diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..f83023c169 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +* text=auto eol=lf +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/ISSUE_TEMPLATE/1-bug-report.md b/.github/ISSUE_TEMPLATE/1-bug-report.md new file mode 100644 index 0000000000..d8ea9da3b4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-bug-report.md @@ -0,0 +1,48 @@ +--- +name: "\U0001F41B Bug Report" +about: Create a bug report to help us improve +--- + + + +## Environment + +* **Platform**: +* **Docker Version**: +* **Node.js Version**: +* **Image Tag**: + +## Expected Behavior + + + +## Current Behavior + + + +## Possible Solution + + + +## Steps to Reproduce + + + +## Additional Information + + + diff --git a/.github/ISSUE_TEMPLATE/2-feature-request.md b/.github/ISSUE_TEMPLATE/2-feature-request.md new file mode 100644 index 0000000000..31a875664e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-feature-request.md @@ -0,0 +1,29 @@ +--- +name: "\U0001F680 Feature Request" +about: Suggest an idea for this project +--- + + + +## Problem + + + +## Solution + + + +## Alternatives to Consider + + + diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..d546134109 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,11 @@ +blank_issues_enabled: false +contact_links: + - name: Need help with Node.js? + url: https://github.com/nodejs/help + about: Please file an issue in our help repo + - name: Found a problem with Node.js beyond the API reference documentation? + url: https://github.com/nodejs/nodejs.org/issues/new/choose + about: Please file an issue in the Node.js website repository + - name: Need help with common questions related to using Node.js with Docker? + url: https://stackoverflow.com/questions/tagged/node.js%2bdocker + about: Please visit Stack Overflow to explore related questions and answers diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..6fadc5bdf3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,54 @@ + + +## Description + + + +## Motivation and Context + + + +## Testing Details + + + +## Example Output(if appropriate) + +## Types of changes + + + +- [ ] Documentation +- [ ] Version change (Update, remove or add more Node.js versions) +- [ ] Variant change (Update, remove or add more variants, or versions of variants) +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to change) +- [ ] Other (none of the above) + +## Checklist + + + +- [ ] My code follows the code style of this project. +- [ ] My change requires a change to the documentation. +- [ ] I have updated the documentation accordingly. +- [ ] I have read the **CONTRIBUTING.md** document. +- [ ] All new and existing tests passed. + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..afb98ae0c7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml new file mode 100644 index 0000000000..ab7667841d --- /dev/null +++ b/.github/workflows/automatic-updates.yml @@ -0,0 +1,39 @@ +name: Automatically update Docker image versions + +on: + workflow_dispatch: + schedule: + - cron: "*/15 * * * *" + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' + permissions: + pull-requests: write + + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + + - name: Run automation script + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: updt + with: + result-encoding: string + script: | + const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/build-automation.mjs`); + return script(github); + + - name: Create update PR + id: cpr + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 + with: + token: ${{ secrets.GH_API_TOKEN }} + author: "Node.js GitHub Bot " + branch: update-branch + base: main + commit-message: "feat: Node.js ${{ steps.updt.outputs.result }}" + title: "feat: Node.js ${{ steps.updt.outputs.result }}" + delete-branch: true + team-reviewers: | + nodejs/docker diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml new file mode 100644 index 0000000000..1bd7ef3278 --- /dev/null +++ b/.github/workflows/build-test.yml @@ -0,0 +1,98 @@ +name: build-test + +on: + push: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + + pull_request: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + +jobs: + gen-matrix: + name: generate-matrix + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + + - name: Calculate file differences + id: diff + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6 + with: + json: true + escape_json: false + + - name: Generate testing matrix + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: generator + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const script = require(`${process.env.GITHUB_WORKSPACE}/genMatrix.js`) + return script( + ${{ steps.diff.outputs.added_files }}, + ${{ steps.diff.outputs.modified_files }}, + ${{ steps.diff.outputs.renamed_files }}, + ); + + outputs: + matrix: ${{ steps.generator.outputs.result }} + + build: + if: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + needs: gen-matrix + name: build + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + + steps: + - name: Get short node version + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: short-version + with: + result-encoding: string + script: return "${{ matrix.version }}".split('.')[0] + + - name: Checkout + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + + - name: Build image + uses: docker/build-push-action@53b7df96c91f9c12dcc8a07bcb9ccacbed38856a # v7.3.0 + with: + push: false + load: true + context: . + file: ./${{ steps.short-version.outputs.result }}/${{ matrix.variant }}/Dockerfile + tags: node:${{ matrix.version }}-${{ matrix.variant }} + + - name: Test for node version + run: | + image_node_version=$(docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node") + echo "Expected: \"${{ matrix.version }}\", Got: \"${image_node_version}\"" + [ "${image_node_version}" == "${{ matrix.version }}" ] + + - name: Verify entrypoint runs regular, non-executable files with node + run: | + tmp_file=$(mktemp) + echo 'console.log("success")' > "${tmp_file}" + output=$(docker run --rm -v "${tmp_file}:/app/index.js" node:${{ matrix.version }}-${{ matrix.variant }} app/index.js) + [ "${output}" = 'success' ] + + - name: Test for npm + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + + - name: Test for yarn + if: startsWith(matrix.version, '22') || startsWith(matrix.version, '24') || startsWith(matrix.version, '25') + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml new file mode 100644 index 0000000000..b3815b2f67 --- /dev/null +++ b/.github/workflows/doctoc.yml @@ -0,0 +1,30 @@ +name: Check generated TOCs + +on: + pull_request: + paths: + - "README.md" + - "docs/BestPractices.md" + +permissions: + contents: read + +jobs: + doctoc: + name: Doc TOC Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - name: Install doctoc + run: npm i -g doctoc + - name: Create README copy and diff with doctoc + run: cp README.md README.md.tmp && + doctoc --title='## Table of Contents' --github README.md && + diff -q README.md README.md.tmp + - name: Create "docs/BestPractices.md" copy and diff with doctoc + run: cp docs/BestPractices.md docs/BestPractices.md.tmp && + doctoc --title='## Table of Contents' --github docs/BestPractices.md && + diff -q docs/BestPractices.md docs/BestPractices.md.tmp diff --git a/.github/workflows/eclint.yml b/.github/workflows/eclint.yml new file mode 100644 index 0000000000..d0fb52b8f4 --- /dev/null +++ b/.github/workflows/eclint.yml @@ -0,0 +1,17 @@ +name: Test Whitespace and line endings + +on: [pull_request] + +permissions: + contents: read + +jobs: + eclint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - run: npm i -g eclint + - run: eclint check diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml new file mode 100644 index 0000000000..fcc4b269df --- /dev/null +++ b/.github/workflows/markdown-link-check.yml @@ -0,0 +1,23 @@ +name: Check Markdown links + +on: + pull_request: + paths: + - "**/*.md" + - "markdown_link_check_config.json" + +permissions: + contents: read + +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - name: Install markdown-link-check + run: npm i -g markdown-link-check@3.14.2 + - name: Run markdown-link-check on MD files + run: find . -name "*.md" | xargs -n 1 markdown-link-check -c markdown_link_check_config.json -q diff --git a/.github/workflows/missing-checksum.yml b/.github/workflows/missing-checksum.yml new file mode 100644 index 0000000000..a26124e3fa --- /dev/null +++ b/.github/workflows/missing-checksum.yml @@ -0,0 +1,23 @@ +name: Check Alpine CHECKSUM + +on: + pull_request: + paths: + - ".github/workflows/missing-checksum.yml" + - "**/alpine*/Dockerfile" + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + + - name: Count number of Alpine Dockersfiles without CHECKSUM + run: | + git grep -n 'CHECKSUM=""' -- '*alpine*/Dockerfile' | sed -E 's/^([^:]+):([^:]+):\s*/::error file=\1,line=\2::Missing pre-built checksum/' + if [ "${PIPESTATUS[0]}" -eq 0 ]; then + exit 1 + fi diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml new file mode 100644 index 0000000000..d4efebb90f --- /dev/null +++ b/.github/workflows/official-pr.yml @@ -0,0 +1,66 @@ +name: Create official images PR + +on: + pull_request_target: + types: + - closed + + paths: + - ".github/workflows/official-pr.yml" + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - "versions.json" + - "stackbrew.js" + +jobs: + pr: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' && github.event.pull_request.merged_by != '' + permissions: + pull-requests: write + + steps: + - name: Checkout the docker-node repo + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + path: docker-node + ref: ${{ github.base_ref }} + fetch-depth: 50 + + - name: Checkout the official-images repo + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + path: official-images + repository: docker-library/official-images + + - name: Generate Stackbrew for diff + run: | + cd docker-node + ./stackbrew.js > ../official-images/library/node + + - name: Create PR in official-images + id: create-pr + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 + with: + token: ${{ secrets.GH_API_TOKEN }} + push-to-fork: nodejs/official-images + path: official-images + branch: node + commit-message: "Node: ${{ github.event.pull_request.title }}" + title: "Node: ${{ github.event.pull_request.title }}" + body: | + Pull Request: ${{ github.event.pull_request.html_url }} + @PeterDaveHello @SimenB @nschonni @rafaelgss @mcollina + + - name: PR details + run: | + echo "Pull Request Number - ${{ steps.create-pr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}" + + - name: Create PR comment + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 + if: ${{ steps.create-pr.outputs.pull-request-url != '' }} + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + Created PR on the official-images repo (${{ steps.create-pr.outputs.pull-request-url }}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub. diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000000..a9c73bf762 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '30 12 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@54f647b7e1bb85c95cddabcd46b0c578ec92bc1a # v4.36.3 + with: + sarif_file: results.sarif diff --git a/.github/workflows/shfmt.yml b/.github/workflows/shfmt.yml new file mode 100644 index 0000000000..a84253dbcb --- /dev/null +++ b/.github/workflows/shfmt.yml @@ -0,0 +1,25 @@ +name: Check Shell scripts + +on: + pull_request: + paths: + - "**/*.sh" + - ".github/workflows/shfmt.yml" + +permissions: + contents: read + +jobs: + shfmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - run: docker run -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . + - run: git diff --color --exit-code + + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 + - name: Run ShellCheck + uses: bewuethr/shellcheck-action@80bac2daa9fcf95d648200a793d00060857e6dc4 # v2.3.0 diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 0055174f25..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,318 +0,0 @@ -# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # - ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - allow_failures: - - env: - - TEST=mardown_lint - - include: - - stage: Test - name: Markdown link check - env: - - TEST=mardown_lint - language: node_js - node_js: - - lts/* - install: - - npm i -g markdown-link-check - script: - - find . -name "*.md" | xargs -n 1 markdown-link-check - - - stage: Test - name: Editor Config check - language: node_js - node_js: - - lts/* - install: - - npm i -g eclint - script: - - eclint check - - - stage: Test - name: Doc Toc Check - language: node_js - node_js: - - lts/* - install: npm i -g doctoc - script: - - cp README.md README.md.tmp && - doctoc --title='## Table of Contents' --github README.md && - diff -q README.md README.md.tmp - - - stage: Test - name: shfmt check - script: - - docker run -it --rm -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - - git diff --color - - git diff --stat=220 --color --exit-code - - - stage: Test - name: Shell Check - script: shellcheck *.sh - - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # - - - stage: Build - before_script: *auto_skip - name: 10 on jessie - env: - - NODE_VERSION="10" - - VARIANT="jessie" - - - stage: Build - before_script: *auto_skip - name: 10 on jessie-slim - env: - - NODE_VERSION="10" - - VARIANT="jessie-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch - env: - - NODE_VERSION="10" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch-slim - env: - - NODE_VERSION="10" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on buster - env: - - NODE_VERSION="10" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 10 on buster-slim - env: - - NODE_VERSION="10" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine3.9 - env: - - NODE_VERSION="10" - - VARIANT="alpine3.9" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine3.10 - env: - - NODE_VERSION="10" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch - env: - - NODE_VERSION="12" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch-slim - env: - - NODE_VERSION="12" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on buster - env: - - NODE_VERSION="12" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 12 on buster-slim - env: - - NODE_VERSION="12" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine3.9 - env: - - NODE_VERSION="12" - - VARIANT="alpine3.9" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine3.10 - env: - - NODE_VERSION="12" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch - env: - - NODE_VERSION="13" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch-slim - env: - - NODE_VERSION="13" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on buster - env: - - NODE_VERSION="13" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 13 on buster-slim - env: - - NODE_VERSION="13" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on alpine3.10 - env: - - NODE_VERSION="13" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: 8 on jessie - env: - - NODE_VERSION="8" - - VARIANT="jessie" - - - stage: Build - before_script: *auto_skip - name: 8 on jessie-slim - env: - - NODE_VERSION="8" - - VARIANT="jessie-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on stretch - env: - - NODE_VERSION="8" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 8 on stretch-slim - env: - - NODE_VERSION="8" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on buster - env: - - NODE_VERSION="8" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 8 on buster-slim - env: - - NODE_VERSION="8" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on