diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..f83023c169 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +* text=auto eol=lf +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/ISSUE_TEMPLATE/1-bug-report.md b/.github/ISSUE_TEMPLATE/1-bug-report.md new file mode 100644 index 0000000000..d8ea9da3b4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-bug-report.md @@ -0,0 +1,48 @@ +--- +name: "\U0001F41B Bug Report" +about: Create a bug report to help us improve +--- + + + +## Environment + +* **Platform**: +* **Docker Version**: +* **Node.js Version**: +* **Image Tag**: + +## Expected Behavior + + + +## Current Behavior + + + +## Possible Solution + + + +## Steps to Reproduce + + + +## Additional Information + + + diff --git a/.github/ISSUE_TEMPLATE/2-feature-request.md b/.github/ISSUE_TEMPLATE/2-feature-request.md new file mode 100644 index 0000000000..31a875664e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-feature-request.md @@ -0,0 +1,29 @@ +--- +name: "\U0001F680 Feature Request" +about: Suggest an idea for this project +--- + + + +## Problem + + + +## Solution + + + +## Alternatives to Consider + + + diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..d08bfe4cf3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,14 @@ +blank_issues_enabled: false +contact_links: + - name: Need help with Node.js? + url: https://github.com/nodejs/help + about: Please file an issue in our help repo. + - name: Found a problem with Node.js beyond the API reference documentation? + url: https://github.com/nodejs/nodejs.org/issues/new/choose + about: Please file an issue in the Node.js website repository. + - name: Want to report security issues or vulnerabilites? + url: https://github.com/nodejs/docker-node/security/policy + about: Please go through our policy for reporting CVEs and security issues. + - name: Need help with common questions related to using Node.js with Docker? + url: https://stackoverflow.com/questions/tagged/node.js%2bdocker%2bdockerfile + about: Please visit Stack Overflow to explore related questions and answers. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..6fadc5bdf3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,54 @@ + + +## Description + + + +## Motivation and Context + + + +## Testing Details + + + +## Example Output(if appropriate) + +## Types of changes + + + +- [ ] Documentation +- [ ] Version change (Update, remove or add more Node.js versions) +- [ ] Variant change (Update, remove or add more variants, or versions of variants) +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to change) +- [ ] Other (none of the above) + +## Checklist + + + +- [ ] My code follows the code style of this project. +- [ ] My change requires a change to the documentation. +- [ ] I have updated the documentation accordingly. +- [ ] I have read the **CONTRIBUTING.md** document. +- [ ] All new and existing tests passed. + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..afb98ae0c7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml new file mode 100644 index 0000000000..ab5408659a --- /dev/null +++ b/.github/workflows/automatic-updates.yml @@ -0,0 +1,38 @@ +name: Automatically update Docker image versions + +on: + schedule: + - cron: "*/15 * * * *" + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' + permissions: + pull-requests: write + + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Run automation script + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: updt + with: + result-encoding: string + script: | + const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/build-automation.mjs`); + return script(github); + + - name: Create update PR + id: cpr + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + with: + token: ${{ secrets.GH_API_TOKEN }} + author: "Node.js GitHub Bot " + branch: update-branch + base: main + commit-message: "feat: Node.js ${{ steps.updt.outputs.result }}" + title: "feat: Node.js ${{ steps.updt.outputs.result }}" + delete-branch: true + team-reviewers: | + nodejs/docker diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml new file mode 100644 index 0000000000..d1358d9f46 --- /dev/null +++ b/.github/workflows/build-test.yml @@ -0,0 +1,97 @@ +name: build-test + +on: + push: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + + pull_request: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + +jobs: + gen-matrix: + name: generate-matrix + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Calculate file differences + id: diff + uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 + with: + json: true + escape_json: false + + - name: Generate testing matrix + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: generator + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const script = require(`${process.env.GITHUB_WORKSPACE}/genMatrix.js`) + return script( + ${{ steps.diff.outputs.added_files }}, + ${{ steps.diff.outputs.modified_files }}, + ${{ steps.diff.outputs.renamed_files }}, + ); + + outputs: + matrix: ${{ steps.generator.outputs.result }} + + build: + if: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + needs: gen-matrix + name: build + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + + steps: + - name: Get short node version + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + id: short-version + with: + result-encoding: string + script: return "${{ matrix.version }}".split('.')[0] + + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Build image + uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 + with: + push: false + load: true + context: . + file: ./${{ steps.short-version.outputs.result }}/${{ matrix.variant }}/Dockerfile + tags: node:${{ matrix.version }}-${{ matrix.variant }} + + - name: Test for node version + run: | + image_node_version=$(docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node") + echo "Expected: \"${{ matrix.version }}\", Got: \"${image_node_version}\"" + [ "${image_node_version}" == "${{ matrix.version }}" ] + + - name: Verify entrypoint runs regular, non-executable files with node + run: | + tmp_file=$(mktemp) + echo 'console.log("success")' > "${tmp_file}" + output=$(docker run --rm -v "${tmp_file}:/app/index.js" node:${{ matrix.version }}-${{ matrix.variant }} app/index.js) + [ "${output}" = 'success' ] + + - name: Test for npm + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + + - name: Test for yarn + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml index bd90a4d205..a26616b4ce 100644 --- a/.github/workflows/doctoc.yml +++ b/.github/workflows/doctoc.yml @@ -6,15 +6,18 @@ on: - "README.md" - "docs/BestPractices.md" +permissions: + contents: read + jobs: doctoc: name: Doc TOC Check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '12.x' + node-version: 'lts/*' - name: Install doctoc run: npm i -g doctoc - name: Create README copy and diff with doctoc diff --git a/.github/workflows/eclint.yml b/.github/workflows/eclint.yml index 87ad6bdc79..4d1f26e7bb 100644 --- a/.github/workflows/eclint.yml +++ b/.github/workflows/eclint.yml @@ -2,13 +2,16 @@ name: Test Whitespace and line endings on: [pull_request] +permissions: + contents: read + jobs: eclint: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '12.x' + node-version: 'lts/*' - run: npm i -g eclint - run: eclint check diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml index 4339197825..396bd800f4 100644 --- a/.github/workflows/markdown-link-check.yml +++ b/.github/workflows/markdown-link-check.yml @@ -4,16 +4,20 @@ on: pull_request: paths: - "**/*.md" + - "markdown_link_check_config.json" + +permissions: + contents: read jobs: markdown-link-check: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-node@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 with: - node-version: '12.x' + node-version: 'lts/*' - name: Install markdown-link-check - run: npm i -g markdown-link-check + run: npm i -g markdown-link-check@3.11.0 - name: Run markdown-link-check on MD files - run: find . -name "*.md" | xargs -n 1 markdown-link-check -q + run: find . -name "*.md" | xargs -n 1 markdown-link-check -c markdown_link_check_config.json -q diff --git a/.github/workflows/missing-checksum.yml b/.github/workflows/missing-checksum.yml new file mode 100644 index 0000000000..6c4a293c55 --- /dev/null +++ b/.github/workflows/missing-checksum.yml @@ -0,0 +1,23 @@ +name: Check Alpine CHECKSUM + +on: + pull_request: + paths: + - ".github/workflows/missing-checksum.yml" + - "**/alpine*/Dockerfile" + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Count number of Alpine Dockersfiles without CHECKSUM + run: | + git grep -n 'CHECKSUM=""' -- '*alpine*/Dockerfile' | sed -E 's/^([^:]+):([^:]+):\s*/::error file=\1,line=\2::Missing pre-built checksum/' + if [ "${PIPESTATUS[0]}" -eq 0 ]; then + exit 1 + fi diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml new file mode 100644 index 0000000000..f1dd7855d4 --- /dev/null +++ b/.github/workflows/official-pr.yml @@ -0,0 +1,66 @@ +name: Create official images PR + +on: + pull_request_target: + types: + - closed + + paths: + - ".github/workflows/official-pr.yml" + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - "versions.json" + - "stackbrew.js" + +jobs: + pr: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' && github.event.pull_request.merged_by != '' + permissions: + pull-requests: write + + steps: + - name: Checkout the docker-node repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: docker-node + ref: ${{ github.base_ref }} + fetch-depth: 50 + + - name: Checkout the official-images repo + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + path: official-images + repository: docker-library/official-images + + - name: Generate Stackbrew for diff + run: | + cd docker-node + ./stackbrew.js > ../official-images/library/node + + - name: Create PR in official-images + id: create-pr + uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8 + with: + token: ${{ secrets.GH_API_TOKEN }} + push-to-fork: nodejs/official-images + path: official-images + branch: node + commit-message: "Node: ${{ github.event.pull_request.title }}" + title: "Node: ${{ github.event.pull_request.title }}" + body: | + Pull Request: ${{ github.event.pull_request.html_url }} + @LaurentGoderre @PeterDaveHello @SimenB @Starefossen @nschonni @ttshivers + + - name: PR details + run: | + echo "Pull Request Number - ${{ steps.create-pr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}" + + - name: Create PR comment + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + if: ${{ steps.create-pr.outputs.pull-request-url != '' }} + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + Created PR on the official-images repo (${{ steps.create-pr.outputs.pull-request-url }}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub. diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000000..852cb0ca22 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '30 12 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results.sarif diff --git a/.github/workflows/shfmt.yml b/.github/workflows/shfmt.yml index 1427dd1cb8..380d165260 100644 --- a/.github/workflows/shfmt.yml +++ b/.github/workflows/shfmt.yml @@ -5,16 +5,19 @@ on: paths: - "**/*.sh" +permissions: + contents: read + jobs: shfmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: docker run -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - run: git diff --color --exit-code shellcheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - run: shellcheck *.sh diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 3fd72f5996..