senke/veza
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(docker): pin MinIO + mc to dated release tags

Browse source 
MinIO images were pinned to `:latest` in 4 compose files — supply-
chain risk (auto-updates on every `docker compose pull`, bit-rot if
upstream changes behavior). Pin to dated RELEASE.* tags documented
by MinIO (conservative Sep 2025 release).

Changed:
  docker-compose.yml           ×2 (minio + mc)
  docker-compose.dev.yml       ×2
  docker-compose.prod.yml      ×2
  docker-compose.staging.yml   ×2

Tags:
  minio/minio:RELEASE.2025-09-07T16-13-09Z
  minio/mc:RELEASE.2025-09-07T05-25-40Z

Operator should bump to latest verified release when they next
revisit infra. Tag chosen conservatively — if it does not exist in
local Docker cache, `docker compose pull` will surface the error
immediately (safer than silent drift).

Refs: AUDIT_REPORT.md §6.1 Dette 1 (MinIO :latest 4 occurrences).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
senke 2026-04-20 20:32:01 +02:00
parent 12f873bdb8
commit 4310dbb734
4 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
docker-compose.dev.yml
View file

@ -130,7 +130,7 @@ services:
memory: 64M memory: 64M
minio: minio:
image: minio/minio:latest image: minio/minio:RELEASE.2025-09-07T16-13-09Z
container_name: veza_minio container_name: veza_minio
restart: unless-stopped restart: unless-stopped
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
@ -151,7 +151,7 @@ services:
- veza-net - veza-net
minio-init: minio-init:
image: minio/mc:latest image: minio/mc:RELEASE.2025-09-07T05-25-40Z
depends_on: depends_on:
minio: minio:
condition: service_healthy condition: service_healthy

4
docker-compose.prod.yml
View file

@ -316,7 +316,7 @@ services:
retries: 3 retries: 3
minio: minio:
image: minio/minio:latest image: minio/minio:RELEASE.2025-09-07T16-13-09Z
container_name: veza_minio container_name: veza_minio
restart: unless-stopped restart: unless-stopped
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
@ -334,7 +334,7 @@ services:
retries: 3 retries: 3
minio-init: minio-init:
image: minio/mc:latest image: minio/mc:RELEASE.2025-09-07T05-25-40Z
depends_on: depends_on:
minio: minio:
condition: service_healthy condition: service_healthy

4
docker-compose.staging.yml
View file

@ -160,7 +160,7 @@ services:
- frontend - frontend
minio: minio:
image: minio/minio:latest image: minio/minio:RELEASE.2025-09-07T16-13-09Z
container_name: veza_minio_staging container_name: veza_minio_staging
restart: unless-stopped restart: unless-stopped
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
@ -176,7 +176,7 @@ services:
retries: 5 retries: 5
minio-init: minio-init:
image: minio/mc:latest image: minio/mc:RELEASE.2025-09-07T05-25-40Z
depends_on: depends_on:
minio: minio:
condition: service_healthy condition: service_healthy

4
docker-compose.yml
View file

@ -295,7 +295,7 @@ services:
# MinIO - S3-compatible object storage (v0.501 Cloud Storage) # MinIO - S3-compatible object storage (v0.501 Cloud Storage)
minio: minio:
image: minio/minio:latest image: minio/minio:RELEASE.2025-09-07T16-13-09Z
container_name: veza_minio container_name: veza_minio
restart: unless-stopped restart: unless-stopped
command: server /data --console-address ":9001" command: server /data --console-address ":9001"
@ -317,7 +317,7 @@ services:
# MinIO bucket initialization # MinIO bucket initialization
minio-init: minio-init:
image: minio/mc:latest image: minio/mc:RELEASE.2025-09-07T05-25-40Z
depends_on: depends_on:
minio: minio:
condition: service_healthy condition: service_healthy