alpine3.9 - env: - - NODE_VERSION="8" - - VARIANT="alpine3.9" - - - stage: Build - before_script: *auto_skip - name: 8 on alpine3.10 - env: - - NODE_VERSION="8" - - VARIANT="alpine3.10" - - - stage: Build - before_script: *auto_skip - name: chakracore/10 on default - env: - - NODE_VERSION="chakracore/10" - - VARIANT="default" - - - stage: Build - before_script: *auto_skip - name: chakracore/8 on default - env: - - NODE_VERSION="chakracore/8" - - VARIANT="default" diff --git a/10/alpine3.10/docker-entrypoint.sh b/10/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/alpine3.9/docker-entrypoint.sh b/10/alpine3.9/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine3.9/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/architectures b/10/architectures deleted file mode 100644 index 162fbcbf1d..0000000000 --- a/10/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm32v6 alpine3.9,alpine3.10 -arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -i386 alpine3.9,alpine3.10 -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile deleted file mode 100644 index 941ae09e5f..0000000000 --- a/10/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/buster-slim/docker-entrypoint.sh b/10/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/buster/docker-entrypoint.sh b/10/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie-slim/Dockerfile b/10/jessie-slim/Dockerfile deleted file mode 100644 index 9a5f591349..0000000000 --- a/10/jessie-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:jessie-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/jessie-slim/docker-entrypoint.sh b/10/jessie-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie/docker-entrypoint.sh b/10/jessie/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile deleted file mode 100644 index abe4b9a5b4..0000000000 --- a/10/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/stretch-slim/docker-entrypoint.sh b/10/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.10/docker-entrypoint.sh b/12/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.9/docker-entrypoint.sh b/12/alpine3.9/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine3.9/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/architectures b/12/architectures deleted file mode 100644 index 0185a0fd8a..0000000000 --- a/12/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm32v6 alpine3.9,alpine3.10 -arm32v7 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -i386 alpine3.9,alpine3.10 -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile deleted file mode 100644 index 94cf6551af..0000000000 --- a/12/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/buster-slim/docker-entrypoint.sh b/12/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/buster/docker-entrypoint.sh b/12/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile deleted file mode 100644 index f116a98729..0000000000 --- a/12/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch-slim/docker-entrypoint.sh b/12/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile deleted file mode 100644 index bbe171ab61..0000000000 --- a/12/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch/docker-entrypoint.sh b/12/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/alpine3.10/Dockerfile b/13/alpine3.10/Dockerfile deleted file mode 100644 index 4c18322f69..0000000000 --- a/13/alpine3.10/Dockerfile +++ /dev/null @@ -1,95 +0,0 @@ -FROM alpine:3.10 - -ENV NODE_VERSION 13.1.0 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="57cc9f7282e67c69b2ee986c71a490bc8750d426f04d458d20debde554a19505" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/alpine3.10/docker-entrypoint.sh b/13/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/architectures b/13/architectures deleted file mode 100644 index 7adab03f0a..0000000000 --- a/13/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 alpine,stretch,stretch-slim,buster,buster-slim -arm32v6 alpine -arm32v7 alpine,stretch,stretch-slim,buster,buster-slim -arm64v8 alpine,stretch,stretch-slim,buster,buster-slim -i386 alpine -ppc64le alpine,stretch,stretch-slim,buster,buster-slim -s390x alpine,stretch,stretch-slim,buster,buster-slim diff --git a/13/buster-slim/Dockerfile b/13/buster-slim/Dockerfile deleted file mode 100644 index c0072d1533..0000000000 --- a/13/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.1.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster-slim/docker-entrypoint.sh b/13/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile deleted file mode 100644 index 51996df86d..0000000000 --- a/13/buster/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:buster - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.1.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster/docker-entrypoint.sh b/13/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch-slim/Dockerfile b/13/stretch-slim/Dockerfile deleted file mode 100644 index dedccca95b..0000000000 --- a/13/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.1.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch-slim/docker-entrypoint.sh b/13/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch/Dockerfile b/13/stretch/Dockerfile deleted file mode 100644 index 077292d1e1..0000000000 --- a/13/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.1.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch/docker-entrypoint.sh b/13/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine3.10/Dockerfile b/22/alpine3.23/Dockerfile similarity index 55% rename from 12/alpine3.10/Dockerfile rename to 22/alpine3.23/Dockerfile index a23bb5b9fd..974a3153b9 100644 --- a/12/alpine3.10/Dockerfile +++ b/22/alpine3.23/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.10 +FROM alpine:3.23 -ENV NODE_VERSION 12.13.0 +ENV NODE_VERSION=22.23.1 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f1c73636c4d345c4aefd65cc959f793d7bb795200d43e19e418d7811670b03dd" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="25b5ec8550ca8bac9ade321f8b87e1c1aa6a64020ce34efef0217fe84106794c" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,27 +70,39 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/alpine3.23/docker-entrypoint.sh b/22/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/alpine3.10/Dockerfile b/22/alpine3.24/Dockerfile similarity index 55% rename from 10/alpine3.10/Dockerfile rename to 22/alpine3.24/Dockerfile index 4e088fcd0a..048efbf155 100644 --- a/10/alpine3.10/Dockerfile +++ b/22/alpine3.24/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.10 +FROM alpine:3.24 -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=22.23.1 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f893a03c5b51e0c540e32cd52773221a2f9b6d575e7fe79ffe9e878483c703ff" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="25b5ec8550ca8bac9ade321f8b87e1c1aa6a64020ce34efef0217fe84106794c" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,27 +70,39 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/alpine3.24/docker-entrypoint.sh b/22/alpine3.24/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.24/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bookworm-slim/Dockerfile b/22/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..a47dc5c594 --- /dev/null +++ b/22/bookworm-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.23.1 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bookworm-slim/docker-entrypoint.sh b/22/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/buster/Dockerfile b/22/bookworm/Dockerfile similarity index 56% rename from 10/buster/Dockerfile rename to 22/bookworm/Dockerfile index e6394f5c07..071b7c2a40 100644 --- a/10/buster/Dockerfile +++ b/22/bookworm/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:bookworm RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=22.23.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -12,54 +12,63 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/bookworm/docker-entrypoint.sh b/22/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bullseye-slim/Dockerfile b/22/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..5cad07f589 --- /dev/null +++ b/22/bullseye-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.23.1 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bullseye-slim/docker-entrypoint.sh b/22/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/jessie/Dockerfile b/22/bullseye/Dockerfile similarity index 56% rename from 10/jessie/Dockerfile rename to 22/bullseye/Dockerfile index 85b82632b0..808c62c9bc 100644 --- a/10/jessie/Dockerfile +++ b/22/bullseye/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:jessie +FROM buildpack-deps:bullseye RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=22.23.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -12,54 +12,63 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/bullseye/docker-entrypoint.sh b/22/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/trixie-slim/Dockerfile b/22/trixie-slim/Dockerfile new file mode 100644 index 0000000000..d6b1a70cb2 --- /dev/null +++ b/22/trixie-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.23.1 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/trixie-slim/docker-entrypoint.sh b/22/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/stretch/Dockerfile b/22/trixie/Dockerfile similarity index 56% rename from 10/stretch/Dockerfile rename to 22/trixie/Dockerfile index d3d984d9c4..aeae60f08d 100644 --- a/10/stretch/Dockerfile +++ b/22/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:stretch +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=22.23.1 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -12,54 +12,63 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/trixie/docker-entrypoint.sh b/22/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/alpine3.9/Dockerfile b/24/alpine3.23/Dockerfile similarity index 55% rename from 12/alpine3.9/Dockerfile rename to 24/alpine3.23/Dockerfile index 90d90b65ce..df4aa5a8bb 100644 --- a/12/alpine3.9/Dockerfile +++ b/24/alpine3.23/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.9 +FROM alpine:3.23 -ENV NODE_VERSION 12.13.0 +ENV NODE_VERSION=24.18.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f1c73636c4d345c4aefd65cc959f793d7bb795200d43e19e418d7811670b03dd" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="b818a0c3857272329cad4d575abf49e5060215858c9c3015437366f8adc7b85d" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,27 +70,39 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/alpine3.23/docker-entrypoint.sh b/24/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/alpine3.9/Dockerfile b/24/alpine3.24/Dockerfile similarity index 55% rename from 10/alpine3.9/Dockerfile rename to 24/alpine3.24/Dockerfile index 7bfe8d211d..56fec59851 100644 --- a/10/alpine3.9/Dockerfile +++ b/24/alpine3.24/Dockerfile @@ -1,6 +1,6 @@ -FROM alpine:3.9 +FROM alpine:3.24 -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=24.18.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="f893a03c5b51e0c540e32cd52773221a2f9b6d575e7fe79ffe9e878483c703ff" \ - ;; \ + x86_64) ARCH='x64' CHECKSUM="b818a0c3857272329cad4d575abf49e5060215858c9c3015437366f8adc7b85d" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,28 +35,29 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -67,27 +70,39 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/alpine3.24/docker-entrypoint.sh b/24/alpine3.24/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.24/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bookworm-slim/Dockerfile b/24/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..2bfe2946b3 --- /dev/null +++ b/24/bookworm-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.18.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bookworm-slim/docker-entrypoint.sh b/24/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bookworm/Dockerfile b/24/bookworm/Dockerfile new file mode 100644 index 0000000000..38839d5958 --- /dev/null +++ b/24/bookworm/Dockerfile @@ -0,0 +1,76 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.18.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bookworm/docker-entrypoint.sh b/24/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bullseye-slim/Dockerfile b/24/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..f501d7c097 --- /dev/null +++ b/24/bullseye-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.18.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bullseye-slim/docker-entrypoint.sh b/24/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bullseye/Dockerfile b/24/bullseye/Dockerfile new file mode 100644 index 0000000000..08b80bb7cd --- /dev/null +++ b/24/bullseye/Dockerfile @@ -0,0 +1,76 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.18.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bullseye/docker-entrypoint.sh b/24/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/trixie-slim/Dockerfile b/24/trixie-slim/Dockerfile new file mode 100644 index 0000000000..56111ccc2d --- /dev/null +++ b/24/trixie-slim/Dockerfile @@ -0,0 +1,103 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.18.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/trixie-slim/docker-entrypoint.sh b/24/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/buster/Dockerfile b/24/trixie/Dockerfile similarity index 56% rename from 12/buster/Dockerfile rename to 24/trixie/Dockerfile index 47730761a3..573c40817d 100644 --- a/12/buster/Dockerfile +++ b/24/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.13.0 +ENV NODE_VERSION=24.18.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -12,54 +12,63 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/trixie/docker-entrypoint.sh b/24/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/alpine3.23/Dockerfile b/26/alpine3.23/Dockerfile new file mode 100644 index 0000000000..a5ed0ade41 --- /dev/null +++ b/26/alpine3.23/Dockerfile @@ -0,0 +1,87 @@ +FROM alpine:3.23 + +ENV NODE_VERSION=26.4.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="e6c40e4f9828d387004a3ac82bc89bdef823ddcc462b540aaa1481f67e7ee6d0" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + rust \ + cargo \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/alpine3.23/docker-entrypoint.sh b/26/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/alpine3.24/Dockerfile b/26/alpine3.24/Dockerfile new file mode 100644 index 0000000000..29a91be460 --- /dev/null +++ b/26/alpine3.24/Dockerfile @@ -0,0 +1,87 @@ +FROM alpine:3.24 + +ENV NODE_VERSION=26.4.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="e6c40e4f9828d387004a3ac82bc89bdef823ddcc462b540aaa1481f67e7ee6d0" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + rust \ + cargo \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/alpine3.24/docker-entrypoint.sh b/26/alpine3.24/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/alpine3.24/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/bookworm-slim/Dockerfile b/26/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..f108d10a00 --- /dev/null +++ b/26/bookworm-slim/Dockerfile @@ -0,0 +1,66 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/bookworm-slim/docker-entrypoint.sh b/26/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/bookworm/Dockerfile b/26/bookworm/Dockerfile new file mode 100644 index 0000000000..c8bfb246c3 --- /dev/null +++ b/26/bookworm/Dockerfile @@ -0,0 +1,52 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/bookworm/docker-entrypoint.sh b/26/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/bullseye-slim/Dockerfile b/26/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..059ad3ac73 --- /dev/null +++ b/26/bullseye-slim/Dockerfile @@ -0,0 +1,66 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/bullseye-slim/docker-entrypoint.sh b/26/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/bullseye/Dockerfile b/26/bullseye/Dockerfile new file mode 100644 index 0000000000..c363a9bf87 --- /dev/null +++ b/26/bullseye/Dockerfile @@ -0,0 +1,52 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/bullseye/docker-entrypoint.sh b/26/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/trixie-slim/Dockerfile b/26/trixie-slim/Dockerfile new file mode 100644 index 0000000000..0ce53e4202 --- /dev/null +++ b/26/trixie-slim/Dockerfile @@ -0,0 +1,66 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/trixie-slim/docker-entrypoint.sh b/26/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/26/trixie/Dockerfile b/26/trixie/Dockerfile new file mode 100644 index 0000000000..82b42e48a5 --- /dev/null +++ b/26/trixie/Dockerfile @@ -0,0 +1,52 @@ +FROM buildpack-deps:trixie + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=26.4.