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,222 +0,0 @@ -# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # - ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - - include: - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # - - - stage: Build - before_script: *auto_skip - name: 10 on jessie - env: - - NODE_VERSION="10" - - VARIANT="jessie" - - - stage: Build - before_script: *auto_skip - name: 10 on jessie-slim - env: - - NODE_VERSION="10" - - VARIANT="jessie-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch - env: - - NODE_VERSION="10" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch-slim - env: - - NODE_VERSION="10" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on buster - env: - - NODE_VERSION="10" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 10 on buster-slim - env: - - NODE_VERSION="10" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine3.9 - env: - - NODE_VERSION="10" - - VARIANT="alpine3.9" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine3.10 - env: - - NODE_VERSION="10" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine3.11 - env: - - NODE_VERSION="10" - - VARIANT="alpine3.11" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch - env: - - NODE_VERSION="12" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch-slim - env: - - NODE_VERSION="12" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on buster - env: - - NODE_VERSION="12" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 12 on buster-slim - env: - - NODE_VERSION="12" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine3.9 - env: - - NODE_VERSION="12" - - VARIANT="alpine3.9" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine3.10 - env: - - NODE_VERSION="12" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine3.11 - env: - - NODE_VERSION="12" - - VARIANT="alpine3.11" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch - env: - - NODE_VERSION="13" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch-slim - env: - - NODE_VERSION="13" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on buster - env: - - NODE_VERSION="13" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 13 on buster-slim - env: - - NODE_VERSION="13" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on alpine3.10 - env: - - NODE_VERSION="13" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 13 on alpine3.11 - env: - - NODE_VERSION="13" - - VARIANT="alpine3.11" diff --git a/10/alpine3.10/docker-entrypoint.sh b/10/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/alpine3.11/docker-entrypoint.sh b/10/alpine3.11/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine3.11/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/alpine3.9/docker-entrypoint.sh b/10/alpine3.9/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine3.9/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/architectures b/10/architectures deleted file mode 100644 index 4af7322479..0000000000 --- a/10/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm32v6 alpine3.9,alpine3.10,alpine3.11 -arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -i386 alpine3.9,alpine3.10,alpine3.11 -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 diff --git a/10/buster-slim/docker-entrypoint.sh b/10/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/buster/docker-entrypoint.sh b/10/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie-slim/docker-entrypoint.sh b/10/jessie-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie/docker-entrypoint.sh b/10/jessie/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch-slim/docker-entrypoint.sh b/10/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.10/docker-entrypoint.sh b/12/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile deleted file mode 100644 index 8462ba391d..0000000000 --- a/12/alpine3.11/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM alpine:3.11 - -ENV NODE_VERSION 12.16.2 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f6b8bb0ee376cd1e7096f15b68efc3bb6adbd2cb33a12002d5982384b733dcab" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/alpine3.11/docker-entrypoint.sh b/12/alpine3.11/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine3.11/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile deleted file mode 100644 index 3dbf92ee74..0000000000 --- a/12/alpine3.9/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM alpine:3.9 - -ENV NODE_VERSION 12.16.2 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f6b8bb0ee376cd1e7096f15b68efc3bb6adbd2cb33a12002d5982384b733dcab" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/alpine3.9/docker-entrypoint.sh b/12/alpine3.9/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine3.9/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/architectures b/12/architectures deleted file mode 100644 index 5dfbc16e32..0000000000 --- a/12/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm32v6 alpine3.9,alpine3.10,alpine3.11 -arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -i386 alpine3.9,alpine3.10,alpine3.11 -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 diff --git a/12/buster-slim/docker-entrypoint.sh b/12/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/buster/docker-entrypoint.sh b/12/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile deleted file mode 100644 index 4e76d62d29..0000000000 --- a/12/stretch-slim/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - # libatomic1 for arm - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-mark auto '.*' > /dev/null \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && savedAptMark="$(apt-mark showmanual)" \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apt-mark auto '.*' > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch-slim/docker-entrypoint.sh b/12/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile deleted file mode 100644 index 149ad297c3..0000000000 --- a/12/stretch/Dockerfile +++ /dev/null @@ -1,72 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch/docker-entrypoint.sh b/12/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/alpine3.10/Dockerfile b/13/alpine3.10/Dockerfile deleted file mode 100644 index 69acfe93d3..0000000000 --- a/13/alpine3.10/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM alpine:3.10 - -ENV NODE_VERSION 13.13.0 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f552e1a09f257494cf54cd91c0bd9752993e262edf9dc14fd91dbc13468c980b" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/alpine3.10/docker-entrypoint.sh b/13/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/alpine3.11/Dockerfile b/13/alpine3.11/Dockerfile deleted file mode 100644 index bd175f8b01..0000000000 --- a/13/alpine3.11/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -FROM alpine:3.11 - -ENV NODE_VERSION 13.13.0 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f552e1a09f257494cf54cd91c0bd9752993e262edf9dc14fd91dbc13468c980b" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/alpine3.11/docker-entrypoint.sh b/13/alpine3.11/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/alpine3.11/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/architectures b/13/architectures deleted file mode 100644 index e7d6c981d1..0000000000 --- a/13/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11 -arm32v6 alpine3.10,alpine3.11 -arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11 -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11 -i386 alpine3.10,alpine3.11 -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11 -s390x stretch,stretch-slim,buster,buster-slim,alpine3.10,alpine3.11 diff --git a/13/buster-slim/Dockerfile b/13/buster-slim/Dockerfile deleted file mode 100644 index 495e167915..0000000000 --- a/13/buster-slim/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - # libatomic1 for arm - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-mark auto '.*' > /dev/null \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && savedAptMark="$(apt-mark showmanual)" \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apt-mark auto '.*' > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster-slim/docker-entrypoint.sh b/13/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile deleted file mode 100644 index f74449a1e2..0000000000 --- a/13/buster/Dockerfile +++ /dev/null @@ -1,72 +0,0 @@ -FROM buildpack-deps:buster - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster/docker-entrypoint.sh b/13/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch-slim/Dockerfile b/13/stretch-slim/Dockerfile deleted file mode 100644 index 528ee587f0..0000000000 --- a/13/stretch-slim/Dockerfile +++ /dev/null @@ -1,96 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - # libatomic1 for arm - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-mark auto '.*' > /dev/null \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && savedAptMark="$(apt-mark showmanual)" \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apt-mark auto '.