[Snyk] Security upgrade alpine from 3.18 to 3 (#1088)

* fix: extras/docker/alpine3.18/Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6152404
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000
- https://snyk.io/vuln/SNYK-ALPINE318-OPENSSL-6160000

* Change all references to Alpine 3.18 to Alpine 3

---------

Co-authored-by: snyk-bot <[email protected]>
Co-authored-by: Ezra Chung <[email protected]>

Author: 3 people

.mci.yml

@@ -633,7 +633,7 @@ functions:
             set -x
             # TODO: Re-enable Alpine test once MONGOCRYPT-601 is released.
             # echo "Building Alpine Docker image"
-            # make -C extras/docker/alpine3.18 nocachebuild test
+            # make -C extras/docker/alpine3 nocachebuild test
             echo "Building Debian Docker image"
             make -C extras/docker/bookworm nocachebuild test
             echo "Building Red Hat UBI Docker image"

extras/docker/alpine3.18/Dockerfile renamed to extras/docker/alpine3/Dockerfile

@@ -1,7 +1,7 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # This file was auto generated from the template file Dockerfile.j2 using the generate.py script
 
-FROM alpine:3.18 AS builder
+FROM alpine:3 AS builder
 
 ARG MONGOCXX_VERSION=3.9.0
 ARG MONGOC_VERSION=1.25.4
@@ -60,7 +60,7 @@ RUN wget https://github.com/mongodb/mongo-cxx-driver/archive/refs/tags/r${MONGOC
     cmake --build mongocxx-build --config RelWithDebInfo && \
     cmake --install mongocxx-build --config RelWithDebInfo --prefix /opt/mongocxx
 
-FROM alpine:3.18
+FROM alpine:3
 
 RUN apk update && apk upgrade && apk add --no-cache openssl3 libstdc++ libc6-compat
 

extras/docker/alpine3.18/Makefile renamed to extras/docker/alpine3/Makefile

@@ -7,19 +7,19 @@ DOCKER=docker
 .PHONY: build
 build:
 	$(DOCKER) build . \
-		-t mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3.18
+		-t mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3
 
 .PHONY: nocachebuild
 nocachebuild:
 	$(DOCKER) build . \
 		--no-cache \
-		-t mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3.18
+		-t mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3
 
 .PHONY: run
 run: | $(filter nocachebuild build, $(MAKECMDGOALS))
-	$(DOCKER) run --rm -it mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3.18
+	$(DOCKER) run --rm -it mongodb/mongo-cxx-driver:$(MONGOCXX_VERSION)-alpine3
 
 .PHONY: test
 test: | $(filter nocachebuild build, $(MAKECMDGOALS))
-	$(DOCKER) build . --no-cache -f TestDockerfile -t test-mongocxx-driver-image:$(MONGOCXX_VERSION)-alpine3.18
-	$(DOCKER) run test-mongocxx-driver-image:$(MONGOCXX_VERSION)-alpine3.18
+	$(DOCKER) build . --no-cache -f TestDockerfile -t test-mongocxx-driver-image:$(MONGOCXX_VERSION)-alpine3
+	$(DOCKER) run test-mongocxx-driver-image:$(MONGOCXX_VERSION)-alpine3

extras/docker/alpine3.18/TestDockerfile renamed to extras/docker/alpine3/TestDockerfile

@@ -1,7 +1,7 @@
 # DO NOT EDIT THIS FILE DIRECTLY
 # This file was auto generated from the template file TestDockerfile.j2 using the generate.py script
 
-FROM mongodb/mongo-cxx-driver:3.9.0-alpine3.18
+FROM mongodb/mongo-cxx-driver:3.9.0-alpine3
 
 WORKDIR /build
 

extras/docker/alpine3.18/test.cpp renamed to extras/docker/alpine3/test.cpp

@@ -9,5 +9,5 @@
 int main(void) {
     mongocxx::instance inst{};
     std::cout << "mongo-cxx-driver version: " << MONGOCXX_VERSION_STRING << std::endl;
-    std::cout << "THE alpine3.18 IMAGE WORKS!" << std::endl;
+    std::cout << "THE alpine3 IMAGE WORKS!" << std::endl;
 }

extras/docker/generate.py

@@ -24,37 +24,37 @@ def render_template(template_filename, context):
         ("Dockerfile.j2", "Dockerfile"),
     ]
     distros = [
-        "alpine3.18",
+        "alpine3",
         "bookworm",
         "jammy",
         "redhat-ubi-9.3",
     ]
     base_image = {
-        "alpine3.18": "alpine:3.18",
+        "alpine3": "alpine:3",
         "bookworm": "debian:12-slim",
         "jammy": "ubuntu:22.04",
         "redhat-ubi-9.3": "registry.access.redhat.com/ubi9/ubi-minimal:9.3",
     }
     test_dependency_install_command = {
-        "alpine3.18": "apk update && apk upgrade && apk add --no-cache alpine-sdk",
+        "alpine3": "apk update && apk upgrade && apk add --no-cache alpine-sdk",
         "bookworm": "apt update && apt upgrade -y && apt install -y build-essential",
         "jammy": "apt update && apt upgrade -y && apt install -y build-essential",
         "redhat-ubi-9.3": "microdnf upgrade -y && microdnf install -y g++",
     }
     build_dependencies_install_command = {
-        "alpine3.18": "apk update && apk upgrade && apk add --no-cache alpine-sdk ninja cmake openssl-dev python3",
+        "alpine3": "apk update && apk upgrade && apk add --no-cache alpine-sdk ninja cmake openssl-dev python3",
         "bookworm": "apt update && apt upgrade -y && apt install -y ninja-build build-essential cmake git libssl-dev python3 wget",
         "jammy": "apt update && apt upgrade -y && apt install -y ninja-build build-essential cmake git libssl-dev python3 wget",
         "redhat-ubi-9.3": "microdnf upgrade -y && microdnf install -y ninja-build gcc g++ git gzip tar wget cmake openssl-devel python3",
     }
     runtime_dependencies_install_command = {
-        "alpine3.18": "apk update && apk upgrade && apk add --no-cache openssl3 libstdc++ libc6-compat",
+        "alpine3": "apk update && apk upgrade && apk add --no-cache openssl3 libstdc++ libc6-compat",
         "bookworm": "apt update && apt upgrade -y && apt install -y libssl3 && rm -rf /var/lib/apt/lists/*",
         "jammy": "apt update && apt upgrade -y && apt install -y libssl3 && rm -rf /var/lib/apt/lists/*",
         "redhat-ubi-9.3": "microdnf upgrade -y && microdnf install -y openssl",
     }
     post_install_commands = {
-        "alpine3.18": "",
+        "alpine3": "",
         "bookworm": "\nRUN ldconfig\n",
         "jammy": "\nRUN ldconfig\n",
         "redhat-ubi-9.3": (