v0.501 Cloud Storage)
  minio:
-    image: minio/minio:latest
+    image: minio/minio:RELEASE.2025-09-07T16-13-09Z
    container_name: veza_minio
    restart: unless-stopped
    command: server /data --console-address ":9001"
@ -317,7 +317,7 @@ services:

  # MinIO bucket initialization
  minio-init:
-    image: minio/mc:latest
+    image: minio/mc:RELEASE.2025-09-07T05-25-40Z
    depends_on:
      minio:
        condition: service_healthy