*' > /dev/null \ - && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ - && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ - | sort -u \ - | xargs -r dpkg-query --search \ - | cut -d: -f1 \ - | sort -u \ - | xargs -r apt-mark manual \ - && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch-slim/docker-entrypoint.sh b/13/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch/Dockerfile b/13/stretch/Dockerfile deleted file mode 100644 index dd1449c9db..0000000000 --- a/13/stretch/Dockerfile +++ /dev/null @@ -1,72 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ - # smoke tests - && node --version \ - && npm --version - -ENV YARN_VERSION 1.22.4 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - # smoke test - && yarn --version - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch/docker-entrypoint.sh b/13/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/alpine3.9/Dockerfile b/20/alpine3.21/Dockerfile similarity index 57% rename from 10/alpine3.9/Dockerfile rename to 20/alpine3.21/Dockerfile index 6d99e0ca84..e692931020 100644 --- a/10/alpine3.9/Dockerfile +++ b/20/alpine3.21/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.9 +FROM alpine:3.21 -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 20.19.4 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="a6376dd6e736a74098d1050d6653c346fde1d5416d83f063cb66510cdfea7a6d" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="8a4633a9f8101de6870f7d4e5ceb3aa83d3c6cd7c11ad91cd902ea223b8c55fe" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,24 +70,30 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apk del .build-deps \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -92,7 +101,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apk del .build-deps-yarn \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/alpine3.21/docker-entrypoint.sh b/20/alpine3.21/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/alpine3.21/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/alpine3.11/Dockerfile b/20/alpine3.22/Dockerfile similarity index 57% rename from 10/alpine3.11/Dockerfile rename to 20/alpine3.22/Dockerfile index e45065ec2e..d1b4bf4057 100644 --- a/10/alpine3.11/Dockerfile +++ b/20/alpine3.22/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.11 +FROM alpine:3.22 -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 20.19.4 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="a6376dd6e736a74098d1050d6653c346fde1d5416d83f063cb66510cdfea7a6d" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="8a4633a9f8101de6870f7d4e5ceb3aa83d3c6cd7c11ad91cd902ea223b8c55fe" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,24 +70,30 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apk del .build-deps \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -92,7 +101,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apk del .build-deps-yarn \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/alpine3.22/docker-entrypoint.sh b/20/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/stretch-slim/Dockerfile b/20/bookworm-slim/Dockerfile similarity index 54% rename from 10/stretch-slim/Dockerfile rename to 20/bookworm-slim/Dockerfile index 898d92c7eb..5484b6cb32 100644 --- a/10/stretch-slim/Dockerfile +++ b/20/bookworm-slim/Dockerfile @@ -1,50 +1,53 @@ -FROM debian:stretch-slim +FROM debian:bookworm-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 20.19.4 -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -54,24 +57,28 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -80,7 +87,7 @@ RUN set -ex \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -88,7 +95,8 @@ RUN set -ex \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/bookworm-slim/docker-entrypoint.sh b/20/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/jessie/Dockerfile b/20/bookworm/Dockerfile similarity index 59% rename from 10/jessie/Dockerfile rename to 20/bookworm/Dockerfile index eff12a51f2..d90dc6ac1a 100644 --- a/10/jessie/Dockerfile +++ b/20/bookworm/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:jessie +FROM buildpack-deps:bookworm RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 20.19.4 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,56 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/bookworm/docker-entrypoint.sh b/20/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/buster-slim/Dockerfile b/20/bullseye-slim/Dockerfile similarity index 54% rename from 12/buster-slim/Dockerfile rename to 20/bullseye-slim/Dockerfile index a681392cfa..c9b1c77fee 100644 --- a/12/buster-slim/Dockerfile +++ b/20/bullseye-slim/Dockerfile @@ -1,50 +1,53 @@ -FROM debian:buster-slim +FROM debian:bullseye-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.16.2 +ENV NODE_VERSION 20.19.4 -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -54,24 +57,28 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -80,7 +87,7 @@ RUN set -ex \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -88,7 +95,8 @@ RUN set -ex \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/bullseye-slim/docker-entrypoint.sh b/20/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/buster/Dockerfile b/20/bullseye/Dockerfile similarity index 59% rename from 12/buster/Dockerfile rename to 20/bullseye/Dockerfile index f901c38399..ad5120e8b3 100644 --- a/12/buster/Dockerfile +++ b/20/bullseye/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:bullseye RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.16.2 +ENV NODE_VERSION 20.19.4 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,56 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + C0D6248439F1D5604AAFFB4021D900FFDB233756 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/bullseye/docker-entrypoint.sh b/20/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/alpine3.21/Dockerfile b/22/alpine3.21/Dockerfile new file mode 100644 index 0000000000..4f7db331bd --- /dev/null +++ b/22/alpine3.21/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.21 + +ENV NODE_VERSION 22.18.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="8b2439581a534861fb1b137d1c23f5ce996b1e1d8c0821cc9748e565e89b418f" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/alpine3.21/docker-entrypoint.sh b/22/alpine3.21/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.21/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/alpine3.22/Dockerfile b/22/alpine3.22/Dockerfile new file mode 100644 index 0000000000..650f645c2f --- /dev/null +++ b/22/alpine3.22/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.22 + +ENV NODE_VERSION 22.18.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="8b2439581a534861fb1b137d1c23f5ce996b1e1d8c0821cc9748e565e89b418f" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/alpine3.22/docker-entrypoint.sh b/22/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bookworm-slim/Dockerfile b/22/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..7d89718959 --- /dev/null +++ b/22/bookworm-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.18.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bookworm-slim/docker-entrypoint.sh b/22/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bookworm/Dockerfile b/22/bookworm/Dockerfile new file mode 100644 index 0000000000..a2325fa729 --- /dev/null +++ b/22/bookworm/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.18.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bookworm/docker-entrypoint.sh b/22/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bullseye-slim/Dockerfile b/22/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..a1a2c2a3c3 --- /dev/null +++ b/22/bullseye-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.18.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bullseye-slim/docker-entrypoint.sh b/22/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bullseye/Dockerfile b/22/bullseye/Dockerfile new file mode 100644 index 0000000000..d91ac967f3 --- /dev/null +++ b/22/bullseye/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION 22.18.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION 1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bullseye/docker-entrypoint.sh b/22/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/alpine3.10/Dockerfile b/24/alpine3.21/Dockerfile similarity index 57% rename from 12/alpine3.10/Dockerfile rename to 24/alpine3.21/Dockerfile index f1792f1c3a..f6193eb878 100644 --- a/12/alpine3.10/Dockerfile +++ b/24/alpine3.21/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.10 +FROM alpine:3.21 -ENV NODE_VERSION 12.16.2 +ENV NODE_VERSION 24.5.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f6b8bb0ee376cd1e7096f15b68efc3bb6adbd2cb33a12002d5982384b733dcab" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="bd0abf4c358edd8c93183c25247f7fdffbcd8b65297b4299e43c9d3f9c647cf7" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,24 +70,30 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apk del .build-deps \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -92,7 +101,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apk del .build-deps-yarn \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/alpine3.21/docker-entrypoint.sh b/24/alpine3.21/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.21/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/alpine3.10/Dockerfile b/24/alpine3.22/Dockerfile similarity index 57% rename from 10/alpine3.10/Dockerfile rename to 24/alpine3.22/Dockerfile index 4c015659f7..a63b14605f 100644 --- a/10/alpine3.10/Dockerfile +++ b/24/alpine3.22/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.10 +FROM alpine:3.22 -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 24.5.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="a6376dd6e736a74098d1050d6653c346fde1d5416d83f063cb66510cdfea7a6d" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="bd0abf4c358edd8c93183c25247f7fdffbcd8b65297b4299e43c9d3f9c647cf7" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,24 +70,30 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apk del .build-deps \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -92,7 +101,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apk del .build-deps-yarn \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/alpine3.22/docker-entrypoint.sh b/24/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/buster-slim/Dockerfile b/24/bookworm-slim/Dockerfile similarity index 54% rename from 10/buster-slim/Dockerfile rename to 24/bookworm-slim/Dockerfile index f57c3b6747..ec2a819827 100644 --- a/10/buster-slim/Dockerfile +++ b/24/bookworm-slim/Dockerfile @@ -1,50 +1,53 @@ -FROM debian:buster-slim +FROM debian:bookworm-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 24.5.0 -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -54,24 +57,28 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -80,7 +87,7 @@ RUN set -ex \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -88,7 +95,8 @@ RUN set -ex \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/bookworm-slim/docker-entrypoint.sh b/24/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/stretch/Dockerfile b/24/bookworm/Dockerfile similarity index 59% rename from 10/stretch/Dockerfile rename to 24/bookworm/Dockerfile index c6a70bacb5..c546621cc2 100644 --- a/10/stretch/Dockerfile +++ b/24/bookworm/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:stretch +FROM buildpack-deps:bookworm RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 24.5.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,56 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/bookworm/docker-entrypoint.sh b/24/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/jessie-slim/Dockerfile b/24/bullseye-slim/Dockerfile similarity index 54% rename from 10/jessie-slim/Dockerfile rename to 24/bullseye-slim/Dockerfile index 5320cac1e4..7778e7c24d 100644 --- a/10/jessie-slim/Dockerfile +++ b/24/bullseye-slim/Dockerfile @@ -1,50 +1,53 @@ -FROM debian:jessie-slim +FROM debian:bullseye-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 24.5.0 -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -54,24 +57,28 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -80,7 +87,7 @@ RUN set -ex \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -88,7 +95,8 @@ RUN set -ex \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/bullseye-slim/docker-entrypoint.sh b/24/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/buster/Dockerfile b/24/bullseye/Dockerfile similarity index 59% rename from 10/buster/Dockerfile rename to 24/bullseye/Dockerfile index a138f9b5ff..bfd2a54f41 100644 --- a/10/buster/Dockerfile +++ b/24/bullseye/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:bullseye RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.20.1 +ENV NODE_VERSION 24.5.