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/26/trixie/docker-entrypoint.sh b/26/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/26/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/8/alpine3.10/Dockerfile b/8/alpine3.10/Dockerfile deleted file mode 100644 index b0b7637f17..0000000000 --- a/8/alpine3.10/Dockerfile +++ /dev/null @@ -1,95 +0,0 @@ -FROM alpine:3.10 - -ENV NODE_VERSION 8.16.2 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="39276723f03e4adaa9f2eeded8653ca6b74d3df23ac70a3455a28c51f0cf0001" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/alpine3.10/docker-entrypoint.sh b/8/alpine3.10/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/alpine3.10/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/alpine3.9/Dockerfile b/8/alpine3.9/Dockerfile deleted file mode 100644 index f9ecccddab..0000000000 --- a/8/alpine3.9/Dockerfile +++ /dev/null @@ -1,95 +0,0 @@ -FROM alpine:3.9 - -ENV NODE_VERSION 8.16.2 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ - && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM="39276723f03e4adaa9f2eeded8653ca6b74d3df23ac70a3455a28c51f0cf0001" \ - ;; \ - *) ;; \ - esac \ - && if [ -n "${CHECKSUM}" ]; then \ - set -eu; \ - curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ - echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ - else \ - echo "Building from source" \ - # backup build - && apk add --no-cache --virtual .build-deps-full \ - binutils-gold \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps-full \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ - fi \ - && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/alpine3.9/docker-entrypoint.sh b/8/alpine3.9/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/alpine3.9/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/architectures b/8/architectures deleted file mode 100644 index 39a08d86e8..0000000000 --- a/8/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild -arm32v6 alpine3.9,alpine3.10 -arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild -arm64v8 stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild -i386 jessie,jessie-slim,alpine,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild -ppc64le stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild -s390x stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10,onbuild diff --git a/8/buster-slim/Dockerfile b/8/buster-slim/Dockerfile deleted file mode 100644 index a5b235a857..0000000000 --- a/8/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/buster-slim/docker-entrypoint.sh b/8/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/buster/Dockerfile b/8/buster/Dockerfile deleted file mode 100644 index 4515d7c6aa..0000000000 --- a/8/buster/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:buster - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/buster/docker-entrypoint.sh b/8/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/jessie-slim/Dockerfile b/8/jessie-slim/Dockerfile deleted file mode 100644 index d69644ec10..0000000000 --- a/8/jessie-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:jessie-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/jessie-slim/docker-entrypoint.sh b/8/jessie-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/jessie-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/jessie/Dockerfile b/8/jessie/Dockerfile deleted file mode 100644 index b937ad84b4..0000000000 --- a/8/jessie/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:jessie - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/jessie/docker-entrypoint.sh b/8/jessie/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/jessie/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/onbuild/Dockerfile b/8/onbuild/Dockerfile deleted file mode 100644 index b7bbbcc68d..0000000000 --- a/8/onbuild/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM node:8.16.2-stretch - -RUN mkdir -p /usr/src/app -WORKDIR /usr/src/app - -ONBUILD ARG NODE_ENV -ONBUILD ENV NODE_ENV $NODE_ENV -ONBUILD COPY package.json /usr/src/app/ -ONBUILD RUN npm install && npm cache clean --force -ONBUILD COPY . /usr/src/app - -CMD [ "npm", "start" ] diff --git a/8/stretch-slim/Dockerfile b/8/stretch-slim/Dockerfile deleted file mode 100644 index 62e90ae157..0000000000 --- a/8/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/stretch-slim/docker-entrypoint.sh b/8/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/stretch/Dockerfile b/8/stretch/Dockerfile deleted file mode 100644 index f1d34d71d9..0000000000 --- a/8/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/stretch/docker-entrypoint.sh b/8/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/ACTIVE_MAINTAINERS b/ACTIVE_MAINTAINERS deleted file mode 100644 index 6425f28e38..0000000000 --- a/ACTIVE_MAINTAINERS +++ /dev/null @@ -1,5 +0,0 @@ -LaurentGoderre -pesho -PeterDaveHello -SimenB -Starefossen diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0d81fd960e..1e7b53497a 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,13 +2,74 @@ Thank you for your contribution. Here are a set of guidelines for contributing to the docker-node project. +## Governance and decision making + +Project governance uses consensus seeking. See [GOVERNANCE.md](./GOVERNANCE.md) for +roles and the decision process. + +For governance-sensitive or potentially contentious changes, open a PR (or issue) +with rationale and allow time for async feedback. + +If a final decision cannot be reached via consensus seeking, escalation goes to +the Node.js TSC as final arbiter. + +## Discussion Areas + + +You can use Node.js channels (prefixed by `#nodejs-`) in the [OpenJSF Slack](https://slack-invite.openjsf.org/) workspace for discussions. + + +- [#nodejs-distributions](https://openjs-foundation.slack.com/archives/C0ALS3UDE8G) covers discussions for this repo (`docker-node`). + +- [#nodejs-release](https://openjs-foundation.slack.com/archives/C019MGJQ8RH) is linked to the [Node.js Release Working Group](https://github.com/nodejs/release#readme) responsible for the upstream releases of Node.js used by this repo. + ## Version Updates New **Node.js** releases are released as soon as possible. -New **NPM** releases are not tracked. We simply use the NPM version bundled in the corresponding Node.js release. +New **npm** releases are not tracked. We simply use the npm version bundled in the corresponding Node.js release. + +**[Yarn v1 Classic](https://classic.yarnpkg.com/)** is no longer maintained upstream, and it is removed when constructing Dockerfiles +from templates starting with the Node 26 images. + +**[Alpine Linux](https://alpinelinux.org/releases/)** latest two releases are used. +When Alpine Linux makes a new branch available, which is planned for May and November each year, +this branch is adopted as a new base image and it becomes the default +for each supported Node.js release line. +The lowest previously used Alpine Linux release is dropped for future image builds, +so that only the two latest releases are maintained. + +### Image Creation Automation + +- Every 15 minutes, the [workflow](https://github.com/nodejs/docker-node/blob/main/.github/workflows/automatic-updates.yml) within the [nodejs/docker-node](https://github.com/nodejs/docker-node) repo [checks](https://github.com/nodejs/docker-node/blob/main/build-automation.mjs) for new versions of Node.js [published to the website's `index.json` file](https://nodejs.org/download/release/index.json). + - If found, it also checks for an [unofficial musl/Alpine build](https://unofficial-builds.nodejs.org/download/release/index.json). + - If found, the [update script](https://github.com/nodejs/docker-node/blob/main/update.sh) runs + - The workflow opens a pull request either automatically via [nodejs-github-bot](https://github.com/nodejs-github-bot) or in some cases manually, such as when there is a new major release. +- Another [workflow](https://github.com/nodejs/docker-node/blob/main/.github/workflows/official-pr.yml) detects the merger of these pull requests and opens a pull request to [docker-library/official-images](https://github.com/docker-library/official-images). +- The official images are built and published according to [docker's process](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what), resulting in the new images being available on [Docker Hub](https://hub.docker.com/_/node). + +### Image Creation Manually + +Image updates for existing Node.js release lines are created automatically as described above. +If there is a problem with the automated process, it may be necessary to create an update PR manually. +If you believe there is a need for a manual PR, and you are not a member of the +[Docker Maintainers](./README.md#docker-maintainers) or +[Collaborators](./README.md#collaborators) team of this repo, +please first open an issue to describe the update problem +and your suggestion to resolve it. + +To set up a version update PR, follow these instructions: + +1. [Fork this project.](https://docs.github.com/en/get-started/quickstart/fork-a-repo) +1. [Clone the forked repository.](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) +1. Create a branch for the update PR. For example, `git checkout main; git checkout -b version-update`. +1. Run `./update.sh`. You can see additional options by using the built-in help documentation with `./update.sh -h`. This script will automatically update the appropriate files with the latest versions and checksums. +1. Commit the modified files to the `version-update` branch and push the branch to your fork. +1. [Create a PR to merge the branch from your fork into this project's default branch.](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). -**Yarn** is updated to the latest version only when there is a new Node.js SemVer PATCH release, and it's updated only in the branch with the new release, preferably in the same PR. The `update.sh` script does this automatically when invoked with a specific branch, e.g. `./update.sh 6.10`. +When a new Node.js release line is expected, additional preparation is necessary, including updates to the +[versions.json](./versions.json) file and creation of a major version directory, populated with generated files. +This task is undertaken by members of the repo team above. ## Adding dependencies to the base images diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 0544c43d46..7ccaab1a18 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,6 +1,6 @@ FROM alpine:0.0 -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ @@ -8,12 +8,14 @@ RUN addgroup -g 1000 node \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ curl \ - && ARCH= && alpineArch="$(apk --print-arch)" \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ && case "${alpineArch##*-}" in \ - x86_64) \ - ARCH='x64' \ - CHECKSUM=CHECKSUM_x64 \ - ;; \ + x86_64) ARCH='x64' CHECKSUM=CHECKSUM_x64 OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ *) ;; \ esac \ && if [ -n "${CHECKSUM}" ]; then \ @@ -33,18 +35,24 @@ RUN addgroup -g 1000 node \ libgcc \ linux-headers \ make \ - python \ + python3 \ + py-setuptools \ + rust \ + cargo \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ @@ -57,27 +65,39 @@ RUN addgroup -g 1000 node \ && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ fi \ && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ - && apk del .build-deps + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 13ec6404b3..5f00f8f081 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -3,7 +3,7 @@ FROM buildpack-deps:name RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -12,44 +12,56 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ s390x) ARCH='s390x';; \ arm64) ARCH='arm64';; \ armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-onbuild.template b/Dockerfile-onbuild.template deleted file mode 100644 index 5b0cbc8846..0000000000 --- a/Dockerfile-onbuild.template +++ /dev/null @@ -1,12 +0,0 @@ -FROM node:0.0.0-stretch - -RUN mkdir -p /usr/src/app -WORKDIR /usr/src/app - -ONBUILD ARG NODE_ENV -ONBUILD ENV NODE_ENV $NODE_ENV -ONBUILD COPY package.json /usr/src/app/ -ONBUILD RUN npm install && npm cache clean --force -ONBUILD COPY . /usr/src/app - -CMD [ "npm", "start" ] diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 89de397259..5a643ebdee 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -3,56 +3,92 @@ FROM debian:name-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 77020bc50c..47759b9993 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -1,139 +1,107 @@ -# Docker Working Group - -The Node.js Docker project is jointly governed by a Working Group (WG) -that is responsible for high-level guidance of the project. - -The WG has final authority over this project including: - -* Technical direction -* Project governance and process (including this policy) -* Contribution policy -* GitHub repository hosting -* Conduct guidelines -* Maintaining the list of additional Collaborators - -For the current list of WG members, see the project -[README.md](./README.md#people). - -## Collaborators - -The [nodejs/docker-node](https://github.com/nodejs/docker-node) GitHub -repository is maintained by the WG and additional Collaborators who -are added by the WG on an ongoing basis. - -Individuals making significant and valuable contributions are made -Collaborators and given commit-access to the project. These -individuals are identified by the WG and their addition as -Collaborators is discussed as a pull request to this project's -[README.md](./README.md#people). - -_Note:_ If you make a significant contribution and are not considered -for commit-access log an issue or contact a WG member directly. - -Modifications of the contents of the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -are made on a collaborative basis. Anybody with a GitHub account may -propose a modification via pull request and it will be considered by -the project Collaborators. All pull requests must be reviewed and -accepted by a Collaborator with sufficient expertise who is able to -take full responsibility for the change. In the case of pull requests -proposed by an existing Collaborator, an additional Collaborator is -required for sign-off. Consensus should be sought if additional -Collaborators participate and there is disagreement around a -particular modification. See _Consensus Seeking Process_ below for -further detail on the consensus model used for governance. - -Collaborators may opt to elevate significant or controversial -modifications, or modifications that have not found consensus to the -WG for discussion by assigning the ***WG-agenda*** label to a pull -request or issue. The WG