feat: INFRA-6296 Cronos testnet image upgrade v1.5.4

[Spich3000]

Cronos testnet image upgrade v1.5.4
INFRA-6296 Cronos v1.5.4 Upgrades across clusters

Summary by CodeRabbit

• Chores
  • Updated component version from v1.5.3 to v1.5.4.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This PR bumps the Cronos binary version in the Dockerfile from v1.5.3 to v1.5.4. The change updates the download URL, tarball filename, and the corresponding extraction and cleanup commands. No control flow or logic modifications are present.

Changes

Cohort / File(s)	Summary
Dockerfile version bump Dockerfile	Updated Cronos tarball download from v1.5.3 to v1.5.4; modified download URL, tarball filename, and extraction/cleanup commands accordingly

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• feat: INFRA-6244 Cronos mainnet image upgrade v1.5.3 #87: Updates Cronos version to v1.5.3 (the immediate predecessor version in the main PR).
• feat: INFRA-6021 Cronos Mainnet image bump up to v1.5.1 #86: Follows the same code-level change pattern of updating Cronos tarball download URL and filename bumping.
• feat: INFRA-6018 Cronos testnet image upgrade v1.5.1 #85: Also updates the Dockerfile to modify Cronos tarball download URL and filenames for a version change.

Suggested reviewers

• agrevtsev

Poem

🐰 From v-one-five-three to four we leap,
The tarball rolls, extractors sweep,
A version bump, so clean, so neat,
Our Docker build is now complete! ✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly describes the main change: upgrading the Cronos testnet image from v1.5.3 to v1.5.4, which aligns with the Dockerfile modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/INFRA-6296

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cedf161 and aa21aa9.

📒 Files selected for processing (1)

• Dockerfile (1 hunks)

🧰 Additional context used

🪛 Checkov (3.2.334)

Dockerfile

[high] 11-12: Ensure that certificate validation isn't disabled with wget

(CKV2_DOCKER_3)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: guardrails/scan

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Remove --no-check-certificate to validate SSL certificates.

The --no-check-certificate flag disables SSL/TLS certificate validation on the download from GitHub. This is a security posture gap that should be removed, as GitHub's certificates are valid and need not be bypassed.

Apply this diff to enable certificate validation:

-RUN cd /tmp && wget --no-check-certificate https://github.com/crypto-org-chain/cronos/releases/download/v1.5.4/cronos_1.5.4-testnet_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.4-testnet_Linux_x86_64.tar.gz \
+RUN cd /tmp && wget https://github.com/crypto-org-chain/cronos/releases/download/v1.5.4/cronos_1.5.4-testnet_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.4-testnet_Linux_x86_64.tar.gz \
      && rm cronos_1.5.4-testnet_Linux_x86_64.tar.gz && mv ./* /home/cronos/

The version upgrade itself (v1.5.3 → v1.5.4) is correctly applied to the tarball filename and download URL.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	RUN cd /tmp && wget --no-check-certificate https://github.com/crypto-org-chain/cronos/releases/download/v1.5.4/cronos_1.5.4-testnet_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.4-testnet_Linux_x86_64.tar.gz \
	&& rm cronos_1.5.4-testnet_Linux_x86_64.tar.gz && mv ./* /home/cronos/
	RUN cd /tmp && wget https://github.com/crypto-org-chain/cronos/releases/download/v1.5.4/cronos_1.5.4-testnet_Linux_x86_64.tar.gz && tar -xvf cronos_1.5.4-testnet_Linux_x86_64.tar.gz \
	&& rm cronos_1.5.4-testnet_Linux_x86_64.tar.gz && mv ./* /home/cronos/

🧰 Tools

🪛 Checkov (3.2.334)

[high] 11-12: Ensure that certificate validation isn't disabled with wget

(CKV2_DOCKER_3)

🤖 Prompt for AI Agents

In Dockerfile around lines 11-12, the wget invocation disables SSL validation
via --no-check-certificate; remove that flag so wget performs normal TLS
certificate verification when downloading the GitHub tarball. Update the RUN
line to call wget without --no-check-certificate (keep the same URL, tar and
cleanup steps) so the download validates GitHub's certificate by default.