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,56 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.22.4 +ENV YARN_VERSION 1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/bullseye/docker-entrypoint.sh b/24/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/ACTIVE_MAINTAINERS b/ACTIVE_MAINTAINERS deleted file mode 100644 index 6425f28e38..0000000000 --- a/ACTIVE_MAINTAINERS +++ /dev/null @@ -1,5 +0,0 @@ -LaurentGoderre -pesho -PeterDaveHello -SimenB -Starefossen diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ff4153391f..5e1e87158c 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -14,12 +14,12 @@ New **NPM** releases are not tracked. We simply use the NPM version bundled in t If you'd like to help us by submitting a PR for a version update, please do the following: -1. [Fork this project.](https://help.github.com/en/github/getting-started-with-github/fork-a-repo) -1. [Clone the forked repository.](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) -1. Create a branch for the update PR. For example, `git checkout master; git checkout -b version-update`. +1. [Fork this project.](https://docs.github.com/en/get-started/quickstart/fork-a-repo) +1. [Clone the forked repository.](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) +1. Create a branch for the update PR. For example, `git checkout main; git checkout -b version-update`. 1. Run `./update.sh`. You can see additional options by using accessing the built-in help documentation with `./update.sh -h`. This script will automatically update the appropriate files with the latest versions and checksums. 1. Commit the modified files to the `version-update` branch and push the branch to your fork. -1. [Create a PR to merge the branch from your fork into this project's master branch.](https://help.github.com/en/github/collaborating-with-issues-and-pull-requests/creating-a-pull-request-from-a-fork). +1. [Create a PR to merge the branch from your fork into this project's default branch.](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). ## Adding dependencies to the base images diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 34700211fd..832f637cc0 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM=CHECKSUM_x64 \ - ;; \ + x86_64) ARCH='x64' CHECKSUM=CHECKSUM_x64 OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,18 +35,22 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -57,24 +63,30 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apk del .build-deps \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* ENV YARN_VERSION 0.0.0 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ "${YARN_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -82,7 +94,8 @@ RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ && apk del .build-deps-yarn \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 1c3dcf4acf..8dac02f898 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -15,46 +15,54 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* ENV YARN_VERSION 0.0.0 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ "${YARN_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 0056b4a97e..0fe02e764d 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -5,36 +5,42 @@ RUN groupadd --gid 1000 node \ ENV NODE_VERSION 0.0.0 -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ # libatomic1 for arm && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ && apt-mark auto '.*' > /dev/null \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -44,7 +50,8 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ # smoke tests && node --version \ - && npm --version + && npm --version \ + && rm -rf /tmp/* ENV YARN_VERSION 0.0.0 @@ -52,16 +59,19 @@ RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ "${YARN_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ @@ -70,7 +80,7 @@ RUN set -ex \ && apt-mark auto '.*' > /dev/null \ && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ && find /usr/local -type f -executable -exec ldd '{}' ';' \ - | awk '/=>/ { print $(NF-1) }' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ | sort -u \ | xargs -r dpkg-query --search \ | cut -d: -f1 \ @@ -78,7 +88,8 @@ RUN set -ex \ | xargs -r apt-mark manual \ && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ # smoke test - && yarn --version + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 77020bc50c..fb0b9a698f 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -141,44 +141,5 @@ By making a contribution to this project, I certify that: ## Code of Conduct -This Code of Conduct is adapted from [Rust's wonderful -CoC](https://github.com/rust-lang/rust/wiki/Note-development-policy#conduct). - -* We are committed to providing a friendly, safe and welcoming - environment for all, regardless of gender, sexual orientation, - disability, ethnicity, religion, or similar personal characteristic. - -* Please avoid using overtly sexual nicknames or other nicknames that - might detract from a friendly, safe and welcoming environment for - all. - -* Please be kind and courteous. There's no need to be mean or rude. -* Respect that people have differences of opinion and that every - design or implementation choice carries a trade-off and numerous - costs. There is seldom a right answer. - -* Please keep unstructured critique to a minimum. If you have solid - ideas you want to experiment with, make a fork and see how it works. - -* We will exclude you from interaction if you insult, demean or harass - anyone. That is not welcome behaviour. We interpret the term - "harassment" as including the definition in the [Citizen Code of - Conduct](http://citizencodeofconduct.org/); if you have any lack of - clarity about what might be included in that concept, please read - their definition. In particular, we don't tolerate behavior that - excludes people in socially marginalized groups. - -* Private harassment is also unacceptable. No matter who you are, if - you feel you have been or are being harassed or made uncomfortable - by a community member, please contact one of the channel ops or any - of the TC members immediately with a capture (log, photo, email) of - the harassment if possible. Whether you're a regular contributor or - a newcomer, we care about making this community a safe place for you - and we've got your back. - -* Likewise any spamming, trolling, flaming, baiting or other - attention-stealing behaviour is not welcome. - -* Avoid the use of personal pronouns in code comments or - documentation. There is no need to address persons when explaining - code (e.g. "When the developer") +The Node.js Code of Conduct, which applies to this project, can be found at +. diff --git a/README.md b/README.md index 072637a460..fc778a31e5 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Node.js -[![dockeri.co](http://dockeri.co/image/_/node)](https://registry.hub.docker.com/_/node/) +[![dockeri.co](https://dockerico.blankenship.io/image/node)](https://hub.docker.com/_/node) [![GitHub issues](https://img.shields.io/github/issues/nodejs/docker-node.svg "GitHub issues")](https://github.com/nodejs/docker-node) [![GitHub stars](https://img.shields.io/github/stars/nodejs/docker-node.svg "GitHub stars")](https://github.com/nodejs/docker-node) @@ -23,6 +23,8 @@ The official Node.js docker image, made with love by the node community. - [Image Variants](#image-variants) - [`node:`](#nodeversion) - [`node:alpine`](#nodealpine) + - [`node:bullseye`](#nodebullseye) + - [`node:bookworm`](#nodebookworm) - [`node:slim`](#nodeslim) - [License](#license) - [Supported Docker versions](#supported-docker-versions) @@ -50,7 +52,7 @@ See: http://nodejs.org ```dockerfile # specify the node base image with your desired version node: -FROM node:10 +FROM node:16 # replace this with your application's default port EXPOSE 8888 ``` @@ -77,6 +79,8 @@ services: - ./:/home/node/app expose: - "8081" + ports: # use if it is necessary to expose the container to the host machine + - "8001:8001" command: "npm start" ``` @@ -86,7 +90,7 @@ You can then run using Docker Compose: $ docker-compose up -d ``` -Docker Compose example copies your current directory (including node_modules) to the container. +Docker Compose example mounts your current directory (including node_modules) to the container. It assumes that your application has a file named [`package.json`](https://docs.npmjs.com/files/package.json) defining [start script](https://docs.npmjs.com/misc/scripts#default-values). @@ -106,15 +110,15 @@ $ docker run -it --rm --name my-running-script -v "$PWD":/usr/src/app -w /usr/sr ### Verbosity -Prior to 8.7.0 and 6.11.4 the docker images overrode the default npm log -level from `warn` to `info`. However due to improvements to npm and new Docker +Prior to 8.7.0 and 6.11.4, the docker images overrode the default npm log +level from `warn` to `info`. However, due to improvements to npm and new Docker patterns (e.g. multi-stage builds) the working group reached a [consensus](https://github.com/nodejs/docker-node/issues/528) to revert the log level to npm defaults. If you need more verbose output, please use one of the following methods to change the verbosity level. #### Dockerfile -If you create your own `Dockerfile` which inherits from the `node` image you can +If you create your own `Dockerfile` which inherits from the `node` image, you can simply use `ENV` to override `NPM_CONFIG_LOGLEVEL`. ```dockerfile @@ -125,7 +129,7 @@ ENV NPM_CONFIG_LOGLEVEL info #### Docker Run -If you run the node image using `docker run` you can use the `-e` flag to +If you run the node image using `docker run`, you can use the `-e` flag to override `NPM_CONFIG_LOGLEVEL`. ```console @@ -134,7 +138,7 @@ $ docker run -e NPM_CONFIG_LOGLEVEL=info node ... #### NPM run -If you are running npm commands you can use `--loglevel` to control the +If you are running npm commands, you can use `--loglevel` to control the verbosity of the output. ```console @@ -147,7 +151,7 @@ The `node` images come in many flavors, each designed for a specific use case. All of the images contain pre-installed versions of `node`, [`npm`](https://www.npmjs.com/), and [`yarn`](https://yarnpkg.com). For each supported architecture, the supported variants are different. In the file: -[architectures](./architectures), it lists all supported variants for all of +[versions.json](./versions.json), it lists