Update ssl dependencies

[mvfc]

change from libressl-dev to openssl-dev for more compatible alpine image

Release Notes

• Update Alpine SSL build dependencies: replace libressl-dev with openssl-dev in the Dockerfile
• Adjust the build dependency cleanup step to remove openssl-dev (avoiding leftover build packages)
• Prevent committing a local runner tool by adding bin/act to .gitignore

Contribution Summary

Author	Lines Added	Lines Removed
Matheus Cunha	98	0

Greptile Summary

This PR replaces libressl-dev with openssl-dev in the Alpine build stage and also removes openssl-dev in the cleanup step — an improvement over the original, which never deleted libressl-dev after building. The .gitignore is updated to exclude bin/act, addressing a pre-existing comment about the committed binary.

• Dockerfile: Swap libressl-dev → openssl-dev in apk add, and explicitly remove openssl-dev in the apk del cleanup step to trim image size.
• .gitignore: Add bin/act so the locally-installed act binary is no longer tracked by git.

Confidence Score: 5/5

Straightforward, low-risk package swap with no functional side-effects — safe to merge.

The change swaps one Alpine crypto dev package for another (libressl-dev → openssl-dev), which is the correct move for modern Alpine images that ship OpenSSL by default. The runtime openssl library is retained at container start because sqlcipher depends on it, so removing openssl-dev in the cleanup step won't break anything. No logic, scripts, or application code are affected.

No files require special attention.

Important Files Changed

Filename	Overview
Dockerfile	Replace libressl-dev with openssl-dev in apk add, and add openssl-dev to the cleanup apk del step; both changes are correct and improve Alpine compatibility and image hygiene.
.gitignore	Adds bin/act to .gitignore to stop tracking the locally-installed act binary, resolving the previously flagged binary-in-source-control issue.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["FROM python:3.13-alpine"] --> B["apk add --no-cache\n+ openssl-dev ✅ (was libressl-dev)"]
    B --> C["apk upgrade -a"]
    C --> D["adduser / addgroup"]
    D --> E["npm install -g @bitwarden/cli"]
    E --> F["curl supercronic binary + sha1 verify"]
    F --> G["COPY src, scripts, requirements"]
    G --> H["pip install -r requirements.txt\n(compiles native extensions against openssl-dev)"]
    H --> I["apk del build tools\n+ openssl-dev ✅ (newly removed)"]
    I --> J["Final image\n(openssl runtime kept via sqlcipher dep)"]

Loading

%%{init: {'theme': 'base', 'themeVariables': {"darkMode": true, "background": "#0d1117", "primaryColor": "#21262d", "primaryTextColor": "#e6edf3", "primaryBorderColor": "#8b949e", "lineColor": "#8b949e", "textColor": "#e6edf3", "edgeLabelBackground": "#161b22", "actorBkg": "#21262d", "actorBorder": "#8b949e", "actorTextColor": "#e6edf3", "actorLineColor": "#8b949e", "signalColor": "#8b949e", "signalTextColor": "#e6edf3", "noteBkgColor": "#373320", "noteBorderColor": "#d4a72c", "noteTextColor": "#f0e6c0", "labelBoxBkgColor": "#21262d", "labelBoxBorderColor": "#8b949e", "labelTextColor": "#e6edf3", "loopTextColor": "#e6edf3", "activationBkgColor": "#30363d", "activationBorderColor": "#8b949e"}}}%%
flowchart TD
    A["FROM python:3.13-alpine"] --> B["apk add --no-cache\n+ openssl-dev ✅ (was libressl-dev)"]
    B --> C["apk upgrade -a"]
    C --> D["adduser / addgroup"]
    D --> E["npm install -g @bitwarden/cli"]
    E --> F["curl supercronic binary + sha1 verify"]
    F --> G["COPY src, scripts, requirements"]
    G --> H["pip install -r requirements.txt\n(compiles native extensions against openssl-dev)"]
    H --> I["apk del build tools\n+ openssl-dev ✅ (newly removed)"]
    I --> J["Final image\n(openssl runtime kept via sqlcipher dep)"]

Loading

Comments Outside Diff (1)

1. bin/act, line 1 (link)

   Binary executable committed to source control

   A 21 MB statically-linked ELF x86-64 binary has been added to the repository. Committing compiled binaries directly inflates git clone size permanently (git history stores the full blob), makes the binary opaque to code review, and is architecture-specific — it will not work on arm64/armv7 hosts even though the Dockerfile's supercronic install already supports those targets. The act CLI is installable via brew install act, its own install script, or a pinned GitHub Release download with checksum verification; it does not need to live in the repo. Adding bin/act to .gitignore and documenting the install step in the README is the standard approach.

   Prompt To Fix With AI

   This is a comment left during a code review.
   Path: bin/act
   Line: 1
   
   Comment:
   **Binary executable committed to source control**
   
   A 21 MB statically-linked ELF x86-64 binary has been added to the repository. Committing compiled binaries directly inflates `git clone` size permanently (git history stores the full blob), makes the binary opaque to code review, and is architecture-specific — it will not work on `arm64`/`armv7` hosts even though the Dockerfile's `supercronic` install already supports those targets. The `act` CLI is installable via `brew install act`, its own install script, or a pinned GitHub Release download with checksum verification; it does not need to live in the repo. Adding `bin/act` to `.gitignore` and documenting the install step in the README is the standard approach.
   
   How can I resolve this? If you propose a fix, please make it concise.

   Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!

_{Reviews (2): Last reviewed commit: "add bin/act to gitignore" | Re-trigger Greptile}

[coderabbitai]

📝 Walkthrough

Walkthrough

The pull request contains two independent changes: the Dockerfile replaces libressl-dev with openssl-dev in the Alpine apk add build dependency list (line 16) and updates the corresponding apk del cleanup step (line 77) to remove openssl-dev instead of the LibreSSL package. Additionally, .gitignore is updated to exclude the bin/act directory from version control.

Changes

OpenSSL dev dependency swap

Layer / File(s)	Summary
Replace libressl-dev with openssl-dev in install and cleanup Dockerfile	libressl-dev is replaced with openssl-dev in the apk add call and the matching apk del cleanup step.

Git ignore update

Layer / File(s)	Summary
Ignore bin/act directory .gitignore	bin/act is added to .gitignore to exclude the local tool directory from version control.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Update ssl dependencies' directly aligns with the main change: replacing libressl-dev with openssl-dev in the Dockerfile for improved SSL/TLS compatibility.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ssl_lib

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.gitignore:
- Line 14: The gitignore pattern for bin/act should include a trailing slash to
explicitly indicate it is a directory rather than a file. Update the pattern
from bin/act to bin/act/ (adding a trailing slash) to follow standard gitignore
directory conventions and make the intention clearer to readers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: af61f187-351c-4c78-98db-a3d703e08888

📥 Commits

Reviewing files that changed from the base of the PR and between 46811da and fadc737.

📒 Files selected for processing (1)

• .gitignore