[Snyk] Security upgrade alpine from 3.17 to 3.20 (pipe-cd#5014)

* fix: docs/Dockerfile to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590
- https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413590
- https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591
- https://snyk.io/vuln/SNYK-ALPINE317-OPENSSL-7413591

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

* Bump alpine

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

---------

Signed-off-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Co-authored-by: Shinnosuke Sawada-Dazai <shin@warashi.dev>

cmd/helloworld/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.15
+FROM alpine:3.20
 
 ADD .artifacts/helloworld /usr/local/bin/helloworld
 

cmd/pipecd/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.13
+FROM alpine:3.20
 
 ARG GOOGLE_CLOUD_SDK_VERSION=324.0.0
 

cmd/pipectl/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.13
+FROM alpine:3.20
 
 RUN apk add --no-cache git
 

docs/Dockerfile

@@ -2,7 +2,7 @@ FROM golang:1.22.4-alpine3.20 AS builder
 COPY main.go .
 RUN go build -o /server main.go
 
-FROM alpine:3.17
+FROM alpine:3.20
 RUN apk --no-cache add ca-certificates
 
 COPY --from=builder /server ./

manifests/pipecd/templates/deployment.yaml

@@ -95,7 +95,7 @@ spec:
       {{- if .Values.quickstart.enabled }}
       initContainers:
         - name: dep-waiter
-          image: alpine:3.14
+          image: alpine:3.20
           command: ["sh", "-c"]
           args:
             - |
@@ -261,7 +261,7 @@ spec:
       {{- if .Values.quickstart.enabled }}
       initContainers:
         - name: dep-waiter
-          image: alpine:3.14
+          image: alpine:3.20
           command: ["sh", "-c"]
           args:
             - |

tool/piped-base/Dockerfile

@@ -1,4 +1,4 @@
-FROM alpine:3.13
+FROM alpine:3.20
 
 ARG PIPED_USER=piped
 ARG PIPED_USER_GROUP=piped