all supported variants for all of the architectures that we support now. ### `node:` @@ -179,17 +183,39 @@ requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons -of using Alpine-based images. One common issue that may arise is a missing shared -library required for use of `process.dlopen`. To add the missing shared libraries -to your image, adding the [`libc6-compat`](https://pkgs.alpinelinux.org/package/edge/main/x86/libc6-compat) +of using Alpine-based images. + +One common issue that may arise is a missing shared library required for use of +`process.dlopen`. To add the missing shared libraries to your image: + +- For Alpine v3.18 and earlier, adding the +[`libc6-compat`](https://pkgs.alpinelinux.org/package/v3.18/main/x86/libc6-compat) package in your Dockerfile is recommended: `apk add --no-cache libc6-compat` +- Starting from Alpine v3.19, you can use the +[`gcompat`](https://pkgs.alpinelinux.org/package/v3.19/main/x86/gcompat) package +to add the missing shared libraries: `apk add --no-cache gcompat` + To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this image as a base, add the things you need in your own Dockerfile (see the [`alpine` image description](https://hub.docker.com/_/alpine/) for examples of how to install packages if you are unfamiliar). +To make the image size even smaller, you can [bundle without npm/yarn](./docs/BestPractices.md#smaller-images-without-npmyarn). + +### `node:bullseye` + +This image is based on version 11 of +[Debian](http://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). + +### `node:bookworm` + +This image is based on version 12 of +[Debian](http://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). + ### `node:slim` This image does not contain the common packages contained in the default tag and @@ -201,8 +227,7 @@ repository. ## License [License information](https://github.com/nodejs/node/blob/master/LICENSE) for -the software contained in this image. [License -information](https://github.com/nodejs/docker-node/blob/master/LICENSE) for the +the software contained in this image. [License information](LICENSE) for the Node.js Docker project. ## Supported Docker versions @@ -222,7 +247,7 @@ This project will support Node.js versions as still under active support as per ## Governance and Current Members The Node.js Docker Image is governed by the Docker Working Group. See -[GOVERNANCE.md](https://github.com/nodejs/docker-node/blob/master/GOVERNANCE.md) +[GOVERNANCE.md](GOVERNANCE.md) to learn more about the group's structure and [CONTRIBUTING.md](CONTRIBUTING.md) for guidance about the expectations for all contributors to this project. @@ -231,7 +256,6 @@ about the expectations for all contributors to this project. - Hans Kristian Flaatten ([starefossen](https://github.com/starefossen)) - Hugues Malphettes ([hmalphettes](https://github.com/hmalphettes)) - John Mitchell ([jlmitch5](https://github.com/jlmitch5)) -- Peter Petrov ([pesho](https://github.com/pesho)) ### Docker Working Group Collaborators @@ -245,3 +269,4 @@ about the expectations for all contributors to this project. #### Docker Working Group Members - Christopher Horrell ([chorrell](https://github.com/chorrell)) +- Peter Petrov ([pesho](https://github.com/pesho)) diff --git a/SECURITY.md b/SECURITY.md index f6cb6240c3..a820a3f551 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -7,6 +7,6 @@ Security issues relating to Node.js project should follow the process documented CVEs for the base image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repos. - [Alpine](https://github.com/alpinelinux/docker-alpine) -- [Debian (buster, jessie, stretch)](https://github.com/debuerreotype/docker-debian-artifacts) +- [Debian (bullseye, bookworm)](https://github.com/debuerreotype/docker-debian-artifacts) When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in . diff --git a/architectures b/architectures index 0d29de6a87..1ed4ae8990 100644 --- a/architectures +++ b/architectures @@ -1,8 +1,8 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm32v6 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -arm64v8 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -i386 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -ppc64le jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 -s390x jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,alpine3.11 +bashbrew-arch variants +amd64 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim +arm32v6 alpine3.21,alpine3.22 +arm32v7 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim +arm64v8 alpine3.21,alpine3.22,bookworm,bookworm-slim,bullseye,bullseye-slim +i386 alpine3.21,alpine3.22 +ppc64le alpine3.21,alpine3.22,bookworm,bookworm-slim +s390x alpine3.21,alpine3.22,bookworm,bookworm-slim diff --git a/build-automation.mjs b/build-automation.mjs new file mode 100644 index 0000000000..ba296d1ed4 --- /dev/null +++ b/build-automation.mjs @@ -0,0 +1,105 @@ +import { promisify } from "util"; + +import child_process from "child_process"; + +const exec = promisify(child_process.exec); + +// a function that queries the Node.js release website for new versions, +// compare the available ones with the ones we use in this repo +// and returns whether we should update or not +const checkIfThereAreNewVersions = async (github) => { + try { + const { stdout: versionsOutput } = await exec(". ./functions.sh && get_versions", { shell: "bash" }); + + const supportedVersions = versionsOutput.trim().split(" "); + + let latestSupportedVersions = {}; + + for (let supportedVersion of supportedVersions) { + const { stdout } = await exec(`ls ${supportedVersion}`); + + const { stdout: fullVersionOutput } = await exec(`. ./functions.sh && get_full_version ./${supportedVersion}/${stdout.trim().split("\n")[0]}`, { shell: "bash" }); + + console.log(fullVersionOutput); + + latestSupportedVersions[supportedVersion] = { fullVersion: fullVersionOutput.trim() }; + } + + const { data: availableVersionsJson } = await github.request('https://nodejs.org/download/release/index.json'); + + // filter only more recent versions of availableVersionsJson for each major version in latestSupportedVersions' keys + // e.g. if latestSupportedVersions = { "12": "12.22.10", "14": "14.19.0", "16": "16.14.0", "17": "17.5.0" } + // and availableVersions = ["Node.js 12.22.10", "Node.js 12.24.0", "Node.js 14.19.0", "Node.js 14.22.0", "Node.js 16.14.0", "Node.js 16.16.0", "Node.js 17.5.0", "Node.js 17.8.0"] + // return { "12": "12.24.0", "14": "14.22.0", "16": "16.16.0", "17": "17.8.0" } + + let filteredNewerVersions = {}; + + for (let availableVersion of availableVersionsJson) { + const [availableMajor, availableMinor, availablePatch] = availableVersion.version.split("v")[1].split("."); + if (latestSupportedVersions[availableMajor] == null) { + continue; + } + const [_latestMajor, latestMinor, latestPatch] = latestSupportedVersions[availableMajor].fullVersion.split("."); + if (latestSupportedVersions[availableMajor] && (Number(availableMinor) > Number(latestMinor) || (availableMinor === latestMinor && Number(availablePatch) > Number(latestPatch)))) { + filteredNewerVersions[availableMajor] = { fullVersion: `${availableMajor}.${availableMinor}.${availablePatch}` }; + } + } + + return { + shouldUpdate: Object.keys(filteredNewerVersions).length > 0 && JSON.stringify(filteredNewerVersions) !== JSON.stringify(latestSupportedVersions), + versions: filteredNewerVersions, + } + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +// a function that queries the Node.js unofficial release website for new musl versions and security releases, +// and returns relevant information +const checkForMuslVersionsAndSecurityReleases = async (github, versions) => { + try { + const { data: unofficialBuildsIndexText } = await github.request('https://unofficial-builds.nodejs.org/download/release/index.json'); + + for (let version of Object.keys(versions)) { + const buildVersion = unofficialBuildsIndexText.find(indexVersion => indexVersion.version === `v${versions[version].fullVersion}`); + + versions[version].muslBuildExists = buildVersion?.files.includes("linux-x64-musl") ?? false; + versions[version].isSecurityRelease = buildVersion?.security ?? false; + } + return versions; + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +export default async function(github) { +// if there are no new versions, exit gracefully +// if there are new versions, +// check for musl builds +// then run update.sh + const { shouldUpdate, versions } = await checkIfThereAreNewVersions(github); + + if (!shouldUpdate) { + console.log("No new versions found. No update required."); + process.exit(0); + } else { + const newVersions = await checkForMuslVersionsAndSecurityReleases(github, versions); + let updatedVersions = []; + for (const [version, newVersion] of Object.entries(newVersions)) { + if (newVersion.muslBuildExists) { + const { stdout } = await exec(`./update.sh ${newVersion.isSecurityRelease ? "-s " : ""}${version}`); + console.log(stdout); + updatedVersions.push(newVersion.fullVersion); + } else { + console.log(`There's no musl build for version ${newVersion.fullVersion} yet.`); + process.exit(0); + } + } + const { stdout } = (await exec(`git diff`)); + console.log(stdout); + + return updatedVersions.join(', '); + } +} diff --git a/config b/config index bd652eee00..bb8d85f919 100644 --- a/config +++ b/config @@ -1,4 +1,4 @@ baseuri https://nodejs.org/dist -default_variant stretch -alpine_version 3.11 -debian_versions jessie stretch buster +default_variant bookworm +alpine_version 3.19 +debian_versions bookworm bullseye diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index de6fa8a9ad..1b3116e53b 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,7 +1,10 @@ #!/bin/sh set -e -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then set -- node "$@" fi diff --git a/docs/BestPractices.md b/docs/BestPractices.md index c883b2a0a4..ad6dcc4e92 100644 --- a/docs/BestPractices.md +++ b/docs/BestPractices.md @@ -1,17 +1,24 @@ # Docker and Node.js Best Practices + + ## Table of Contents - [Environment Variables](#environment-variables) - [Global npm dependencies](#global-npm-dependencies) - [Upgrading/downgrading Yarn](#upgradingdowngrading-yarn) + - [Local](#local) + - [Global](#global) - [Handling Kernel Signals](#handling-kernel-signals) - [Non-root User](#non-root-user) - [Memory](#memory) - [CMD](#cmd) - [Docker Run](#docker-run) - [Security](#security) -- [node-gyp in alpine variant](#node-gyp-alpine) +- [node-gyp alpine](#node-gyp-alpine) +- [Smaller images without npm/yarn](#smaller-images-without-npmyarn) + + ## Environment Variables @@ -37,7 +44,7 @@ ENV PATH=$PATH:/home/node/.npm-global/bin # optionally if you want to run npm gl If you need to upgrade/downgrade `yarn` for a local install, you can do so by issuing the following commands in your `Dockerfile`: -> Note that if you create some other directory which is not a descendant one from where you ran the command, you will end up using the global (dated) version. If you wish to upgrade `yarn` globally follow the instructions in the next section. +> Note that if you create some other directory which is not a descendant one from where you ran the command, you will end up using the global (dated) version. If you wish to upgrade `yarn` globally, follow the instructions in the next section. > When following the local install instructions, due to duplicated yarn the image will end up being bigger. @@ -91,7 +98,7 @@ You can also include Tini [directly in your Dockerfile](https://github.com/krall ## Non-root User -By default, Docker runs container as root which inside of the container can pose as a security issue. You would want to run the container as an unprivileged user wherever possible. The node images provide the `node` user for such purpose. The Docker Image can then be run with the `node` user in the following way: +By default, Docker runs commands inside the container as root which violates the [Principle of Least Privilege (PoLP)](https://en.wikipedia.org/wiki/Principle_of_least_privilege) when superuser permissions are not strictly required. You want to run the container as an unprivileged user whenever possible. The node images provide the `node` user with uid 1000 for such purpose. The Docker Image can then be run with the `node` user in the following way: ``` -u "node" @@ -103,12 +110,12 @@ Alternatively, the user can be activated in the `Dockerfile`: FROM node:6.10.3 ... # At the end, set the user to use when running this image -USER node +USER 1000 # node ``` Note that the `node` user is neither a build-time nor a run-time dependency and it can be removed or altered, as long as the functionality of the application you want to add to the container does not depend on it. -If you do not want nor need the user created in this image you can remove it with the following: +If you do not want nor need the user created in this image, you can remove it with the following: ```Dockerfile # For debian based images use: @@ -118,13 +125,13 @@ RUN userdel -r node RUN deluser --remove-home node ``` -If you need to change the uid/gid of the user you can use: +If you need to change the uid/gid of the user, you can use: ```Dockerfile RUN groupmod -g 999 node && usermod -u 999 -g 999 node ``` -If you need another name for the user (ex. `myapp`) execute: +If you need another name for the user (ex. `myapp`), execute: ```Dockerfile RUN usermod -d /home/myapp -l myapp node @@ -140,7 +147,7 @@ RUN deluser --remove-home node \ ## Memory -By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host you should limit how much memory they can consume. +By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host, you should limit how much memory they can consume. ``` -m "300M" --memory-swap "1G" @@ -148,7 +155,7 @@ By default, any Docker Container may consume as much of the hardware such as CPU ## CMD -When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off this reduces the number of processes running inside of your container. Secondly it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. +When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off, this reduces the number of processes running inside of your container. Secondly, it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. ```Dockerfile CMD ["node","index.js"] @@ -160,6 +167,7 @@ Here is an example of how you would run a default Node.JS Docker Containerized a ``` $ docker run \ + --init \ -e "NODE_ENV=production" \ -u "node" \ -m "300M" --memory-swap "1G" \ @@ -179,18 +187,18 @@ Here is an example of how you would install dependencies for packages that requi ```Dockerfile FROM node:alpine -RUN apk add --no-cache --virtual .gyp python make g++ \ +RUN apk add --no-cache --virtual .gyp python3 py-setuptools make g++ \ && npm install [ your npm dependencies here ] \ && apk del .gyp ``` -And Here's a multistage build example +And, here's a multistage build example: ```Dockerfile FROM node:alpine as builder ## Install build toolchain, install node deps and compile native add-ons -RUN apk add --no-cache python make g++ +RUN apk add --no-cache python3 make g++ RUN npm install [ your npm dependencies here ] FROM node:alpine as app @@ -198,3 +206,39 @@ FROM node:alpine as app ## Copy built node modules and binaries without including the toolchain COPY --from=builder node_modules . ``` + + +## Smaller images without npm/yarn + +If you want to achieve an even smaller image size than the `-alpine`, you can omit the npm/yarn like this: + +```Dockerfile +ARG ALPINE_VERSION=3.16 + +FROM node:18-alpine${ALPINE_VERSION} AS builder +WORKDIR /build-stage +COPY package*.json ./ +RUN npm ci +# Copy the the files you need +COPY . ./ +RUN npm run build + +FROM alpine:${ALPINE_VERSION} +# Create app directory +WORKDIR /usr/src/app +# Add required binaries +RUN apk add --no-cache libstdc++ dumb-init \ + && addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node \ + && chown node:node ./ +COPY --from=builder /usr/local/bin/node /usr/local/bin/ +COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] +USER node +# Update the following COPY lines based on your codebase +COPY --from=builder /build-stage/node_modules ./node_modules +COPY --from=builder /build-stage/dist ./dist +# Run with dumb-init to not start node with PID=1, since Node.js was not designed to run as PID 1 +CMD ["dumb-init", "node", "dist/index.js"] +``` + + diff --git a/functions.sh b/functions.sh index 5f37f3522c..7c927cc081 100755 --- a/functions.sh +++ b/functions.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash # # Utlity functions +# Don't change this file unless needed +# The GitHub Action for automating new builds rely on this file info() { printf "%s\\n" "$@" @@ -30,14 +32,14 @@ function get_arch() { s390x) arch="s390x" ;; - aarch64) + aarch64 | arm64) arch="arm64" ;; armv7l) arch="arm32v7" ;; *) - echo "$0 does not support architecture ${arch} ... aborting" + echo "$0 does not support architecture ${arch:-unknown} ... aborting" exit 1 ;; esac @@ -46,10 +48,10 @@ function get_arch() { } # Get corresponding variants based on the architecture. -# All supported variants of each supported architecutre are listed in a +# All supported variants of each supported architecture are listed in a # file - 'architectures'. Its format is: -# ,... -# ,... +# ,... +# ,... function get_variants() { local dir dir=${1:-.} @@ -133,14 +135,9 @@ function get_config() { # Get available versions for a given path # -# If full or partial versions are provided then they are processed and -# validated. e.g. "6 chakracore" returns "6 chakracore/8" since it processed the -# chakracore entry and found it to be a fork rather than a complete version. -# # The result is a list of valid versions. +# shellcheck disable=SC2120 function get_versions() { - local prefix - prefix=${1:-.} shift local versions=() @@ -149,17 +146,11 @@ function get_versions() { local default_variant default_variant=$(get_config "./" "default_variant") if [ ${#dirs[@]} -eq 0 ]; then - IFS=' ' read -ra dirs <<< "$(echo "${prefix%/}/"*/)" + IFS=' ' read -ra dirs <<< "$(echo "./"*/)" fi for dir in "${dirs[@]}"; do - if [ -a "${dir}/config" ]; then - local subdirs - IFS=' ' read -ra subdirs <<< "$(get_versions "${dir#./}")" - for subdir in "${subdirs[@]}"; do - versions+=("${subdir}") - done - elif [ -a "${dir}/Dockerfile" ] || [ -a "${dir}/${default_variant}/Dockerfile" ]; then + if [ -a "${dir}/Dockerfile" ] || [ -a "${dir}/${default_variant}/Dockerfile" ]; then versions+=("${dir#./}") fi done diff --git a/genMatrix.js b/genMatrix.js new file mode 100644 index 0000000000..9f57ea5096 --- /dev/null +++ b/genMatrix.js @@ -0,0 +1,80 @@ +'use strict'; +const path = require('path'); +const fs = require('fs'); + +const testFiles = [ + 'genMatrix.js', + '.github/workflows/build-test.yml', +]; + +const nodeDirRegex = /^\d+$/; + +const areTestFilesChanged = (changedFiles) => changedFiles + .some((file) => testFiles.includes(file)); + +// Returns a list of the child directories in the given path +const getChildDirectories = (parent) => fs.readdirSync(parent, { withFileTypes: true }) + .filter((dirent) => dirent.isDirectory()) + .map(({ name }) => path.resolve(parent, name)); + +const getNodeVerionDirs = (base) => getChildDirectories(base) + .filter((childPath) => nodeDirRegex.test(path.basename(childPath))); + +// Returns the paths of Dockerfiles that are at: base/*/Dockerfile +const getDockerfilesInChildDirs = (base) => getChildDirectories(base) + .map((childDir) => path.resolve(childDir, 'Dockerfile')); + +const getAllDockerfiles = (base) => getNodeVerionDirs(base).flatMap(getDockerfilesInChildDirs); + +const getAffectedDockerfiles = (filesAdded, filesModified, filesRenamed) => { + const files = [ + ...filesAdded, + ...filesModified, + ...filesRenamed, + ]; + + // If the test files were changed, include everything + if (areTestFilesChanged(files)) { + console.log('Test files changed so scheduling all Dockerfiles'); + return getAllDockerfiles(__dirname); + } + + const modifiedDockerfiles = files.filter((file) => file.endsWith('/Dockerfile')); + + // Get Dockerfiles affected by modified docker-entrypoint.sh files + const entrypointAffectedDockerfiles = files + .filter((file) => file.endsWith('/docker-entrypoint.sh')) + .map((file) => path.resolve(path.dirname(file), 'Dockerfile')); + + return [ + ...modifiedDockerfiles, + ...entrypointAffectedDockerfiles, + ]; +}; + +const getFullNodeVersionFromDockerfile = (file) => fs.readFileSync(file, 'utf8') + .match(/^ENV NODE_VERSION (\d*\.*\d*\.\d*)/m)[1]; + +const getDockerfileMatrixEntry = (file) => { + const [variant] = path.dirname(file).split(path.sep).slice(-1); + + const version = getFullNodeVersionFromDockerfile(file); + + return { + version, + variant, + }; +}; + +const generateBuildMatrix = (filesAdded, filesModified, filesRenamed) => { + const dockerfiles = [...new Set(getAffectedDockerfiles(filesAdded, filesModified, filesRenamed))]; + + const entries = dockerfiles.map(getDockerfileMatrixEntry); + + // Return null if there are no entries so we can skip the matrix step + return entries.length + ? { include: entries } + : null; +}; + +module.exports = generateBuildMatrix; diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh deleted file mode 100755 index d030d3f950..0000000000 --- a/generate-stackbrew-library.sh +++ /dev/null @@ -1,109 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -hash git 2> /dev/null || { echo >&2 "git not found, exiting."; } - -# Used dynamically: print "$array_" $1 -# shellcheck disable=SC2034 -array_10='10 dubnium' -# shellcheck disable=SC2034 -array_12='12 erbium lts current' -# shellcheck disable=SC2034 -array_13='13 latest' - -default_variant=$(get_config "./" "default_variant") - -default_alpine=$(get_config "./" "alpine_version") - -cd "$(cd "${0%/*}" && pwd -P)" - -self="$(basename "${BASH_SOURCE[0]}")" - -IFS=' ' read -ra versions <<< "$(get_versions)" -IFS=' ' read -ra versions <<< "$(sort_versions "${versions[@]}")" -url='https://github.com/nodejs/docker-node' - -# get the most recent commit which modified any of "$@" -fileCommit() { - git log -1 --format='format:%H' HEAD -- "$@" -} - -echo "# this file is generated via ${url}/blob/$(fileCommit "${self}")/${self}" -echo -echo "Maintainers: The Node.js Docker Team <${url}> (@nodejs)" -echo "GitRepo: ${url}.git" -echo - -# prints "$2$1$3$1...$N" -join() { - local sep="$1" - shift - local out - printf -v out "${sep//%/%%}%s" "$@" - echo "${out#$sep}" -} - -get_stub() { - local version="${1}" - shift - IFS='/' read -ra versionparts <<< "${version}" - local stub - eval stub="$(join '_' "${versionparts[@]}" | awk -F. '{ print "$array_" $1 }')" - echo "${stub}" -} - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -f "${version}/${default_variant}/Dockerfile" ] || continue - - stub=$(get_stub "${version}") - commit="$(fileCommit "${version}")" - fullVersion="$(get_tag "${version}" full)" - majorMinorVersion="$(get_tag "${version}" majorminor)" - - IFS=' ' read -ra versionAliases <<< "$fullVersion $majorMinorVersion $stub" - - if [ -f "${version}/Dockerfile" ]; then - # Get supported architectures for a specific version. See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "default")" - - echo "Tags: $(join ', ' "${versionAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}" - echo - fi - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")")" - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - commit="$(fileCommit "${version}/${variant}")" - - slash='/' - variantAliases=("${versionAliases[@]/%/-${variant//${slash}/-}}") - if [ "${variant}" = "${default_variant}-slim" ]; then - variantAliases+=("${versionAliases[@]/%/-slim}") - elif [ "${variant}" = "alpine${default_alpine}" ]; then - variantAliases+=("${versionAliases[@]/%/-alpine}") - elif [ "${variant}" = "${default_variant}" ]; then - variantAliases+=("${versionAliases[@]}") - fi - variantAliases=("${variantAliases[@]//latest-/}") - - # Get supported architectures for a specific version and variant. - # See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "${variant}")" - - echo "Tags: $(join ', ' "${variantAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}/${variant}" - echo - done -done diff --git a/generate-stackbrew-pr.sh b/generate-stackbrew-pr.sh deleted file mode 100755 index ce13aa4c2e..0000000000 --- a/generate-stackbrew-pr.sh +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -COMMIT_RANGE="${1}" -COMMIT_ID="$(git show -s --format="%H" "${COMMIT_RANGE}" | head -n 1)" - -if [ -n "$TRAVIS" ]; then - COMMIT_MESSAGE="${TRAVIS_COMMIT_MESSAGE}" - BRANCH_NAME="travis-${TRAVIS_BUILD_ID}" - GITHUB_USERNAME="${AUTOPR_GITHUB_USERNAME:-nodejs-github-bot}" -else - COMMIT_MESSAGE="$(git show -s --format=%B "${COMMIT_ID}")" - BRANCH_NAME="autopr-$(date +%s)" - if [[ "$(git remote get-url origin)" =~ github.com/([^/]*)/docker-node.git ]]; then - GITHUB_USERNAME="${BASH_REMATCH[1]}" - fi -fi - -if [[ "${COMMIT_MESSAGE}" =~ Merge\ pull\ request\ \#([0-9]*) ]]; then - - # This is a merge from a pull request - PR_NUMBER="${BASH_REMATCH[1]}" - COMMIT_MESSAGE="$(printf "%s" "${COMMIT_MESSAGE}" | tail -n 1)" -fi - -IMAGES_FILE="library/node" -REPO_NAME="official-images" -ORIGIN_SLUG="${GITHUB_USERNAME}/${REPO_NAME}" -UPSTREAM_SLUG="${AUTOPR_UPSTREAM:-docker-library}/${REPO_NAME}" -DOCKER_SLUG="${TRAVIS_REPO_SLUG:-nodejs/docker-node}" -gitpath="../${REPO_NAME}" - -function auth_header() { - echo "Authorization: token ${GITHUB_API_TOKEN}" -} - -function permission_check() { - if [ -z "${GITHUB_API_TOKEN}" ]; then - fatal "Environment variable \$GITHUB_API_TOKEN is missing or empty" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com")" - - if [ "$(echo "${auth}" | jq -r .message)" = "Bad credentials" ]; then - fatal "Authentication Failed! Invalid \$GITHUB_API_TOKEN" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com/repos/${ORIGIN_SLUG}/collaborators/${GITHUB_USERNAME}/permission")" - if [ "$(echo "${auth}" | jq -r .message)" != "null" ]; then - fatal "\$GITHUB_API_TOKEN can't push to https://github.com/${ORIGIN_SLUG}.git" - fi -} - -function setup_git_author() { - # Set Git User Info - GIT_AUTHOR_NAME="Node.js GitHub Bot" - GIT_AUTHOR_EMAIL="github-bot@iojs.org" - GIT_COMMITTER_NAME="Node.js GitHub Bot" - GIT_COMMITTER_EMAIL="github-bot@iojs.org" - - export GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL -} - -function message() { - echo "Node: ${COMMIT_MESSAGE}" -} - -function pr_payload() { - local escaped_message - local body - local maintainers - - escaped_message="$(echo "${COMMIT_MESSAGE}" | head -n 1 | sed -E -e "s/\"/\\\\\"/g")" - - if [ -n "${PR_NUMBER}" ]; then - body="Pull Request: ${DOCKER_SLUG}#${PR_NUMBER}" - else - body="Commit: https://github.com/${DOCKER_SLUG}/compare/${COMMIT_RANGE}" - fi - - for maintainer in $(xargs < ACTIVE_MAINTAINERS); do - maintainers="$maintainers @$maintainer" - done - - printf "{ - \"title\": \"Node: %s\", - \"body\" : \"%s.
cc %s\", - \"head\" : \"%s\", - \"base\": \"master\" - }" "${escaped_message}" "${body}" "${maintainers}" "${GITHUB_USERNAME}:${BRANCH_NAME}" -} - -function comment_payload() { - local pr_url - pr_url="${1}" - echo "{ - \"body\": \"Created PR to the ${REPO_NAME} repo (${pr_url}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub.\" - }" -} - -if images_updated "${COMMIT_RANGE}"; then - - permission_check - - # Set Git User Info - [ -z "$GIT_AUTHOR_NAME" ] && setup_git_author - - info "Cloning..." - git clone --depth 50 "https://github.com/${UPSTREAM_SLUG}.git" ${gitpath} 2> /dev/null - - stackbrew="$(./generate-stackbrew-library.sh)" - - cd ${gitpath} - - echo "${stackbrew}" > "${IMAGES_FILE}" - git checkout -b "${BRANCH_NAME}" - git add "${IMAGES_FILE}" - git commit -m "$(message)" - - info "Pushing..." - git fetch --unshallow "https://github.com/${ORIGIN_SLUG}.git" - git push "https://${GITHUB_API_TOKEN}:x-oauth-basic@github.com/${ORIGIN_SLUG}.git" -f "${BRANCH_NAME}" || fatal "Error pushing the updated stackbrew" - - cd - && rm -rf ${gitpath} - - info "Creating Pull request" - pr_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(pr_payload)" \ - "https://api.github.com/repos/${UPSTREAM_SLUG}/pulls")" - - url="$(echo "${pr_response_payload}" | jq -r .html_url)" - if [ "${url}" != "null" ]; then - info "Pull request created at ${url}" - - if [ -n "${PR_NUMBER}" ]; then - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/issues/${PR_NUMBER}/comments" - else - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/commits/${COMMIT_ID}/comments" - fi - - info "Creating Commit Comment" - commit_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(comment_payload "${url}")" \ - "${comment_endpoint}")" - - if [ "$(echo "${commit_response_payload}" | jq -r .message)" != "null" ]; then - fatal "Error linking the pull request (${error_message})" - else - comment_url="$(echo "${commit_response_payload}" | jq -r .html_url)" - info "Created comment at ${comment_url}" - fi - else - error_message=$(echo "${pr_response_payload}" | jq -r .message) - fatal "Error creating pull request (${error_message})" - fi -else - info "No change!" -fi diff --git a/keys/node.keys b/keys/node.keys index 94a01e332c..c2406457ff 100644 --- a/keys/node.keys +++ b/keys/node.keys @@ -1,11 +1,8 @@ -94AE36675C464D64BAFA68DD7434390BDBE9B9C5 -FD3A5288F042B6850C66B31F09FE44734EB7990E -71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 -DD8F2338BAE7501E3DD5AC78C273792F7D83545D -C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 -B9AE9905FFD7803F25714661B63B535A4C206CA9 -77984A986EBC2AA786BC0F66B01FBB92821C587A +5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 +DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 +CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 -4ED778F539E3634C779C87C6D7062848A1AB005C -A48C2BEE680E841632CD4E44F07496B3EB3C1762 -B9E2F5981AA6E0CD28160D9FF13993A75599653C +890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 +C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C +108F52B48DB57BB0CC439B2997B01419BD92F80A +A363A499291CBBC940DD62E41F10027AF002F8B0 diff --git a/markdown_link_check_config.json b/markdown_link_check_config.json new file mode 100644 index 0000000000..1b8b1d40f6 --- /dev/null +++ b/markdown_link_check_config.json @@ -0,0 +1,12 @@ +{ + "httpHeaders": [ + { + "urls": [ + "https://docs.github.com" + ], + "headers": { + "Accept-Encoding": "br, gzip, deflate" + } + } + ] +} diff --git a/stackbrew.js b/stackbrew.js new file mode 100755 index 0000000000..58bec1daaf --- /dev/null +++ b/stackbrew.js @@ -0,0 +1,158 @@ +#!/usr/bin/env node + +const fs = require('fs'); +const path = require('path'); + +// Grab last git commit +function getCommitHasForPath(path) { + return require('child_process') + .execSync(`git log -1 --format=%H HEAD -- ${path}`) + .toString().trim() +} + +const stackbrewPath = path.basename(__filename); + +// Header +let stackbrew = `# this file is generated via https://github.com/nodejs/docker-node/blob/${getCommitHasForPath(stackbrewPath)}/${stackbrewPath} + +Maintainers: The Node.js Docker Team (@nodejs) +GitRepo: https://github.com/nodejs/docker-node.git +GitFetch: refs/heads/main\n`; + +// Loop versions + +const config = require('./versions.json'); + +const versions = Object.keys(config).reverse() + +let midnight = new Date() +midnight.setHours(0, 0, 0, 0) +const now = midnight.getTime() +const aplineRE = new RegExp(/alpine*/); +const slimRE = new RegExp(/\*-slim/); +let foundLTS = false; +let foundCurrent = false; + +for (version of versions) { + let lts = new Date(`${config[version].lts}T00:00:00.00`).getTime(); + let maintenance = new Date(`${config[version].maintenance}T00:00:00.00`).getTime(); + let isCurrent = foundCurrent ? false : isNaN(lts) || lts >= now; + foundCurrent = isCurrent || foundCurrent; + let isLTS = foundLTS ? false : (now >= lts); + foundLTS = isLTS || foundLTS; + let codename = config[version].codename + let defaultAlpine = config[version]['alpine-default'] + let defaultDebian = config[version]['debian-default'] + let variants = config[version].variants + let fullversion; + for (variant in variants) { + let dockerfilePath = path.join(version, variant, 'Dockerfile'); + let isAlpine = aplineRE.test(variant) + let isSlim = slimRE.test(variant) + let isDefaultSlim = new RegExp(`${defaultDebian}-slim`).test(variant) + + // Get full version from the first Dockerfile + if (!fullversion) { + let dockerfile = fs.readFileSync(dockerfilePath, 'utf-8') + fullversion = dockerfile.match(/ENV NODE_VERSION (?\d+)\.(?\d+)\.(?\d+)/) + } + let tags = [ + `${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-${variant}`, + `${fullversion.groups.major}.