should serve as the final arbiter where -required. - -For the current list of Collaborators, see the project -[README.md](./README.md#people). - -## WG Membership - -WG seats are not time-limited. There is no fixed size of the WG. -However, the expected target is between 6 and 12, to ensure adequate -coverage of important areas of expertise, balanced with the ability to -make decisions efficiently. - -There is no specific set of requirements or qualifications for WG -membership beyond these rules. - -The WG may add, or remove, members to and from the WG. A WG member may -choose to be removed from the WG by voluntary resignation. - -Changes to WG membership should be posted in the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -as an issue or pull request with the ***WG-agenda*** label followed by -the consensus seeking process described below. - -No more than 1/3 of the WG members may be affiliated with the same -employer. If removal or resignation of a WG member, or a change of -employment by a WG member, creates a situation where more than 1/3 of -the WG membership shares an employer, then the situation must be -immediately remedied by the resignation or removal of one or more WG -members affiliated with the over-represented employer(s). - -## WG Meetings - -This working group does not meet. All discussions and decisions -happen in the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -in issues and pull requests. Items that requires a decision by the -WG can be flagged with the ***WG-agenda*** label. - -When an issue is tagged with ***WG-agenda***, the WG may invite -persons or representatives from certain projects to participate in the -discussion in a non-voting capacity. - -## Consensus Seeking Process - -The WG follows a [Consensus -Seeking](http://en.wikipedia.org/wiki/Consensus-seeking_decision-making) -decision-making model. - -All proposed changes to the project must be made in the form of a pull -request to the repository (directly committing to a production branch -of the repository is not permitted). The consensus seeking process -will then follow via discussion by the WG members on that pull -request. Changes deemed trivial by WG members may be merged instantly -by any WG member, without waiting for consensus, so long as they leave -a note explaining the reason for the merge. - -When an agenda item has appeared to reach a consensus any WG member -may ask "Does anyone object?" as a final call for dissent from the +# Governance + +The Node.js Docker image project is governed using an **open maintainer model**. + +This repository is no longer operated as a Node.js TSC-chartered working group. +Instead, project decisions are made by maintainers in public, in this repository. + +## Guiding principles + +- Default to public discussion in issues and pull requests. +- Use [Consensus Seeking](https://en.wikipedia.org/wiki/Consensus_decision-making) for decision making. +- Keep decision records in-repo so contributors can follow context. +- Keep a clear path from contributor → collaborator → maintainer. + +## Roles + +### Contributors + +Anyone who proposes changes, reports issues, reviews code, or helps users. + +### Collaborators + +[Collaborators](README.md#collaborators) have write access and help with day-to-day maintenance: + +- review and merge pull requests +- triage issues +- help drive technical direction + +Collaborators are nominated by maintainers via pull request and added after consensus. -If an agenda item cannot reach a consensus a WG member can call for a -closing vote. The call for a vote must be seconded by a majority of -the WG or else the discussion will continue. Simple majority wins. +### Maintainers + +[Maintainers](README.md#docker-maintainers) are responsible for long-term stewardship of the project: + +- facilitate consensus and escalate unresolved final decisions to the Node.js TSC +- governance and membership updates +- release/publishing policy and automation oversight +- security and incident handling for this repository + +## Decision making + +### Standard changes (code/docs/automation) + +- Pull requests are discussed in public. +- A PR from a non-collaborator can be merged by one collaborator. +- A PR from a collaborator should be approved by another collaborator before + merge. + +### Maintainer-level decisions + +For governance, membership, major policy, or contentious technical changes: + +1. Open an issue or PR describing the decision and proposed outcome. +2. Allow time for async feedback (normally at least 5 days). +3. If no unresolved objections remain, a maintainer may merge/close with a + summary. + +If a final decision cannot be made using Consensus Seeking, the issue should be +escalated to the Node.js TSC (for example by requesting `tsc-agenda`). + +In that case, the Node.js TSC is the final arbiter, consistent with the +[TSC Charter](https://github.com/nodejs/TSC/blob/main/TSC-Charter.md). + +## Meetings + +The project primarily operates asynchronously in GitHub issues and pull +requests. If maintainers hold synchronous meetings, outcomes should be posted +publicly in this repository. + +## Membership changes + +Collaborator and maintainer changes are proposed via pull request to +[`README.md`](README.md), with rationale included in the PR +description. + +Project access should be managed via the +[@nodejs/docker team](https://github.com/orgs/nodejs/teams/docker) and kept in +sync with Node.js collaborator tooling. - +Maintainers can also move inactive members to emeritus status through the same +public process. ## Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: -* (a) The contribution was created in whole or in part by me and I +- (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or -* (b) The contribution is based upon previous work that, to the best +- (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that - work with modifications, whether created in whole or in part + work with modifications, whether created wholly or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or -* (c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified +- (c) The contribution was provided directly to me by some other + person who certified (a), (b), or (c) and I have not modified it. -* (d) I understand and agree that this project and the contribution +- (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with @@ -141,44 +109,5 @@ By making a contribution to this project, I certify that: ## Code of Conduct -This Code of Conduct is adapted from [Rust's wonderful -CoC](https://github.com/rust-lang/rust/wiki/Note-development-policy#conduct). - -* We are committed to providing a friendly, safe and welcoming - environment for all, regardless of gender, sexual orientation, - disability, ethnicity, religion, or similar personal characteristic. - -* Please avoid using overtly sexual nicknames or other nicknames that - might detract from a friendly, safe and welcoming environment for - all. - -* Please be kind and courteous. There's no need to be mean or rude. -* Respect that people have differences of opinion and that every - design or implementation choice carries a trade-off and numerous - costs. There is seldom a right answer. - -* Please keep unstructured critique to a minimum. If you have solid - ideas you want to experiment with, make a fork and see how it works. - -* We will exclude you from interaction if you insult, demean or harass - anyone. That is not welcome behaviour. We interpret the term - "harassment" as including the definition in the [Citizen Code of - Conduct](http://citizencodeofconduct.org/); if you have any lack of - clarity about what might be included in that concept, please read - their definition. In particular, we don't tolerate behavior that - excludes people in socially marginalized groups. - -* Private harassment is also unacceptable. No matter who you are, if - you feel you have been or are being harassed or made uncomfortable - by a community member, please contact one of the channel ops or any - of the TC members immediately with a capture (log, photo, email) of - the harassment if possible. Whether you're a regular contributor or - a newcomer, we care about making this community a safe place for you - and we've got your back. - -* Likewise any spamming, trolling, flaming, baiting or other - attention-stealing behaviour is not welcome. - -* Avoid the use of personal pronouns in code comments or - documentation. There is no need to address persons when explaining - code (e.g. "When the developer") +The Node.js Code of Conduct applies to this project: +. diff --git a/README.md b/README.md index 36c40479e5..1df2827a21 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Node.js -[![dockeri.co](http://dockeri.co/image/_/node)](https://registry.hub.docker.com/_/node/) +[**node - Docker Official Images on Docker Hub**](https://hub.docker.com/_/node) [![GitHub issues](https://img.shields.io/github/issues/nodejs/docker-node.svg "GitHub issues")](https://github.com/nodejs/docker-node) [![GitHub stars](https://img.shields.io/github/stars/nodejs/docker-node.svg "GitHub stars")](https://github.com/nodejs/docker-node) @@ -16,23 +16,30 @@ The official Node.js docker image, made with love by the node community. - [Create a `Dockerfile` in your Node.js app project](#create-a-dockerfile-in-your-nodejs-app-project) - [Best Practices](#best-practices) - [Run a single Node.js script](#run-a-single-nodejs-script) - - [Verbosity](#verbosity) + - [npm loglevel](#npm-loglevel) - [Dockerfile](#dockerfile) - [Docker Run](#docker-run) - - [NPM run](#npm-run) + - [npm run](#npm-run) - [Image Variants](#image-variants) - [`node:`](#nodeversion) + - [`node:lts`](#nodelts) - [`node:alpine`](#nodealpine) - - [`node:onbuild`](#nodeonbuild) + - [`node:bullseye`](#nodebullseye) + - [`node:bookworm`](#nodebookworm) + - [`node:trixie`](#nodetrixie) - [`node:slim`](#nodeslim) +- [Long Term Support (LTS)](#long-term-support-lts) +- [Release Availability](#release-availability) - [License](#license) - [Supported Docker versions](#supported-docker-versions) - [Supported Node.js versions](#supported-nodejs-versions) +- [Supported architectures](#supported-architectures) + - [musl builds for Alpine](#musl-builds-for-alpine) +- [Yarn v1 Classic bundling](#yarn-v1-classic-bundling) - [Governance and Current Members](#governance-and-current-members) - - [Docker Working Group Members](#docker-working-group-members) - - [Docker Working Group Collaborators](#docker-working-group-collaborators) + - [Docker Maintainers](#docker-maintainers) + - [Collaborators](#collaborators) - [Emeritus](#emeritus) - - [Docker Working Group Members](#docker-working-group-members-1) @@ -43,7 +50,7 @@ fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -See: http://nodejs.org +See: https://nodejs.org ## How to use this image @@ -51,7 +58,7 @@ See: http://nodejs.org ```dockerfile # specify the node base image with your desired version node: -FROM node:10 +FROM node:24 # replace this with your application's default port EXPOSE 8888 ``` @@ -66,19 +73,18 @@ $ docker run -it --rm --name my-running-app my-nodejs-app If you prefer Docker Compose: ```yml -version: "2" services: node: - image: "node:8" + image: "node:24" user: "node" working_dir: /home/node/app environment: - NODE_ENV=production volumes: - ./:/home/node/app - expose: - - "8081" - command: "npm start" + ports: # use if it is necessary to expose the container to the host machine + - "8888:8888" + command: ["npm", "start"] ``` You can then run using Docker Compose: @@ -87,7 +93,7 @@ You can then run using Docker Compose: $ docker-compose up -d ``` -Docker Compose example copies your current directory (including node_modules) to the container. +Docker Compose example mounts your current directory (including node_modules) to the container. It assumes that your application has a file named [`package.json`](https://docs.npmjs.com/files/package.json) defining [start script](https://docs.npmjs.com/misc/scripts#default-values). @@ -102,55 +108,60 @@ complete `Dockerfile`. In such cases, you can run a Node.js script by using the Node.js Docker image directly: ```console -$ docker run -it --rm --name my-running-script -v "$PWD":/usr/src/app -w /usr/src/app node:8 node your-daemon-or-script.js +$ docker run -it --rm --name my-running-script -v "$PWD":/usr/src/app -w /usr/src/app node:24 node your-daemon-or-script.js ``` -### Verbosity +### npm loglevel -Prior to 8.7.0 and 6.11.4 the docker images overrode the default npm log -level from `warn` to `info`. However due to improvements to npm and new Docker -patterns (e.g. multi-stage builds) the working group reached a [consensus](https://github.com/nodejs/docker-node/issues/528) -to revert the log level to npm defaults. If you need more verbose output, please -use one of the following methods to change the verbosity level. +The default [npm loglevel](https://docs.npmjs.com/cli/using-npm/logging) +is `notice`, which includes also the levels `warn` and `error`. +If you need to set a different `loglevel` for npm, follow these example instructions: #### Dockerfile -If you create your own `Dockerfile` which inherits from the `node` image you can -simply use `ENV` to override `NPM_CONFIG_LOGLEVEL`. +If you create your own `Dockerfile` which inherits from the `node` image, you can +use `ENV` to set the `NPM_CONFIG_LOGLEVEL` environment variable. ```dockerfile -FROM node -ENV NPM_CONFIG_LOGLEVEL info +FROM node:lts +ENV NPM_CONFIG_LOGLEVEL=info ... ``` #### Docker Run -If you run the node image using `docker run` you can use the `-e` flag to -override `NPM_CONFIG_LOGLEVEL`. +If you run the node image using `docker run`, you can use the `-e` flag to +set the `NPM_CONFIG_LOGLEVEL` environment variable. ```console -$ docker run -e NPM_CONFIG_LOGLEVEL=info node ... +$ docker run -e NPM_CONFIG_LOGLEVEL=info node:lts ... ``` -#### NPM run +#### npm run -If you are running npm commands you can use `--loglevel` to control the -verbosity of the output. +If you are running npm commands, you can use the `--loglevel` command line flag +to control the verbosity of the output. ```console -$ docker run node npm --loglevel=warn ... +$ docker run node:lts npm --loglevel=info ... ``` ## Image Variants The `node` images come in many flavors, each designed for a specific use case. -All of the images contain pre-installed versions of `node`, -[`npm`](https://www.npmjs.com/), and [`yarn`](https://yarnpkg.com). For each +All of the images contain pre-installed versions of `node` which includes also +[`npm`](https://www.npmjs.com/). For each supported architecture, the supported variants are different. In the file: -[architectures](./architectures), it lists all supported variants for all of +[versions.json](./versions.json), it lists all supported variants for all of the architectures that we support now. +The legacy package manager +[Yarn v1 Classic](https://classic.yarnpkg.com/) +is included in `node` images with Node.js 25 and below. See +[Yarn v1 Classic bundling](#yarn-v1-classic-bundling) for details. + +View the list of currently supported floating and pinned tags on [Docker Hub](https://hub.docker.com/_/node). + ### `node:` This is the defacto image. If you are unsure about what your needs are, you @@ -163,76 +174,57 @@ on their system. It, by design, has a large number of extremely common Debian packages. This reduces the number of packages that images that derive from it need to install, thus reducing the overall size of all images on your system. +### `node:lts` + +This is a special form of `node:` that selects the +Active Long Term Support version of Node.js. See also [Long Term Support](#long-term-support-lts) below for more detail. + ### `node:alpine` -This image is based on the popular -[Alpine Linux project](http://alpinelinux.org), available in -[the `alpine` official image](https://hub.docker.com/_/alpine). Alpine Linux is -much smaller than most distribution base images (~5MB), and thus leads to much -slimmer images in general. - -This variant is highly recommended when final image size being as small as -possible is desired. The main caveat to note is that it does use -[musl libc](http://www.musl-libc.org) instead of -[glibc and friends](http://www.etalabs.net/compare_libcs.html), so certain -software might run into issues depending on the depth of their libc -requirements. However, most software doesn't have an issue with this, so this -variant is usually a very safe choice. See -[this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) -for more discussion of the issues that might arise and some pro/con comparisons -of using Alpine-based images. One common issue that may arise is a missing shared -library required for use of `process.dlopen`. To add the missing shared libraries -to your image, adding the [`libc6-compat`](https://pkgs.alpinelinux.org/package/edge/main/x86/libc6-compat) -package in your Dockerfile is recommended: `apk add --no-cache libc6-compat` - -To minimize image size, it's uncommon for additional related tools -(such as `git` or `bash`) to be included in Alpine-based images. Using this -image as a base, add the things you need in your own Dockerfile -(see the [`alpine` image description](https://hub.docker.com/_/alpine/) for -examples of how to install packages if you are unfamiliar). - -### `node:onbuild` - -The `ONBUILD` image variants are deprecated, and their usage is discouraged. For more details, see [docker-library/official-images#2076](https://github.com/docker-library/official-images/issues/2076). - -This image makes building derivative images easier. For most use cases, creating -a `Dockerfile` in the base of your project directory with the line `FROM -node:onbuild` will be enough to create a stand-alone image for your project. - -While the `onbuild` variant is really useful for "getting off the ground -running" (zero to Dockerized in a short period of time), it's not recommended -for long-term usage within a project due to the lack of control over *when* the -`ONBUILD` triggers fire (see also -[`docker/docker#5714`](https://github.com/docker/docker/issues/5714), -[`docker/docker#8240`](https://github.com/docker/docker/issues/8240), -[`docker/docker#11917`](https://github.com/docker/docker/issues/11917)). - -Once you've got a handle on how your project functions within Docker, you'll -probably want to adjust your `Dockerfile` to inherit from a non-`onbuild` -variant and copy the commands from the `onbuild` variant `Dockerfile` (moving -the `ONBUILD` lines to the end and removing the `ONBUILD` keywords) into your -own file so that you have tighter control over them and more transparency for -yourself and others looking at your `Dockerfile` as to what it does. This also -makes it easier to add additional requirements as time goes on (such as -installing more packages before performing the previously-`ONBUILD` steps). - -This `onbuild` variant will only install npm packages according to the -`package.json` and *does not* adhere to the `npm-shrinkwrap.json` (see full -discussion in -[`nodejs/docker-node#65`](https://github.com/nodejs/docker-node/issues/65). - -Note that npm installs devDependencies by default, which is undesirable if -you're building a production image. To avoid this pass NODE_ENV as a build -argument i.e. `docker build --build-arg NODE_ENV=production …`. - -The image assumes that your application has a file named -[`package.json`](https://docs.npmjs.com/files/package.json) listing its -dependencies and defining its [start -script](https://docs.npmjs.com/misc/scripts#default-values). - -It also assumes that you have a file named [`.dockerignore`](https://docs.docker.com/engine/reference/builder/#/dockerignore-file) otherwise it will copy your local npm modules: - -`node_modules` +This image is based on +[Alpine Linux](https://alpinelinux.org). Because base +[alpine](https://hub.docker.com/_/alpine) images are smaller +than corresponding base +[debian](https://hub.docker.com/_/debian) images, the resulting +`node:alpine` Docker images are around 25% smaller than the +Debian-based `node:slim` images. + +Alpine images use the C library +[musl libc](https://musl.libc.org/), not the GNU C library +[glibc](https://sourceware.org/glibc/) used by Debian. + +Generally, applications written for Debian (`glibc`) will not run under Alpine (`musl`). +Some compatibility issues may be resolvable by installing the Alpine +[`gcompat`](https://pkgs.alpinelinux.org/package/v3.23/main/x86/gcompat) +GNU C Library compatibility layer for musl package. +Use `apk add --no-cache gcompat` to install. + +Tools such as `git` or `bash` are not included in `node:alpine*` based images. The +[Alpine documentation](https://docs.alpinelinux.org/) describes how to find and +install additional packages using `apk` (Alpine Package Keeper). + +The +[Best Practices document](./docs/BestPractices.md), in the section +[Smaller images without npm/yarn](./docs/BestPractices.md#smaller-images-without-npmyarn), +shows how to produce a custom image by removing package managers in a multi-stage build. + +### `node:bullseye` + +This image is based on version 11 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). + +### `node:bookworm` + +This image is based on version 12 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). + +### `node:trixie` + +This image is based on version 13 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). ### `node:slim` @@ -242,50 +234,130 @@ in an environment where *only* the Node.js image will be deployed and you have space constraints, we highly recommend using the default image of this repository. +## Long Term Support (LTS) + +Production applications should only use LTS releases. + +Refer to [Node.js Releases](https://github.com/nodejs/release#readme) for a description +of release phases and schedule. + +If no version selection is made in a tag, for example, `node:slim`, +then the Current release is selected. +`node` images using the Active LTS release are published with an `lts` floating tag +to aid their selection. `node:lts` can be used on its own, or in combination with other tags +such as `node:lts-slim`. To select a `node` image based on a Maintenance LTS version +use the literal node version in the tag. + +## Release Availability + +This repo automatically triggers a process to build new `node` images when Node.js releases +become available. The build processes can take several hours to complete. + +Images may initially appear on [Docker Hub](https://hub.docker.com/_/node) +with incomplete or missing OS/ARCH listings as the build process first publishes a tag +and then backfills each architecture when ready. +During this time, if you try to pull the image, you may see an error +message "no matching manifest". In this case, check back later. +(See [Docker Library FAQs](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what) +for a detailed description of the complex build process.) + +For Node.js security releases, Debian-based `node` images may be published in advance +of Alpine-based images. To build an Alpine-based `node` image requires +a `musl` build. This may not initially be ready at Node.js release time. +When processing non-security Node.js releases, the build process will wait for +the `musl` build before proceeding with Debian- and Alpine-based images. + ## License -[License information](https://github.com/nodejs/node/blob/master/LICENSE) for -the software contained in this image. [License -information](https://github.com/nodejs/docker-node/blob/master/LICENSE) for the +[License information](https://github.com/nodejs/node/blob/main/LICENSE) for +the software contained in this image. [License information](LICENSE) for the Node.js Docker project. ## Supported Docker versions -This image is officially supported on Docker version 1.9.1. - -Support for older versions (down to 1.6) is provided on a best-effort basis. +If you are using [Docker Desktop](https://docs.docker.com/get-started/get-docker/), +it is recommended to use a recent version, released in the last six months. -Please see [the Docker installation -documentation](https://docs.docker.com/installation/) for details on how to -upgrade your Docker daemon. +Refer to [Docker Engine release notes](https://docs.docker.com/engine/release-notes/) +for current Engine versions. ## Supported Node.js versions -This project will support Node.js versions as still under active support as per the [Node.js release schedule](https://github.com/nodejs/Release). +Support for `node` Docker images is limited to +[Node.js active versions](https://github.com/nodejs/Release#release-schedule). -## Governance and Current Members +Before opening an issue in this repo, please consider if the problem only occurs +in a `node` Docker environment. -The Node.js Docker Image is governed by the Docker Working Group. See -[GOVERNANCE.md](https://github.com/nodejs/docker-node/blob/master/GOVERNANCE.md) -to learn more about the group's structure and [CONTRIBUTING.md](CONTRIBUTING.md) for guidance -about the expectations for all contributors to this project. +If a problem can also be reproduced without using an image from this repo, +for example in a non-Docker environment, +then it should be reported to the corresponding component. -### Docker Working Group Members +Use the +[Node.js issues](https://github.com/nodejs/node/issues) or the +[npm issues](https://github.com/npm/cli/issues) list to check for known issues +or to report new issues for these components. -- Hans Kristian Flaatten ([starefossen](https://github.com/starefossen)) -- Hugues Malphettes ([hmalphettes](https://github.com/hmalphettes)) -- John Mitchell ([jlmitch5](https://github.com/jlmitch5)) -- Peter Petrov ([pesho](https://github.com/pesho)) +## Supported architectures -### Docker Working Group Collaborators +`node` images are built for the Linux operating system and architecture combinations defined in [versions.json](https://github.com/nodejs/docker-node/blob/main/versions.json). + +- The [Node.js Platform list](https://github.com/nodejs/node/blob/main/BUILDING.md#official-binary-platforms-and-toolchains) defines [Support Tiers](https://github.com/nodejs/node/blob/main/BUILDING.md#strategy) 1, 2 and Experimental for platform and architecture combinations of Node.js builds and for each separate Node.js release line +- The [Docker official images library](https://github.com/docker-library/official-images#architectures-other-than-amd64) lists the supported architectures in the Docker build environment + +Each of the architectures for Debian images belong to the Node.js support tier 1 or 2, recommended for production applications. + +### musl builds for Alpine + +`musl` builds for `amd64` are listed under support tier "Experimental" and are tested by the Node.js build process before being used in Docker images. "Experimental" status for Node.js is defined as: + +> Experimental: May not compile or test suite may not pass. The core team does not create releases for these platforms. Test failures on experimental platforms do not block releases. Contributions to improve support for these platforms are welcome. + +`musl` builds for other architectures, including `arm64`, are not tested before release. + +## Yarn v1 Classic bundling + +The [Yarn v1 Classic](https://classic.yarnpkg.com/) package manager is bundled in `node` image +variants that include Node.js versions 25 and below. + +Yarn v1 is not bundled into `node` images as of Node.js 26.0.0. +This version of the Yarn package manager has been declared as [frozen](https://github.com/yarnpkg/yarn) and is no longer maintained. + +Users with legacy requirements for Yarn v1 under Node.js 26 and above may be able +to follow [Yarn v1 installation instructions](https://classic.yarnpkg.com/en/docs/install) +and install using `npm install --global yarn`. + +## Governance and Current Members + +The Node.js Docker Image is governed by an open maintainer model. See +[GOVERNANCE.md](GOVERNANCE.md) +for project roles and decision-making, and [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidance. If a final decision cannot be reached using consensus seeking, the Node.js TSC is the final arbiter. + +### Docker Maintainers -- Mikeal Rogers ([mikeal](https://github.com/mikeal)) -- Laurent Goderre ([LaurentGoderre](https://github.com/LaurentGoderre)) - Simen Bekkhus ([SimenB](https://github.com/SimenB)) - Peter Dave Hello ([PeterDaveHello](https://github.com/PeterDaveHello)) +- Rafael Gonzaga ([rafaelgss](https://github.com/rafaelgss)) +- Matteo Collina ([mcollina](https://github.com/mcollina)) +- Nick Schonning ([nschonni](https://github.com/nschonni)) -### Emeritus +### Collaborators + +- Laurent Goderre ([LaurentGoderre](https://github.com/LaurentGoderre)) +- Tianon Gravi ([tianon](https://github.com/tianon)) +- [yosifkit](https://github.com/yosifkit) +- Stewart X Addison ([sxa](https://github.com/sxa)) +- Mike McCready ([MikeMcC399](https://github.com/MikeMcC399)) -#### Docker Working Group Members +Collaborators are managed via the +[@nodejs/docker team](https://github.com/orgs/nodejs/teams/docker). +### Emeritus + +- Hans Kristian Flaatten ([Starefossen](https://github.com/Starefossen)) +- Mikeal Rogers ([mikeal](https://github.com/mikeal)) - Christopher Horrell ([chorrell](https://github.com/chorrell)) +- Peter Petrov ([pesho](https://github.com/pesho)) +- John Mitchell ([jlmitch5](https://github.com/jlmitch5)) +- Hugues Malphettes ([hmalphettes](https://github.com/hmalphettes)) +- ttshivers ([ttshivers](https://github.com/ttshivers)) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..6ae4285ed8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Reporting a Vulnerability + +This repo builds releases of Node.js unchanged into Docker images. Node.js itself bundles certain packages as described in the [distribution](https://github.com/nodejs/node/blob/main/doc/contributing/distribution.md) document. This includes also the npm package manager. + +Common Vulnerabilities and Exposures (CVE) reports that relate to Node.js or its packaged dependencies cannot be addressed in this repo. Security issues relating to the Node.js project should follow the process documented on where it is also advised that vulnerabilities in third-party packages should be reported to their respective owners. + +CVEs for the base operating system image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repo. + +- [Alpine](https://github.com/alpinelinux/docker-alpine) +- [Debian (bullseye, bookworm, trixie)](https://github.com/debuerreotype/docker-debian-artifacts) + +When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in . + +When vulnerabilities are resolved in a Node.js release, they are routinely released in a corresponding new Node.js Docker image. The schedule is determined by the Node.js releases not by the Node.js Docker repo. + +Please do not open issues in this repo for vulnerabilities in the above components. If they cannot be actioned here, the issue will be closed. diff --git a/architectures b/architectures index 565bbb7c25..cae6fda0f7 100644 --- a/architectures +++ b/architectures @@ -1,8 +1,7 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm32v6 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm32v7 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -arm64v8 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -i386 jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -ppc64le jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 -s390x jessie,jessie-slim,stretch,stretch-slim,buster,buster-slim,alpine3.9,alpine3.10 +bashbrew-arch variants +amd64 alpine3.23,alpine3.24,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +arm32v6 alpine3.23,alpine3.24 +arm32v7 alpine3.23,alpine3.24,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +arm64v8 alpine3.23,alpine3.24,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +ppc64le bookworm,bookworm-slim,trixie,trixie-slim +s390x alpine3.23,alpine3.24,bookworm,bookworm-slim,trixie,trixie-slim diff --git a/build-automation.mjs b/build-automation.mjs new file mode 100644 index 0000000000..ba296d1ed4 --- /dev/null +++ b/build-automation.mjs @@ -0,0 +1,105 @@ +import { promisify } from "util"; + +import child_process from "child_process"; + +const exec = promisify(child_process.exec); + +// a function that queries the Node.js release website for new versions, +// compare the available ones with the ones we use in this repo +// and returns whether we should update or not +const checkIfThereAreNewVersions = async (github) => { + try { + const { stdout: versionsOutput } = await exec(". ./functions.sh && get_versions", { shell: "bash" }); + + const supportedVersions = versionsOutput.trim().split(" "); + + let latestSupportedVersions = {}; + + for (let supportedVersion of supportedVersions) { + const { stdout } = await exec(`ls ${supportedVersion}`); + + const { stdout: fullVersionOutput } = await exec(`. ./functions.sh && get_full_version ./${supportedVersion}/${stdout.trim().split("\n")[0]}`, { shell: "bash" }); + + console.log(fullVersionOutput); + + latestSupportedVersions[supportedVersion] = { fullVersion: fullVersionOutput.trim() }; + } + + const { data: availableVersionsJson } = await github.request('https://nodejs.org/download/release/index.json'); + + // filter only more recent versions of availableVersionsJson for each major version in latestSupportedVersions' keys + // e.g. if latestSupportedVersions = { "12": "12.22.10", "14": "14.19.0", "16": "16.14.0", "17": "17.5.0" } + // and availableVersions = ["Node.js 12.22.10", "Node.js 12.24.0", "Node.js 14.19.0", "Node.js 14.22.0", "Node.js 16.14.0", "Node.js 16.16.0", "Node.js 17.5.0", "Node.js 17.8.0"] + // return { "12": "12.24.0", "14": "14.22.0", "16": "16.16.0", "17": "17.8.0" } + + let filteredNewerVersions = {}; + + for (let availableVersion of availableVersionsJson) { + const [availableMajor, availableMinor, availablePatch] = availableVersion.version.split("v")[1].split("."); + if (latestSupportedVersions[availableMajor] == null) { + continue; + } + const [_latestMajor, latestMinor, latestPatch] = latestSupportedVersions[availableMajor].fullVersion.split("."); + if (latestSupportedVersions[availableMajor] && (Number(availableMinor) > Number(latestMinor) || (availableMinor === latestMinor && Number(availablePatch) > Number(latestPatch)))) { + filteredNewerVersions[availableMajor] = { fullVersion: `${availableMajor}.${availableMinor}.${availablePatch}` }; + } + } + + return { + shouldUpdate: Object.keys(filteredNewerVersions).length > 0 && JSON.stringify(filteredNewerVersions) !== JSON.stringify(latestSupportedVersions), + versions: filteredNewerVersions, + } + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +// a function that queries the Node.js unofficial release website for new musl versions and security releases, +// and returns relevant information +const checkForMuslVersionsAndSecurityReleases = async (github, versions) => { + try { + const { data: unofficialBuildsIndexText } = await github.request('https://unofficial-builds.nodejs.org/download/release/index.json'); + + for (let version of Object.keys(versions)) { + const buildVersion = unofficialBuildsIndexText.find(indexVersion => indexVersion.version === `v${versions[version].fullVersion}`); + + versions[version].muslBuildExists = buildVersion?.files.includes("linux-x64-musl") ?? false; + versions[version].isSecurityRelease = buildVersion?.security ?? false; + } + return versions; + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +export default async function(github) { +// if there are no new versions, exit gracefully +// if there are new versions, +// check for musl builds +// then run update.sh + const { shouldUpdate, versions } = await checkIfThereAreNewVersions(github); + + if (!shouldUpdate) { + console.log("No new versions found. No update required."); + process.exit(0); + } else { + const newVersions = await checkForMuslVersionsAndSecurityReleases(github, versions); + let updatedVersions = []; + for (const [version, newVersion] of Object.entries(newVersions)) { + if (newVersion.muslBuildExists) { + const { stdout } = await exec(`./update.sh ${newVersion.isSecurityRelease ? "-s " : ""}${version}`); + console.log(stdout); + updatedVersions.push(newVersion.fullVersion); + } else { + console.log(`There's no musl build for version ${newVersion.fullVersion} yet.`); + process.exit(0); + } + } + const { stdout } = (await exec(`git diff`)); + console.log(stdout); + + return updatedVersions.join(', '); + } +} diff --git a/chakracore/10/Dockerfile b/chakracore/10/Dockerfile deleted file mode 100644 index 52a24d4d5d..0000000000 --- a/chakracore/10/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.12.3 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/8/Dockerfile b/chakracore/8/Dockerfile deleted file mode 100644 index b268beee2f..0000000000 --- a/chakracore/8/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:jessie - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.11.1 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.6.0 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/Dockerfile.template b/chakracore/Dockerfile.template deleted file mode 100644 index 401f7d58e0..0000000000 --- a/chakracore/Dockerfile.template +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 0.0.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 0.0.0 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/architectures b/chakracore/architectures deleted file mode 100644 index 85bd3bd021..0000000000 --- a/chakracore/architectures +++ /dev/null @@ -1,2 +0,0 @@ -bashbrew-arch variants -amd64 default diff --git a/chakracore/config b/chakracore/config deleted file mode 100644 index 116285c2f0..0000000000 --- a/chakracore/config +++ /dev/null @@ -1 +0,0 @@ -baseuri https://nodejs.org/download/chakracore-release diff --git a/config b/config index ac07135eb7..0c4717b9f9 100644 --- a/config +++ b/config @@ -1,4 +1,4 @@ baseuri https://nodejs.org/dist -default_variant stretch -alpine_version 3.10 -debian_versions jessie stretch buster +default_variant bookworm +alpine_version 3.23 +debian_versions bookworm bullseye trixie diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index de6fa8a9ad..1b3116e53b 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,7 +1,10 @@ #!/bin/sh set -e -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then set -- node "$@" fi diff --git a/docs/BestPractices.md b/docs/BestPractices.md index c883b2a0a4..ab60375baf 100644 --- a/docs/BestPractices.md +++ b/docs/BestPractices.md @@ -1,17 +1,21 @@ # Docker and Node.js Best Practices + + ## Table of Contents - [Environment Variables](#environment-variables) - [Global npm dependencies](#global-npm-dependencies) -- [Upgrading/downgrading Yarn](#upgradingdowngrading-yarn) - [Handling Kernel Signals](#handling-kernel-signals) - [Non-root User](#non-root-user) - [Memory](#memory) - [CMD](#cmd) - [Docker Run](#docker-run) - [Security](#security) -- [node-gyp in alpine variant](#node-gyp-alpine) +- [node-gyp alpine](#node-gyp-alpine) +- [Smaller images without npm/yarn](#smaller-images-without-npmyarn) + + ## Environment Variables @@ -31,54 +35,6 @@ ENV NPM_CONFIG_PREFIX=/home/node/.npm-global ENV PATH=$PATH:/home/node/.npm-global/bin # optionally if you want to run npm global bin without specifying path ``` -## Upgrading/downgrading Yarn - -### Local - -If you need to upgrade/downgrade `yarn` for a local install, you can do so by issuing the following commands in your `Dockerfile`: - -> Note that if you create some other directory which is not a descendant one from where you ran the command, you will end up using the global (dated) version. If you wish to upgrade `yarn` globally follow the instructions in the next section. - -> When following the local install instructions, due to duplicated yarn the image will end up being bigger. - -```Dockerfile -FROM node:6 - -ENV YARN_VERSION 1.16.0 - -RUN yarn policies set-version $YARN_VERSION -``` - -### Global - -```Dockerfile -FROM node:6 - -ENV YARN_VERSION 1.16.0 - -RUN curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz -``` - -If you're using an Alpine-based image, `curl` won't be present, so you'll need to make sure it's installed while using it: - -```Dockerfile -FROM node:6-alpine - -ENV YARN_VERSION 1.5.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl \ - && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -snf /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn -``` - ## Handling Kernel Signals Node.js was not designed to run as PID 1 which leads to unexpected behaviour when running inside of Docker. For example, a Node.js process running as PID 1 will not respond to `SIGINT` (`CTRL-C`) and similar signals. As of Docker 1.13, you can use the `--init` flag to wrap your Node.js process with a [lightweight init system](https://github.com/krallin/tini) that properly handles running as PID 1. @@ -91,7 +47,7 @@ You can also include Tini [directly in your Dockerfile](https://github.com/krall ## Non-root User -By default, Docker runs container as root which inside of the container can pose as a security issue. You would want to run the container as an unprivileged user wherever possible. The node images provide the `node` user for such purpose. The Docker Image can then be run with the `node` user in the following way: +By default, Docker runs commands inside the container as root which violates the [Principle of Least Privilege (PoLP)](https://en.wikipedia.org/wiki/Principle_of_least_privilege) when superuser permissions are not strictly required. You want to run the container as an unprivileged user whenever possible. The node images provide the `node` user with uid 1000 for such purpose. The Docker Image can then be run with the `node` user in the following way: ``` -u "node" @@ -103,12 +59,12 @@ Alternatively, the user can be activated in the `Dockerfile`: FROM node:6.10.3 ... # At the end, set the user to use when running this image -USER node +USER 1000 # node ``` Note that the `node` user is neither a build-time nor a run-time dependency and it can be removed or altered, as long as the functionality of the application you want to add to the container does not depend on it. -If you do not want nor need the user created in this image you can remove it with the following: +If you do not want nor need the user created in this image, you can remove it with the following: ```Dockerfile # For debian based images use: @@ -118,13 +74,13 @@ RUN userdel -r node RUN deluser --remove-home node ``` -If you need to change the uid/gid of the user you can use: +If you need to change the uid/gid of the user, you can use: ```Dockerfile RUN groupmod -g 999 node && usermod -u 999 -g 999 node ``` -If you need another name for the user (ex. `myapp`) execute: +If you need another name for the user (ex. `myapp`), execute: ```Dockerfile RUN usermod -d /home/myapp -l myapp node @@ -140,7 +96,7 @@ RUN deluser --remove-home node \ ## Memory -By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host you should limit how much memory they can consume. +By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host, you should limit how much memory they can consume. ``` -m "300M" --memory-swap "1G" @@ -148,7 +104,7 @@ By default, any Docker Container may consume as much of the hardware such as CPU ## CMD -When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off this reduces the number of processes running inside of your container. Secondly it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. +When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off, this reduces the number of processes running inside of your container. Secondly, it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. ```Dockerfile CMD ["node","index.js"] @@ -160,6 +116,7 @@ Here is an example of how you would run a default Node.JS Docker Containerized a ``` $ docker run \ + --init \ -e "NODE_ENV=production" \ -u "node" \ -m "300M" --memory-swap "1G" \ @@ -179,18 +136,18 @@ Here is an example of how you would install dependencies for packages that requi ```Dockerfile FROM node:alpine -RUN apk add --no-cache --virtual .gyp python make g++ \ +RUN apk add --no-cache --virtual .gyp python3 py-setuptools make g++ \ && npm install [ your npm dependencies here ] \ && apk del .gyp ``` -And Here's a multistage build example +And, here's a multistage build example: ```Dockerfile FROM node:alpine as builder ## Install build toolchain, install node deps and compile native add-ons -RUN apk add --no-cache python make g++ +RUN apk add --no-cache python3 make g++ RUN npm install [ your npm dependencies here ] FROM node:alpine as app @@ -198,3 +155,77 @@ FROM node:alpine as app ## Copy built node modules and binaries without including the toolchain COPY --from=builder node_modules . ``` + +## Smaller images without npm/yarn + +To remove npm and Yarn package managers, use a multi-stage build. +In the first stage, the package manager builds the app. +In the second stage, the `app` and the `node` directories are copied, +without copying the npm & Yarn package managers. +In Docker images based on Node.js >=26, Yarn is already removed. + +The result is a smaller and hardened final image with no package managers. + +The examples below build with npm. + +**Alpine example** + +```Dockerfile +ARG ALPINE_VERSION=3.23 + +FROM node:24-alpine${ALPINE_VERSION} AS builder +WORKDIR /build-stage +COPY package*.json ./ +RUN npm ci +# Copy the files you need +COPY . ./ +RUN npm run build + +FROM alpine:${ALPINE_VERSION} +# Create app directory +WORKDIR /usr/src/app +# Add required binaries +RUN apk add --no-cache libstdc++ dumb-init \ + && addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node \ + && chown node:node ./ +COPY --from=builder /usr/local/bin/node /usr/local/bin/ +COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] +USER node +# Update the following COPY lines based on your codebase +COPY --from=builder /build-stage/node_modules ./node_modules +COPY --from=builder /build-stage/dist ./dist +# Run with dumb-init to not start node with PID=1, since Node.js was not designed to run as PID 1 +CMD ["dumb-init", "node", "dist/index.js"] +``` + +**Debian example** + +```Dockerfile +FROM node:24-trixie-slim AS builder +WORKDIR /build-stage +COPY package*.json ./ +RUN npm ci +# Copy the files you need +COPY . ./ +RUN npm run build + +FROM debian:trixie-slim +# Create app directory +WORKDIR /usr/src/app +# Add required binaries +RUN apt-get update && apt-get install -y --no-install-recommends dumb-init \ + && rm -rf /var/lib/apt/lists/* \ + && groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node \ + && chown node:node ./ +COPY --from=builder /usr/local/bin/node /usr/local/bin/ +COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] +USER node +# Update the following COPY lines based on your codebase +COPY --from=builder /build-stage/node_modules ./node_modules +COPY --from=builder /build-stage/dist ./dist +# Run with dumb-init to not start node with PID=1, since Node.js was not designed to run as PID 1 +CMD ["dumb-init", "node", "dist/index.js"] +``` diff --git a/functions.sh b/functions.sh index 5f37f3522c..f19c5003bd 100755 --- a/functions.sh +++ b/functions.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash # -# Utlity functions +# Utility functions +# Don't change this file unless needed +# The GitHub Action for automating new builds rely on this file info() { printf "%s\\n" "$@" @@ -17,7 +19,7 @@ fatal() { # # This is used to get the target architecture for docker image. # For crossing building, we need a way to specify the target -# architecutre manually. +# architecture manually. function get_arch() { local arch case $(uname -m) in @@ -30,14 +32,14 @@ function get_arch() { s390x) arch="s390x" ;; - aarch64) + aarch64 | arm64) arch="arm64" ;; armv7l) arch="arm32v7" ;; *) - echo "$0 does not support architecture ${arch} ... aborting" + echo "$0 does not support architecture ${arch:-unknown} ... aborting" exit 1 ;; esac @@ -46,10 +48,10 @@ function get_arch() { } # Get corresponding variants based on the architecture. -# All supported variants of each supported architecutre are listed in a +# All supported variants of each supported architecture are listed in a # file - 'architectures'. Its format is: -# ,... -# ,... +# ,... +# ,... function get_variants() { local dir dir=${1:-.} @@ -103,7 +105,7 @@ function get_supported_arches() { lines=$(grep "${variant}" "$(dirname "${version}")"/architectures 2> /dev/null | cut -d' ' -f1) # Get version specific supported architectures if there is specialized information - if [ -a "${version}"/architectures ]; then + if [ -e "${version}"/architectures ]; then lines=$(grep "${variant}" "${version}"/architectures 2> /dev/null | cut -d' ' -f1) fi @@ -133,14 +135,9 @@ function get_config() { # Get available versions for a given path # -# If full or partial versions are provided then they are processed and -# validated. e.g. "6 chakracore" returns "6 chakracore/8" since it processed the -# chakracore entry and found it to be a fork rather than a complete version. -# # The result is a list of valid versions. +# shellcheck disable=SC2120 function get_versions() { - local prefix - prefix=${1:-.} shift local versions=() @@ -149,17 +146,11 @@ function get_versions() { local default_variant default_variant=$(get_config "./" "default_variant") if [ ${#dirs[@]} -eq 0 ]; then - IFS=' ' read -ra dirs <<< "$(echo "${prefix%/}/"*/)" + IFS=' ' read -ra dirs <<< "$(echo "./"*/)" fi for dir in "${dirs[@]}"; do - if [ -a "${dir}/config" ]; then - local subdirs - IFS=' ' read -ra subdirs <<< "$(get_versions "${dir#./}")" - for subdir in "${subdirs[@]}"; do - versions+=("${subdir}") - done - elif [ -a "${dir}/Dockerfile" ] || [ -a "${dir}/${default_variant}/Dockerfile" ]; then + if [ -e "${dir}/Dockerfile" ] || [ -e "${dir}/${default_variant}/Dockerfile" ]; then versions+=("${dir#./}") fi done @@ -248,7 +239,7 @@ function get_full_version() { default_dockerfile="${version}/Dockerfile" fi - grep -m1 'ENV NODE_VERSION ' "${default_dockerfile}" | cut -d' ' -f3 + grep -m1 'ENV NODE_VERSION=' "${default_dockerfile}" | cut -d= -f2 } function get_major_minor_version() { diff --git a/genMatrix.js b/genMatrix.js new file mode 100644 index 0000000000..dc76724328 --- /dev/null +++ b/genMatrix.js @@ -0,0 +1,80 @@ +'use strict'; +const path = require('path'); +const fs = require('fs'); + +const testFiles = [ + 'genMatrix.js', + '.github/workflows/build-test.yml', +]; + +const nodeDirRegex = /^\d+$/; + +const areTestFilesChanged = (changedFiles) => changedFiles + .some((file) => testFiles.includes(file)); + +// Returns a list of the child directories in the given path +const getChildDirectories = (parent) => fs.readdirSync(parent, { withFileTypes: true }) + .filter((dirent) => dirent.isDirectory()) + .map(({ name }) => path.resolve(parent, name)); + +const getNodeVersionDirs = (base) => getChildDirectories(base) + .filter((childPath) => nodeDirRegex.test(path.basename(childPath))); + +// Returns the paths of Dockerfiles that are at: base/*/Dockerfile +const getDockerfilesInChildDirs = (base) => getChildDirectories(base) + .map((childDir) => path.resolve(childDir, 'Dockerfile')); + +const getAllDockerfiles = (base) => getNodeVersionDirs(base).flatMap(getDockerfilesInChildDirs); + +const getAffectedDockerfiles = (filesAdded, filesModified, filesRenamed) => { + const files = [ + ...filesAdded, + ...filesModified, + ...filesRenamed, + ]; + + // If the test files were changed, include everything + if (areTestFilesChanged(files)) { + console.log('Test files changed so scheduling all Dockerfiles'); + return getAllDockerfiles(__dirname); + } + + const modifiedDockerfiles = files.filter((file) => file.endsWith('/Dockerfile')); + + // Get Dockerfiles affected by modified docker-entrypoint.sh files + const entrypointAffectedDockerfiles = files + .filter((file) => file.endsWith('/docker-entrypoint.sh')) + .map((file) => path.resolve(path.dirname(file), 'Dockerfile')); + + return [ + ...modifiedDockerfiles, + ...entrypointAffectedDockerfiles, + ]; +}; + +const getFullNodeVersionFromDockerfile = (file) => fs.readFileSync(file, 'utf8') + .match(/^ENV NODE_VERSION=(\d*\.*\d*\.\d*)/m)[1]; + +const getDockerfileMatrixEntry = (file) => { + const [variant] = path.dirname(file).split(path.sep).slice(-1); + + const version = getFullNodeVersionFromDockerfile(file); + + return { + version, + variant, + }; +}; + +const generateBuildMatrix = (filesAdded, filesModified, filesRenamed) => { + const dockerfiles = [...new Set(getAffectedDockerfiles(filesAdded, filesModified, filesRenamed))]; + + const entries = dockerfiles.map(getDockerfileMatrixEntry); + + // Return null if there are no entries so we can skip the matrix step + return entries.length + ? { include: entries } + : null; +}; + +module.exports = generateBuildMatrix; diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh deleted file mode 100755 index a29e6e8030..0000000000 --- a/generate-stackbrew-library.sh +++ /dev/null @@ -1,115 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -hash git 2> /dev/null || { echo >&2 "git not found, exiting."; } - -# Used dynamically: print "$array_" $1 -# shellcheck disable=SC2034 -array_8='8 carbon' -# shellcheck disable=SC2034 -array_10='10 dubnium' -# shellcheck disable=SC2034 -array_12='12 erbium lts current' -# shellcheck disable=SC2034 -array_13='13 latest' -# shellcheck disable=SC2034 -array_chakracore_8='chakracore-8' -# shellcheck disable=SC2034 -array_chakracore_10='chakracore-10 chakracore' - -default_variant=$(get_config "./" "default_variant") - -default_alpine=$(get_config "./" "alpine_version") - -cd "$(cd "${0%/*}" && pwd -P)" - -self="$(basename "${BASH_SOURCE[0]}")" - -IFS=' ' read -ra versions <<< "$(get_versions)" -IFS=' ' read -ra versions <<< "$(sort_versions "${versions[@]}")" -url='https://github.com/nodejs/docker-node' - -# get the most recent commit which modified any of "$@" -fileCommit() { - git log -1 --format='format:%H' HEAD -- "$@" -} - -echo "# this file is generated via ${url}/blob/$(fileCommit "${self}")/${self}" -echo -echo "Maintainers: The Node.js Docker Team <${url}> (@nodejs)" -echo "GitRepo: ${url}.git" -echo - -# prints "$2$1$3$1...$N" -join() { - local sep="$1" - shift - local out - printf -v out "${sep//%/%%}%s" "$@" - echo "${out#$sep}" -} - -get_stub() { - local version="${1}" - shift - IFS='/' read -ra versionparts <<< "${version}" - local stub - eval stub="$(join '_' "${versionparts[@]}" | awk -F. '{ print "$array_" $1 }')" - echo "${stub}" -} - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -f "${version}/${default_variant}/Dockerfile" ] || continue - - stub=$(get_stub "${version}") - commit="$(fileCommit "${version}")" - fullVersion="$(get_tag "${version}" full)" - majorMinorVersion="$(get_tag "${version}" majorminor)" - - IFS=' ' read -ra versionAliases <<< "$fullVersion $majorMinorVersion $stub" - - if [ -f "${version}/Dockerfile" ]; then - # Get supported architectures for a specific version. See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "default")" - - echo "Tags: $(join ', ' "${versionAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}" - echo - fi - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")")" - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - commit="$(fileCommit "${version}/${variant}")" - - slash='/' - variantAliases=("${versionAliases[@]/%/-${variant//${slash}/-}}") - if [ "${variant}" = "${default_variant}-slim" ]; then - variantAliases+=("${versionAliases[@]/%/-slim}") - elif [ "${variant}" = "alpine${default_alpine}" ]; then - variantAliases+=("${versionAliases[@]/%/-alpine}") - elif [ "${variant}" = "${default_variant}" ]; then - variantAliases+=("${versionAliases[@]}") - fi - variantAliases=("${variantAliases[@]//latest-/}") - - # Get supported architectures for a specific version and variant. - # See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "${variant}")" - - echo "Tags: $(join ', ' "${variantAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}/${variant}" - echo - done -done diff --git a/generate-stackbrew-pr.sh b/generate-stackbrew-pr.sh deleted file mode 100755 index c393b8d680..0000000000 --- a/generate-stackbrew-pr.sh +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -COMMIT_RANGE="${1}" -COMMIT_ID="$(git show -s --format="%H" "${COMMIT_RANGE}" | head -n 1)" - -if [ -n "$TRAVIS" ]; then - COMMIT_MESSAGE="${TRAVIS_COMMIT_MESSAGE}" - BRANCH_NAME="travis-${TRAVIS_BUILD_ID}" - GITHUB_USERNAME="${AUTOPR_GITHUB_USERNAME:-nodejs-github-bot}" -else - COMMIT_MESSAGE="$(git show -s --format=%B "${COMMIT_ID}")" - BRANCH_NAME="autopr-$(date +%s)" - if [[ "$(git remote get-url origin)" =~ github.com/([^/]*)/docker-node.git ]]; then - GITHUB_USERNAME="${BASH_REMATCH[1]}" - fi -fi - -if [[ "${COMMIT_MESSAGE}" =~ Merge\ pull\ request\ \#([0-9]*) ]]; then - - # This is a merge from a pull request - PR_NUMBER="${BASH_REMATCH[1]}" - COMMIT_MESSAGE="$(printf "%s" "${COMMIT_MESSAGE}" | tail -n 1)" -fi - -IMAGES_FILE="library/node" -REPO_NAME="official-images" -ORIGIN_SLUG="${GITHUB_USERNAME}/${REPO_NAME}" -UPSTREAM_SLUG="${AUTOPR_UPSTREAM:-docker-library}/${REPO_NAME}" -DOCKER_SLUG="${TRAVIS_REPO_SLUG:-nodejs/docker-node}" -gitpath="../${REPO_NAME}" - -function auth_header() { - echo "Authorization: token ${GITHUB_API_TOKEN}" -} - -function permission_check() { - if [ -z "${GITHUB_API_TOKEN}" ]; then - fatal "Environment variable \$GITHUB_API_TOKEN is missing or empty" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com")" - - if [ "$(echo "${auth}" | jq -r .message)" = "Bad credentials" ]; then - fatal "Authentication Failed! Invalid \$GITHUB_API_TOKEN" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com/repos/${ORIGIN_SLUG}/collaborators/${GITHUB_USERNAME}/permission")" - if [ "$(echo "${auth}" | jq -r .message)" != "null" ]; then - fatal "\$GITHUB_API_TOKEN can't push to https://github.com/${ORIGIN_SLUG}.git" - fi -} - -function setup_git_author() { - # Set Git User Info - GIT_AUTHOR_NAME="Node.js GitHub Bot" - GIT_AUTHOR_EMAIL="github-bot@iojs.org" - GIT_COMMITTER_NAME="Node.js GitHub Bot" - GIT_COMMITTER_EMAIL="github-bot@iojs.org" - - export GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL -} - -function message() { - echo "Node: ${COMMIT_MESSAGE}" -} - -function pr_payload() { - local escaped_message - local body - local maintainers - - escaped_message="$(echo "${COMMIT_MESSAGE}" | sed -E -e "s/\"/\\\\\"/g")" - - if [ -n "${PR_NUMBER}" ]; then - body="Pull Request: ${DOCKER_SLUG}#${PR_NUMBER}" - else - body="Commit: https://github.com/${DOCKER_SLUG}/compare/${COMMIT_RANGE}" - fi - - for maintainer in $(xargs < ACTIVE_MAINTAINERS); do - maintainers="$maintainers @$maintainer" - done - - printf "{ - \"title\": \"Node: %s\", - \"body\" : \"%s.
cc %s\", - \"head\" : \"%s\", - \"base\": \"master\" - }" "${escaped_message}" "${body}" "${maintainers}" "${GITHUB_USERNAME}:${BRANCH_NAME}" -} - -function comment_payload() { - local pr_url - pr_url="${1}" - echo "{ - \"body\": \"Created PR to the ${REPO_NAME} repo (${pr_url}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub.\" - }" -} - -if images_updated "${COMMIT_RANGE}"; then - - permission_check - - # Set Git User Info - [ -z "$GIT_AUTHOR_NAME" ] && setup_git_author - - info "Cloning..." - git clone --depth 50 "https://github.com/${UPSTREAM_SLUG}.git" ${gitpath} 2> /dev/null - - stackbrew="$(./generate-stackbrew-library.sh)" - - cd ${gitpath} - - echo "${stackbrew}" > "${IMAGES_FILE}" - git checkout -b "${BRANCH_NAME}" - git add "${IMAGES_FILE}" - git commit -m "$(message)" - - info "Pushing..." - git fetch --unshallow "https://github.com/${ORIGIN_SLUG}.git" - git push "https://${GITHUB_API_TOKEN}:x-oauth-basic@github.com/${ORIGIN_SLUG}.git" -f "${BRANCH_NAME}" || fatal "Error pushing the updated stackbrew" - - cd - && rm -rf ${gitpath} - - info "Creating Pull request" - pr_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(pr_payload)" \ - "https://api.github.com/repos/${UPSTREAM_SLUG}/pulls")" - - url="$(echo "${pr_response_payload}" | jq -r .html_url)" - if [ "${url}" != "null" ]; then - info "Pull request created at ${url}" - - if [ -n "${PR_NUMBER}" ]; then - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/issues/${PR_NUMBER}/comments" - else - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/commits/${COMMIT_ID}/comments" - fi - - info "Creating Commit Comment" - commit_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(comment_payload "${url}")" \ - "${comment_endpoint}")" - - if [ "$(echo "${commit_response_payload}" | jq -r .message)" != "null" ]; then - fatal "Error linking the pull request (${error_message})" - else - comment_url="$(echo "${commit_response_payload}" | jq -r .html_url)" - info "Created comment at ${comment_url}" - fi - else - error_message=$(echo "${pr_response_payload}" | jq -r .message) - fatal "Error creating pull request (${error_message})" - fi -else - info "No change!" -fi diff --git a/keys/node.keys b/keys/node.keys index 94a01e332c..3ae5e6b6dd 100644 --- a/keys/node.keys +++ b/keys/node.keys @@ -1,11 +1,9 @@ -94AE36675C464D64BAFA68DD7434390BDBE9B9C5 -FD3A5288F042B6850C66B31F09FE44734EB7990E -71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 -DD8F2338BAE7501E3DD5AC78C273792F7D83545D -C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 -B9AE9905FFD7803F25714661B63B535A4C206CA9 -77984A986EBC2AA786BC0F66B01FBB92821C587A +5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 +DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 +CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 -4ED778F539E3634C779C87C6D7062848A1AB005C -A48C2BEE680E841632CD4E44F07496B3EB3C1762 -B9E2F5981AA6E0CD28160D9FF13993A75599653C +890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 +C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C +108F52B48DB57BB0CC439B2997B01419BD92F80A +A363A499291CBBC940DD62E41F10027AF002F8B0 +655F3B5C1FB3FA8D1A0CA6BDE4A7D232B936D2FD diff --git a/keys/yarn.keys b/keys/yarn.keys deleted file mode 100644 index 6b0feed13c..0000000000 --- a/keys/yarn.keys +++ /dev/null @@ -1 +0,0 @@ -6A010C5166006599AA17F08146C2130DFD2497F5 diff --git a/markdown_link_check_config.json b/markdown_link_check_config.json new file mode 100644 index 0000000000..9448b35354 --- /dev/null +++ b/markdown_link_check_config.json @@ -0,0 +1,19 @@ +{ + "ignorePatterns": [ + { + "pattern": "^https://nodejs\\.org/" + }, + { + "pattern": "^https://www\\.npmjs\\.com/" + }, + { + "pattern": "^https://news\\.ycombinator\\.com/" + }, + { + "pattern": "^https://musl\\.libc\\.org/" + }, + { + "pattern": "^https://www\\.etalabs\\.net/" + } + ] +} diff --git a/stackbrew.js b/stackbrew.js new file mode 100755 index 0000000000..9d82f310f1 --- /dev/null +++ b/stackbrew.js @@ -0,0 +1,153 @@ +#!/usr/bin/env node + +const fs = require('fs'); +const path = require('path'); + +// Grab last git commit +function getCommitHasForPath(path) { + return require('child_process') + .execSync(`git log -1 --format=%H HEAD -- ${path}`) + .toString().trim() +} + +const stackbrewPath = path.basename(__filename); + +// Header +let stackbrew = `# this file is generated via https://github.com/nodejs/docker-node/blob/${getCommitHasForPath(stackbrewPath)}/${stackbrewPath} + +Maintainers: The Node.js Docker Team (@nodejs) +GitRepo: https://github.com/nodejs/docker-node.git +GitFetch: refs/heads/main\n`; + +// Loop versions + +const config = require('./versions.json'); + +const versions = Object.keys(config).reverse() + +let midnight = new Date() +midnight.setHours(0, 0, 0, 0) +const now = midnight.getTime() +const alpineRE = new RegExp(/alpine*/); +const slimRE = new RegExp(/\*-slim/); +let foundLTS = false; +let foundCurrent = false; + +for (const version of versions) { + let lts = new Date(`${config[version].lts}T00:00:00.00`).getTime(); + let isCurrent = foundCurrent ? false : isNaN(lts) || lts >= now; + foundCurrent = isCurrent || foundCurrent; + let isLTS = foundLTS ? false : (now >= lts); + foundLTS = isLTS || foundLTS; + let codename = config[version].codename + let defaultAlpine = config[version]['alpine-default'] + let defaultDebian = config[version]['debian-default'] + let variants = config[version].variants + for (const variant in variants) { + let dockerfilePath = path.join(version, variant, 'Dockerfile'); + let isAlpine = alpineRE.test(variant) + let isSlim = slimRE.test(variant) + let isDefaultSlim = new RegExp(`${defaultDebian}-slim`).test(variant) + + // Get full version from the Dockerfile + let dockerfile = fs.readFileSync(dockerfilePath, 'utf-8') + let fullVersion = dockerfile.match(/ENV NODE_VERSION=(?\d+)\.(?\d+)\.(?\d+)/) + + let tags = [ + `${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}-${variant}`, + `${fullVersion.groups.major}.${fullVersion.groups.minor}-${variant}`, + `${fullVersion.groups.major}-${variant}`, + ] + + if (codename) { + tags.push(`${codename}-${variant}`) + } + + if (variant === defaultAlpine) { + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}-alpine`) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}-alpine`) + tags.push(`${fullVersion.groups.major}-alpine`) + if (codename) { + tags.push(`${codename}-alpine`) + } + } + + if (variant === defaultDebian) { + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}`) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}`) + tags.push(`${fullVersion.groups.major}`) + if (isSlim) { + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}-slim`) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}-slim`) + tags.push(`${fullVersion.groups.major}-slim`) + } + if (codename) { + tags.push(`${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}-slim`) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}-slim`) + tags.push(`${fullVersion.groups.major}-slim`) + if (codename) { + tags.push(`${codename}-slim`) + } + } + + if (isCurrent) { + if (variant === defaultAlpine) { + tags.push(variant) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}.${fullVersion.groups.patch}-alpine`) + tags.push(`${fullVersion.groups.major}.${fullVersion.groups.minor}-alpine`) + tags.push(`${fullVersion.groups.major}-alpine`) + tags.push('alpine') + tags.push('current-alpine') + } + if (variant === defaultDebian) { + tags.push(variant) + tags.push('latest') + tags.push('current') + } + if (isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (!isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (isDefaultSlim) { + tags.push('slim') + tags.push('current-slim') + } + } + + if (isLTS) { + tags.push(`lts-${variant}`) + if (variant === defaultDebian) { + tags.push('lts') + if (codename) { + tags.push(`lts-${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`lts-slim`) + } + if (variant === defaultAlpine) { + tags.push(`lts-alpine`) + } + } + + // remove duplicates + tags = tags.filter((x, i, a) => a.indexOf(x) == i) + tags = tags.sort() + let directory = `${version}/${variant}` + stackbrew += `\nTags: ${tags.join(', ')}\n` + stackbrew += `Architectures: ${config[version].variants[variant].join(', ')}\n` + stackbrew += `GitCommit: ${getCommitHasForPath(directory)}\n` + stackbrew += `Directory: ${directory}\n` + } +} + +// output +console.log(stackbrew) diff --git a/test-build.sh b/test-build.sh deleted file mode 100755 index 7b30e7509e..0000000000 --- a/test-build.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env bash -# -# Run a test build for all images. - -set -euo pipefail - -. functions.sh - -# Convert comma delimited cli arguments to arrays -# E.g. ./test-build.sh 8,10 slim,onbuild -# "8,10" becomes "8 10" and "slim,onbuild" becomes "slim onbuild" -IFS=',' read -ra versions_arg <<< "${1:-}" -IFS=',' read -ra variant_arg <<< "${2:-}" - -default_variant=$(get_config "./" "default_variant") - -function build() { - local version - local tag - local variant - local full_tag - local path - version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - path=$(get_path "${version}" "${variant}") - - info "Building ${full_tag}..." - - if ! docker build --cpuset-cpus="0,1" -t node:"${full_tag}" "${path}"; then - fatal "Build of ${full_tag} failed!" - fi - info "Build of ${full_tag} succeeded." -} - -function test_image() { - local full_version - local variant - local tag - local full_tag - full_version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - - info "Testing ${full_tag}" - ( - export full_version=${full_version} - export full_tag=${full_tag} - bats test-image.bats - ) -} - -cd "$(cd "${0%/*}" && pwd -P)" || exit - -IFS=' ' read -ra versions <<< "$(get_versions . "${versions_arg[@]}")" -if [ ${#versions[@]} -eq 0 ]; then - fatal "No valid versions found!" -fi - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -a "${version}/${default_variant}/Dockerfile" ] || continue - - tag=$(get_tag "${version}") - full_version=$(get_full_version "${version}") - - # Required for chakracore - if [ -f "${version}/Dockerfile" ]; then - build "${version}" "default" "${tag}" - test_image "${full_version}" "default" "${tag}" - fi - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")" "${variant_arg[@]}")" - - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - if [ "${variant}" = "onbuild" ]; then - build "${version}" "${default_variant}" "$tag" - test_image "${full_version}" "${default_variant}" "$tag" - fi - - build "${version}" "${variant}" "${tag}" - test_image "${full_version}" "${variant}" "${tag}" - done - -done - -info "All builds successful!" - -exit 0 diff --git a/test-image.bats b/test-image.bats deleted file mode 100755 index 0ed164867c..0000000000 --- a/test-image.bats +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bats - -@test "Test for node and version" { - run docker run --rm -it node:"$full_tag" node -e "process.stdout.write(process.versions.node)" - [ "$status" -eq 0 ] - [ "$output" == "${full_version}" ] -} - -@test "Test for npm" { - run docker run --rm -it node:"$full_tag" npm --version - [ "$status" -eq 0 ] -} - -@test "Test for yarn" { - run docker run --rm -it node:"$full_tag" yarn --version - [ "$status" -eq 0 ] -} diff --git a/travis.yml.template b/travis.yml.template deleted file mode 100644 index d28f814ab1..0000000000 --- a/travis.yml.template +++ /dev/null @@ -1,113 +0,0 @@ ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - allow_failures: - - env: - - TEST=mardown_lint - - include: - - stage: Test - name: Markdown link check - env: - - TEST=mardown_lint - language: node_js - node_js: - - lts/* - install: - - npm i -g markdown-link-check - script: - - find . -name "*.md" | xargs -n 1 markdown-link-check - - - stage: Test - name: Editor Config check - language: node_js - node_js: - - lts/* - install: - - npm i -g eclint - script: - - eclint check - - - stage: Test - name: Doc Toc Check - language: node_js - node_js: - - lts/* - install: npm i -g doctoc - script: - - cp README.md README.md.tmp && - doctoc --title='## Table of Contents' --github README.md && - diff -q README.md README.md.tmp - - - stage: Test - name: shfmt check - script: - - docker run -it --rm -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - - git diff --color - - git diff --stat=220 --color --exit-code - - - stage: Test - name: Shell Check - script: shellcheck *.sh - - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # diff --git a/update-keys.sh b/update-keys.sh new file mode 100755 index 0000000000..b6fec15418 --- /dev/null +++ b/update-keys.sh @@ -0,0 +1,3 @@ +#!/bin/sh -ex + +curl -fsSLo- --compressed https://github.com/nodejs/node/raw/main/README.md | awk '/--recv-keys.*#/{ gsub(/^.*--recv-keys\s+/,"");gsub(/\s+#.*$/,""); print }' > keys/node.keys diff --git a/update.sh b/update.sh index 8fd0b863af..fe25202ab2 100755 --- a/update.sh +++ b/update.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash + set -ue function usage() { @@ -10,33 +11,25 @@ function usage() { $0 [-s] [MAJOR_VERSION(S)] [VARIANT(S)] Examples: - - update.sh # Update all images - - update.sh -s # Update all images, skip updating Alpine and Yarn - - update.sh 8,10 # Update version 8 and 10 and variants (default, slim, alpine etc.) - - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn - - update.sh 8 slim,stretch # Update only slim and stretch variants for version 8 - - update.sh -s 8 slim,stretch # Update only slim and stretch variants for version 8, skip updating Alpine and Yarn - - update.sh . alpine # Update the alpine variant for all versions - - update.sh -t # Update .travis.yml only + - update.sh # Update all images + - update.sh -s # Update all images, skip updating Alpine if the musl build is unavailable + - update.sh 22,24 # Update all variants of version 22 and 24 + - update.sh -s 24 # Update all variants of version 24, except skip updating Alpine if the musl build is unavailable + - update.sh 24 alpine3.23,alpine3.24 # Update only alpine3.23 & alpine3.24 variants for version 24 + - update.sh . trixie,trixie-slim # Update only trixie & trixie-slim Debian variants for all versions OPTIONS: - -s Security update; skip updating the yarn and alpine versions. - -t Travis CI config update only + -s Security update; allows Debian updates even if musl build for Alpine is unavailable -h Show this message EOF } -SKIP=false -TRAVIS_CI_ONLY=false -while getopts "sth" opt; do +SKIP_ALPINE=false +while getopts "sh" opt; do case "${opt}" in s) - SKIP=true - shift - ;; - t) - TRAVIS_CI_ONLY=true + SKIP_ALPINE=true shift ;; h) @@ -65,16 +58,11 @@ if [ ${#versions[@]} -eq 0 ]; then fi # Global variables -# Get architecure and use this as target architecture for docker image +# Get architecture and use this as target architecture for docker image # See details in function.sh # TODO: Should be able to specify target architecture manually arch=$(get_arch) -if [ "${SKIP}" != true ]; then - alpine_version=$(get_config "./" "alpine_version") - yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)" -fi - function in_versions_to_update() { local version=$1 @@ -127,57 +115,62 @@ function update_node_version() { shift fi - fullVersion="$(curl -sSL --compressed "${baseuri}" | grep ' /dev/null; then @@ -186,29 +179,19 @@ function update_node_version() { echo "${dockerfile} updated!" fi - mv -f "${dockerfile}-tmp" "${dockerfile}" - ) -} - -function add_stage() { - local baseuri=${1} - shift - local version=${1} - shift - local variant=${1} - shift + # Required for POSIX sed + if [ -f "${dockerfile}-tmp-e" ]; then + rm "${dockerfile}-tmp-e" + fi - echo ' - - stage: Build - before_script: *auto_skip - name: '"${version}"' on '"${variant}"' - env: - - NODE_VERSION="'"${version}"'" - - VARIANT="'"${variant}"'"' >> .travis.yml + # Guard the move because Alpine sometimes will be missing + if [ -f "${dockerfile}-tmp" ]; then + mv -f "${dockerfile}-tmp" "${dockerfile}" + fi + ) } -echo '# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # -' | cat - travis.yml.template > .travis.yml +pids=() for version in "${versions[@]}"; do parentpath=$(dirname "${version}") @@ -216,26 +199,22 @@ for version in "${versions[@]}"; do baseuri=$(get_config "${parentpath}" "baseuri") update_version=$(in_versions_to_update "${version}") - [ "${update_version}" -eq 0 ] && [ true != "$TRAVIS_CI_ONLY" ] && info "Updating version ${version}..." + [ "${update_version}" -eq 0 ] && info "Updating version ${version}..." # Get supported variants according the target architecture # See details in function.sh IFS=' ' read -ra variants <<< "$(get_variants "${parentpath}")" if [ -f "${version}/Dockerfile" ]; then - add_stage "${baseuri}" "${version}" "default" - [ true = "$TRAVIS_CI_ONLY" ] && continue - if [ "${update_version}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${parentpath}/Dockerfile.template" "${version}/Dockerfile" & + pids+=($!) fi fi for variant in "${variants[@]}"; do # Skip non-docker directories [ -f "${version}/${variant}/Dockerfile" ] || continue - add_stage "${baseuri}" "${version}" "${variant}" - [ true = "$TRAVIS_CI_ONLY" ] && continue update_variant=$(in_variants_to_update "${variant}") template_file="${parentpath}/Dockerfile-${variant}.template" @@ -248,12 +227,18 @@ for version in "${versions[@]}"; do template_file="${parentpath}/Dockerfile-alpine.template" fi - [ "$variant" != "onbuild" ] && cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" + cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" if [ "${update_version}" -eq 0 ] && [ "${update_variant}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${template_file}" "${version}/${variant}/Dockerfile" "${variant}" & + pids+=($!) fi done done -wait +# The reason we explicitly wait on each pid is so the return status of this script is set properly +# if one of the jobs fails. If we just called "wait", the exit status would always be 0 +for pid in "${pids[@]}"; do + wait "$pid" +done + info "Done!" diff --git a/versions.json b/versions.json new file mode 100644 index 0000000000..49f260f33b --- /dev/null +++ b/versions.json @@ -0,0 +1,167 @@ +{ + "26": { + "start": "2026-05-05", + "lts": "2026-10-28", + "maintenance": "2027-10-20", + "end": "2029-04-30", + "codename": "", + "alpine-default": "alpine3.24", + "debian-default": "trixie", + "variants": { + "alpine3.23": [ + "amd64", + "arm64v8" + ], + "alpine3.24": [ + "amd64", + "arm64v8" + ], + "bookworm": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + }, + "24": { + "start": "2025-05-06", + "lts": "2025-10-28", + "maintenance": "2026-10-20", + "end": "2028-04-30", + "codename": "krypton", + "alpine-default": "alpine3.24", + "debian-default": "bookworm", + "variants": { + "alpine3.23": [ + "amd64", + "arm64v8", + "s390x" + ], + "alpine3.24": [ + "amd64", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + }, + "22": { + "start": "2024-04-23", + "lts": "2024-10-29", + "maintenance": "2025-10-21", + "end": "2027-04-30", + "codename": "jod", + "alpine-default": "alpine3.24", + "debian-default": "bookworm", + "variants": { + "alpine3.23": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "alpine3.24": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + } +}