Skip to content

feat: INFRA-6021 Cronos Mainnet image bump up to v1.5.1 #86

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alex-kulam merged 1 commit into from
Oct 30, 2025
Merged

feat: INFRA-6021 Cronos Mainnet image bump up to v1.5.1 #86

alex-kulam merged 1 commit into from
Oct 30, 2025

Conversation

@alex-kulam
Copy link
Contributor

@alex-kulam alex-kulam commented Oct 30, 2025
edited by coderabbitai bot
Loading

@coderabbitai
Copy link

coderabbitai bot commented Oct 30, 2025
edited
Loading

Walkthrough

The Dockerfile's Cronos binary download configuration was updated to switch from the testnet release (v1.5.1-testnet) to the mainnet release (v1.5.1). The tarball URL and all extraction/cleanup commands referencing the filename were correspondingly modified.

Changes

Cohort / File(s) Summary
Dockerfile tarball update
Dockerfile		 Updated Cronos binary tarball download URL from v1.5.1-testnet_Linux_x86_64.tar.gz to v1.5.1_Linux_x86_64.tar.gz; updated corresponding extraction and cleanup steps to match the new filename

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

  • Single file modification consisting of straightforward URL and filename updates with no logic changes

Possibly related PRs

Poem

🐰 From testnet lands we hop away,
To mainnet paths for v1.5.1 today!
URLs updated, filenames align,
The Dockerfile's journey now runs fine ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The PR title "feat: INFRA-6021 Cronos Mainnet image bump up to v1.5.1" accurately describes the main change in the pull request. The raw summary confirms that the Dockerfile was updated to change the tarball download from a testnet version to v1.5.1, and the PR objectives explicitly state this is updating the Cronos Mainnet image to v1.5.1. The title is concise, specific, and clearly communicates the primary change (version bump to v1.5.1) without ambiguity or vague terminology. It follows semantic versioning conventions and includes the issue reference, making it easy for teammates to understand the purpose when scanning commit history.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch feature/INFRA-6021

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Oct 30, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4c6c164 and b8e0934.

📒 Files selected for processing (1)
  • Dockerfile (1 hunks)
🧰 Additional context used
🪛 Checkov (3.2.334)
Dockerfile

[high] 11-12: Ensure that certificate validation isn't disabled with wget

(CKV2_DOCKER_3)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: guardrails/scan
🔇 Additional comments (1)
Dockerfile (1)

11-12: No changes needed—tarball structure is correct for the existing move command.

The mainnet release URL is accessible and the tarball extracts directly to a bin/ directory with cronosd executable. The mv ./* command will correctly move bin/ from /tmp to /home/cronos/, resulting in /home/cronos/bin/cronosd. The Dockerfile as written is correct.

Dockerfile
Comment on lines +11 to +12
RUN cd /tmp && wget --no-check-certificate https://github.com/crypto-org-chain/cronos/releases/download/v1.5.1/cronos_1.5.1_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.1_Linux_x86_64.tar.gz \
&& rm cronos_1.5.1_Linux_x86_64.tar.gz && mv ./* /home/cronos/
Copy link

@coderabbitai coderabbitai bot Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Remove --no-check-certificate flag to enforce SSL/TLS validation.

The --no-check-certificate flag disables certificate validation, creating a potential man-in-the-middle attack vector. This is a security risk and should be removed unless there is a documented reason to trust the source without verification.

Apply this diff to remove the flag:

-RUN cd /tmp && wget --no-check-certificate https://github.com/crypto-org-chain/cronos/releases/download/v1.5.1/cronos_1.5.1_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.1_Linux_x86_64.tar.gz \
+RUN cd /tmp && wget https://github.com/crypto-org-chain/cronos/releases/download/v1.5.1/cronos_1.5.1_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.1_Linux_x86_64.tar.gz \
      && rm cronos_1.5.1_Linux_x86_64.tar.gz && mv ./* /home/cronos/
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN cd /tmp && wget --no-check-certificate https://github.com/crypto-org-chain/cronos/releases/download/v1.5.1/cronos_1.5.1_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.1_Linux_x86_64.tar.gz \
&& rm cronos_1.5.1_Linux_x86_64.tar.gz && mv ./* /home/cronos/
RUN cd /tmp && wget https://github.com/crypto-org-chain/cronos/releases/download/v1.5.1/cronos_1.5.1_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.1_Linux_x86_64.tar.gz \
&& rm cronos_1.5.1_Linux_x86_64.tar.gz && mv ./* /home/cronos/
🧰 Tools
🪛 Checkov (3.2.334)

[high] 11-12: Ensure that certificate validation isn't disabled with wget

(CKV2_DOCKER_3)

🤖 Prompt for AI Agents 
In Dockerfile around lines 11 to 12, the wget invocation uses the
--no-check-certificate flag which disables TLS certificate validation; remove
the --no-check-certificate flag from the wget command so certificate validation
is enforced (ensure the command still succeeds against the upstream URL and
adjust to use an alternative secure fetch method or add CA certs to the image if
needed).

@alex-kulam alex-kulam merged commit a7db549 into master Oct 30, 2025
3 checks passed
@coderabbitai coderabbitai bot mentioned this pull request Nov 8, 2025
Merged
@coderabbitai coderabbitai bot mentioned this pull request Nov 27, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@alex-kulam