${fullversion.groups.minor}-${variant}`, + `${fullversion.groups.major}-${variant}`, + ] + + if (codename) { + tags.push(`${codename}-${variant}`) + } + + if (variant === defaultAlpine) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-alpine`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-alpine`) + tags.push(`${fullversion.groups.major}-alpine`) + if (codename) { + tags.push(`${codename}-alpine`) + } + } + + if (variant === defaultDebian) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}`) + tags.push(`${fullversion.groups.major}`) + if (isSlim) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-slim`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-slim`) + tags.push(`${fullversion.groups.major}-slim`) + } + if (codename) { + tags.push(`${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-slim`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-slim`) + tags.push(`${fullversion.groups.major}-slim`) + if (codename) { + tags.push(`${codename}-slim`) + } + } + + if (isCurrent) { + if (variant === defaultAlpine) { + tags.push(variant) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-alpine`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-alpine`) + tags.push(`${fullversion.groups.major}-alpine`) + tags.push('alpine') + tags.push('current-alpine') + } + if (variant === defaultDebian) { + tags.push(variant) + tags.push('latest') + tags.push('current') + } + if (isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (!isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (isDefaultSlim) { + tags.push('slim') + tags.push('current-slim') + } + } + + if (isLTS) { + tags.push(`lts-${variant}`) + if (variant === defaultAlpine) { + } + if (variant === defaultDebian) { + tags.push('lts') + if (codename) { + tags.push(`lts-${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`lts-slim`) + } + if (variant === defaultAlpine) { + tags.push(`lts-alpine`) + } + } + + // remove duplicates + tags = tags.filter((x, i, a) => a.indexOf(x) == i) + tags = tags.sort() + let directory = `${version}/${variant}` + stackbrew += `\nTags: ${tags.join(', ')}\n` + stackbrew += `Architectures: ${config[version].variants[variant].join(', ')}\n` + stackbrew += `GitCommit: ${getCommitHasForPath(directory)}\n` + stackbrew += `Directory: ${directory}\n` + } +} + +// output +console.log(stackbrew) diff --git a/test-build.sh b/test-build.sh deleted file mode 100755 index 6614725d35..0000000000 --- a/test-build.sh +++ /dev/null @@ -1,93 +0,0 @@ -#!/usr/bin/env bash -# -# Run a test build for all images. - -set -euo pipefail - -. functions.sh - -# Convert comma delimited cli arguments to arrays -# E.g. ./test-build.sh 10,12 slim,alpine -# "10,12" becomes "10 12" and "slim,alpine" becomes "slim alpine" -IFS=',' read -ra versions_arg <<< "${1:-}" -IFS=',' read -ra variant_arg <<< "${2:-}" - -default_variant=$(get_config "./" "default_variant") - -function build() { - local version - local tag - local variant - local full_tag - local path - version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - path=$(get_path "${version}" "${variant}") - - info "Building ${full_tag}..." - - if ! docker build --cpuset-cpus="0,1" -t node:"${full_tag}" "${path}"; then - fatal "Build of ${full_tag} failed!" - fi - info "Build of ${full_tag} succeeded." -} - -function test_image() { - local full_version - local variant - local tag - local full_tag - full_version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - - info "Testing ${full_tag}" - ( - export full_version=${full_version} - export full_tag=${full_tag} - bats test-image.bats - ) -} - -cd "$(cd "${0%/*}" && pwd -P)" || exit - -IFS=' ' read -ra versions <<< "$(get_versions . "${versions_arg[@]}")" -if [ ${#versions[@]} -eq 0 ]; then - fatal "No valid versions found!" -fi - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -a "${version}/${default_variant}/Dockerfile" ] || continue - - tag=$(get_tag "${version}") - full_version=$(get_full_version "${version}") - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")" "${variant_arg[@]}")" - - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - build "${version}" "${variant}" "${tag}" - test_image "${full_version}" "${variant}" "${tag}" - done - -done - -info "All builds successful!" - -exit 0 diff --git a/test-image.bats b/test-image.bats deleted file mode 100755 index 0ed164867c..0000000000 --- a/test-image.bats +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bats - -@test "Test for node and version" { - run docker run --rm -it node:"$full_tag" node -e "process.stdout.write(process.versions.node)" - [ "$status" -eq 0 ] - [ "$output" == "${full_version}" ] -} - -@test "Test for npm" { - run docker run --rm -it node:"$full_tag" npm --version - [ "$status" -eq 0 ] -} - -@test "Test for yarn" { - run docker run --rm -it node:"$full_tag" yarn --version - [ "$status" -eq 0 ] -} diff --git a/travis.yml.template b/travis.yml.template deleted file mode 100644 index 0aa5a08dc2..0000000000 --- a/travis.yml.template +++ /dev/null @@ -1,66 +0,0 @@ ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - - include: - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # diff --git a/update-keys.sh b/update-keys.sh new file mode 100755 index 0000000000..b6fec15418 --- /dev/null +++ b/update-keys.sh @@ -0,0 +1,3 @@ +#!/bin/sh -ex + +curl -fsSLo- --compressed https://github.com/nodejs/node/raw/main/README.md | awk '/--recv-keys.*#/{ gsub(/^.*--recv-keys\s+/,"");gsub(/\s+#.*$/,""); print }' > keys/node.keys diff --git a/update.sh b/update.sh index 87f1c863a6..88dcec1155 100755 --- a/update.sh +++ b/update.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash + set -ue function usage() { @@ -14,31 +15,25 @@ function usage() { - update.sh -s # Update all images, skip updating Alpine and Yarn - update.sh 8,10 # Update all variants of version 8 and 10 - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn - - update.sh 8 buster-slim,buster # Update only buster's slim and buster variants for version 8 - - update.sh -s 8 stretch # Update only stretch variant for version 8, skip updating Alpine and Yarn + - update.sh 8 alpine # Update only alpine's variants for version 8 + - update.sh -s 8 bullseye # Update only bullseye variant for version 8, skip updating Alpine and Yarn - update.sh . alpine # Update the alpine variant for all versions - - update.sh -t # Update .travis.yml only OPTIONS: -s Security update; skip updating the yarn and alpine versions. - -t Travis CI config update only + -b CI config update only -h Show this message EOF } SKIP=false -TRAVIS_CI_ONLY=false -while getopts "sth" opt; do +while getopts "sh" opt; do case "${opt}" in s) SKIP=true shift ;; - t) - TRAVIS_CI_ONLY=true - shift - ;; h) usage exit @@ -71,7 +66,6 @@ fi arch=$(get_arch) if [ "${SKIP}" != true ]; then - alpine_version=$(get_config "./" "alpine_version") yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)" fi @@ -127,11 +121,11 @@ function update_node_version() { shift fi - fullVersion="$(curl -sSL --compressed "${baseuri}" | grep ' /dev/null; then echo "${dockerfile} is already up to date!" else + if [ "${SKIP}" != true ]; then + sed -Ei -e 's/^(ENV YARN_VERSION ).*/\1'"${yarnVersion}"'/' "${dockerfile}-tmp" + fi echo "${dockerfile} updated!" fi + # Required for POSIX sed + if [ -f "${dockerfile}-tmp-e" ]; then + rm "${dockerfile}-tmp-e" + fi + mv -f "${dockerfile}-tmp" "${dockerfile}" ) } -function add_stage() { - local baseuri=${1} - shift - local version=${1} - shift - local variant=${1} - shift - - echo ' - - stage: Build - before_script: *auto_skip - name: '"${version}"' on '"${variant}"' - env: - - NODE_VERSION="'"${version}"'" - - VARIANT="'"${variant}"'"' >> .travis.yml -} - -echo '# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # -' | cat - travis.yml.template > .travis.yml +pids=() for version in "${versions[@]}"; do parentpath=$(dirname "${version}") @@ -213,26 +191,22 @@ for version in "${versions[@]}"; do baseuri=$(get_config "${parentpath}" "baseuri") update_version=$(in_versions_to_update "${version}") - [ "${update_version}" -eq 0 ] && [ true != "$TRAVIS_CI_ONLY" ] && info "Updating version ${version}..." + [ "${update_version}" -eq 0 ] && info "Updating version ${version}..." # Get supported variants according the target architecture # See details in function.sh IFS=' ' read -ra variants <<< "$(get_variants "${parentpath}")" if [ -f "${version}/Dockerfile" ]; then - add_stage "${baseuri}" "${version}" "default" - [ true = "$TRAVIS_CI_ONLY" ] && continue - if [ "${update_version}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${parentpath}/Dockerfile.template" "${version}/Dockerfile" & + pids+=($!) fi fi for variant in "${variants[@]}"; do # Skip non-docker directories [ -f "${version}/${variant}/Dockerfile" ] || continue - add_stage "${baseuri}" "${version}" "${variant}" - [ true = "$TRAVIS_CI_ONLY" ] && continue update_variant=$(in_variants_to_update "${variant}") template_file="${parentpath}/Dockerfile-${variant}.template" @@ -248,9 +222,15 @@ for version in "${versions[@]}"; do cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" if [ "${update_version}" -eq 0 ] && [ "${update_variant}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${template_file}" "${version}/${variant}/Dockerfile" "${variant}" & + pids+=($!) fi done done -wait +# The reason we explicitly wait on each pid is so the return status of this script is set properly +# if one of the jobs fails. If we just called "wait", the exit status would always be 0 +for pid in "${pids[@]}"; do + wait "$pid" +done + info "Done!" diff --git a/versions.json b/versions.json new file mode 100644 index 0000000000..cf9699e20a --- /dev/null +++ b/versions.json @@ -0,0 +1,143 @@ +{ + "24": { + "start": "2025-05-06", + "lts": "2025-10-28", + "maintenance": "2026-10-20", + "end": "2028-04-30", + "codename": "", + "alpine-default": "alpine3.22", + "debian-default": "bookworm", + "variants": { + "alpine3.21": [ + "amd64", + "arm64v8", + "s390x" + ], + "alpine3.22": [ + "amd64", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm64v8" + ] + } + }, + "22": { + "start": "2024-04-23", + "lts": "2024-10-29", + "maintenance": "2025-10-21", + "end": "2027-04-30", + "codename": "jod", + "alpine-default": "alpine3.22", + "debian-default": "bookworm", + "variants": { + "alpine3.21": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "alpine3.22": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm32v7", + "arm64v8" + ] + } + }, + "20": { + "start": "2023-04-18", + "lts": "2023-10-24", + "maintenance": "2024-10-22", + "end": "2026-04-30", + "codename": "iron", + "alpine-default": "alpine3.22", + "debian-default": "bookworm", + "variants": { + "alpine3.21": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "alpine3.22": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm32v7", + "arm64v8" + ] + } + } +} pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy