diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000000..f83023c169 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +* text=auto eol=lf +/Dockerfile*.template linguist-language=Dockerfile diff --git a/.github/ISSUE_TEMPLATE/1-bug-report.md b/.github/ISSUE_TEMPLATE/1-bug-report.md new file mode 100644 index 0000000000..d8ea9da3b4 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/1-bug-report.md @@ -0,0 +1,48 @@ +--- +name: "\U0001F41B Bug Report" +about: Create a bug report to help us improve +--- + + + +## Environment + +* **Platform**: +* **Docker Version**: +* **Node.js Version**: +* **Image Tag**: + +## Expected Behavior + + + +## Current Behavior + + + +## Possible Solution + + + +## Steps to Reproduce + + + +## Additional Information + + + diff --git a/.github/ISSUE_TEMPLATE/2-feature-request.md b/.github/ISSUE_TEMPLATE/2-feature-request.md new file mode 100644 index 0000000000..31a875664e --- /dev/null +++ b/.github/ISSUE_TEMPLATE/2-feature-request.md @@ -0,0 +1,29 @@ +--- +name: "\U0001F680 Feature Request" +about: Suggest an idea for this project +--- + + + +## Problem + + + +## Solution + + + +## Alternatives to Consider + + + diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml new file mode 100644 index 0000000000..d08bfe4cf3 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -0,0 +1,14 @@ +blank_issues_enabled: false +contact_links: + - name: Need help with Node.js? + url: https://github.com/nodejs/help + about: Please file an issue in our help repo. + - name: Found a problem with Node.js beyond the API reference documentation? + url: https://github.com/nodejs/nodejs.org/issues/new/choose + about: Please file an issue in the Node.js website repository. + - name: Want to report security issues or vulnerabilites? + url: https://github.com/nodejs/docker-node/security/policy + about: Please go through our policy for reporting CVEs and security issues. + - name: Need help with common questions related to using Node.js with Docker? + url: https://stackoverflow.com/questions/tagged/node.js%2bdocker%2bdockerfile + about: Please visit Stack Overflow to explore related questions and answers. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000000..6fadc5bdf3 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,54 @@ + + +## Description + + + +## Motivation and Context + + + +## Testing Details + + + +## Example Output(if appropriate) + +## Types of changes + + + +- [ ] Documentation +- [ ] Version change (Update, remove or add more Node.js versions) +- [ ] Variant change (Update, remove or add more variants, or versions of variants) +- [ ] Bug fix (non-breaking change which fixes an issue) +- [ ] New feature (non-breaking change which adds functionality) +- [ ] Breaking change (fix or feature that would cause existing functionality to change) +- [ ] Other (none of the above) + +## Checklist + + + +- [ ] My code follows the code style of this project. +- [ ] My change requires a change to the documentation. +- [ ] I have updated the documentation accordingly. +- [ ] I have read the **CONTRIBUTING.md** document. +- [ ] All new and existing tests passed. + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000000..afb98ae0c7 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/automatic-updates.yml b/.github/workflows/automatic-updates.yml new file mode 100644 index 0000000000..f02a15cac7 --- /dev/null +++ b/.github/workflows/automatic-updates.yml @@ -0,0 +1,38 @@ +name: Automatically update Docker image versions + +on: + schedule: + - cron: "*/15 * * * *" + +jobs: + build: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' + permissions: + pull-requests: write + + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Run automation script + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: updt + with: + result-encoding: string + script: | + const { default: script } = await import(`${process.env.GITHUB_WORKSPACE}/build-automation.mjs`); + return script(github); + + - name: Create update PR + id: cpr + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 + with: + token: ${{ secrets.GH_API_TOKEN }} + author: "Node.js GitHub Bot " + branch: update-branch + base: main + commit-message: "feat: Node.js ${{ steps.updt.outputs.result }}" + title: "feat: Node.js ${{ steps.updt.outputs.result }}" + delete-branch: true + team-reviewers: | + nodejs/docker diff --git a/.github/workflows/build-test.yml b/.github/workflows/build-test.yml new file mode 100644 index 0000000000..08a1419874 --- /dev/null +++ b/.github/workflows/build-test.yml @@ -0,0 +1,97 @@ +name: build-test + +on: + push: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + + pull_request: + paths: + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - genMatrix.js + - ".github/workflows/build-test.yml" + +jobs: + gen-matrix: + name: generate-matrix + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Calculate file differences + id: diff + uses: tj-actions/changed-files@9426d40962ed5378910ee2e21d5f8c6fcbf2dd96 # v47.0.6 + with: + json: true + escape_json: false + + - name: Generate testing matrix + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: generator + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const script = require(`${process.env.GITHUB_WORKSPACE}/genMatrix.js`) + return script( + ${{ steps.diff.outputs.added_files }}, + ${{ steps.diff.outputs.modified_files }}, + ${{ steps.diff.outputs.renamed_files }}, + ); + + outputs: + matrix: ${{ steps.generator.outputs.result }} + + build: + if: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + needs: gen-matrix + name: build + runs-on: ubuntu-latest + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: ${{ fromJson(needs.gen-matrix.outputs.matrix) }} + + steps: + - name: Get short node version + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0 + id: short-version + with: + result-encoding: string + script: return "${{ matrix.version }}".split('.')[0] + + - name: Checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Build image + uses: docker/build-push-action@bcafcacb16a39f128d818304e6c9c0c18556b85f # v7.1.0 + with: + push: false + load: true + context: . + file: ./${{ steps.short-version.outputs.result }}/${{ matrix.variant }}/Dockerfile + tags: node:${{ matrix.version }}-${{ matrix.variant }} + + - name: Test for node version + run: | + image_node_version=$(docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node") + echo "Expected: \"${{ matrix.version }}\", Got: \"${image_node_version}\"" + [ "${image_node_version}" == "${{ matrix.version }}" ] + + - name: Verify entrypoint runs regular, non-executable files with node + run: | + tmp_file=$(mktemp) + echo 'console.log("success")' > "${tmp_file}" + output=$(docker run --rm -v "${tmp_file}:/app/index.js" node:${{ matrix.version }}-${{ matrix.variant }} app/index.js) + [ "${output}" = 'success' ] + + - name: Test for npm + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + + - name: Test for yarn + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} yarn --version diff --git a/.github/workflows/doctoc.yml b/.github/workflows/doctoc.yml new file mode 100644 index 0000000000..88e9901cc9 --- /dev/null +++ b/.github/workflows/doctoc.yml @@ -0,0 +1,30 @@ +name: Check generated TOCs + +on: + pull_request: + paths: + - "README.md" + - "docs/BestPractices.md" + +permissions: + contents: read + +jobs: + doctoc: + name: Doc TOC Check + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - name: Install doctoc + run: npm i -g doctoc + - name: Create README copy and diff with doctoc + run: cp README.md README.md.tmp && + doctoc --title='## Table of Contents' --github README.md && + diff -q README.md README.md.tmp + - name: Create "docs/BestPractices.md" copy and diff with doctoc + run: cp docs/BestPractices.md docs/BestPractices.md.tmp && + doctoc --title='## Table of Contents' --github docs/BestPractices.md && + diff -q docs/BestPractices.md docs/BestPractices.md.tmp diff --git a/.github/workflows/eclint.yml b/.github/workflows/eclint.yml new file mode 100644 index 0000000000..eb04f9bb1e --- /dev/null +++ b/.github/workflows/eclint.yml @@ -0,0 +1,17 @@ +name: Test Whitespace and line endings + +on: [pull_request] + +permissions: + contents: read + +jobs: + eclint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - run: npm i -g eclint + - run: eclint check diff --git a/.github/workflows/markdown-link-check.yml b/.github/workflows/markdown-link-check.yml new file mode 100644 index 0000000000..3f17f08b3d --- /dev/null +++ b/.github/workflows/markdown-link-check.yml @@ -0,0 +1,23 @@ +name: Check Markdown links + +on: + pull_request: + paths: + - "**/*.md" + - "markdown_link_check_config.json" + +permissions: + contents: read + +jobs: + markdown-link-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 + with: + node-version: 'lts/*' + - name: Install markdown-link-check + run: npm i -g markdown-link-check@3.14.2 + - name: Run markdown-link-check on MD files + run: find . -name "*.md" | xargs -n 1 markdown-link-check -c markdown_link_check_config.json -q diff --git a/.github/workflows/missing-checksum.yml b/.github/workflows/missing-checksum.yml new file mode 100644 index 0000000000..6dabb3a5e1 --- /dev/null +++ b/.github/workflows/missing-checksum.yml @@ -0,0 +1,23 @@ +name: Check Alpine CHECKSUM + +on: + pull_request: + paths: + - ".github/workflows/missing-checksum.yml" + - "**/alpine*/Dockerfile" + +permissions: + contents: read + +jobs: + test: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Count number of Alpine Dockersfiles without CHECKSUM + run: | + git grep -n 'CHECKSUM=""' -- '*alpine*/Dockerfile' | sed -E 's/^([^:]+):([^:]+):\s*/::error file=\1,line=\2::Missing pre-built checksum/' + if [ "${PIPESTATUS[0]}" -eq 0 ]; then + exit 1 + fi diff --git a/.github/workflows/official-pr.yml b/.github/workflows/official-pr.yml new file mode 100644 index 0000000000..b86058d0db --- /dev/null +++ b/.github/workflows/official-pr.yml @@ -0,0 +1,66 @@ +name: Create official images PR + +on: + pull_request_target: + types: + - closed + + paths: + - ".github/workflows/official-pr.yml" + - "**/Dockerfile" + - "**/docker-entrypoint.sh" + - "versions.json" + - "stackbrew.js" + +jobs: + pr: + runs-on: ubuntu-latest + if: github.repository_owner == 'nodejs' && github.event.pull_request.merged_by != '' + permissions: + pull-requests: write + + steps: + - name: Checkout the docker-node repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + path: docker-node + ref: ${{ github.base_ref }} + fetch-depth: 50 + + - name: Checkout the official-images repo + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + path: official-images + repository: docker-library/official-images + + - name: Generate Stackbrew for diff + run: | + cd docker-node + ./stackbrew.js > ../official-images/library/node + + - name: Create PR in official-images + id: create-pr + uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1 + with: + token: ${{ secrets.GH_API_TOKEN }} + push-to-fork: nodejs/official-images + path: official-images + branch: node + commit-message: "Node: ${{ github.event.pull_request.title }}" + title: "Node: ${{ github.event.pull_request.title }}" + body: | + Pull Request: ${{ github.event.pull_request.html_url }} + @LaurentGoderre @PeterDaveHello @SimenB @nschonni @ttshivers + + - name: PR details + run: | + echo "Pull Request Number - ${{ steps.create-pr.outputs.pull-request-number }}" + echo "Pull Request URL - ${{ steps.create-pr.outputs.pull-request-url }}" + + - name: Create PR comment + uses: peter-evans/create-or-update-comment@e8674b075228eee787fea43ef493e45ece1004c9 # v5.0.0 + if: ${{ steps.create-pr.outputs.pull-request-url != '' }} + with: + issue-number: ${{ github.event.pull_request.number }} + body: | + Created PR on the official-images repo (${{ steps.create-pr.outputs.pull-request-url }}). See https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what if you are wondering when it will be available on the Docker Hub. diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml new file mode 100644 index 0000000000..07ae346c37 --- /dev/null +++ b/.github/workflows/scorecard.yml @@ -0,0 +1,73 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '30 12 * * 6' + push: + branches: [ "main" ] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + # Uncomment the permissions below if installing in a private repository. + # contents: read + # actions: read + + steps: + - name: "Checkout code" + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecard on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action?tab=readme-ov-file#authentication-with-fine-grained-pat-optional. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2 + with: + sarif_file: results.sarif diff --git a/.github/workflows/shfmt.yml b/.github/workflows/shfmt.yml new file mode 100644 index 0000000000..d81f771ab5 --- /dev/null +++ b/.github/workflows/shfmt.yml @@ -0,0 +1,23 @@ +name: Check Shell scripts + +on: + pull_request: + paths: + - "**/*.sh" + +permissions: + contents: read + +jobs: + shfmt: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - run: docker run -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . + - run: git diff --color --exit-code + + shellcheck: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - run: shellcheck *.sh diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 9c78b6ddd0..0000000000 --- a/.travis.yml +++ /dev/null @@ -1,304 +0,0 @@ -# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # - ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - allow_failures: - - env: - - TEST=mardown_lint - - include: - - stage: Test - name: Markdown link check - env: - - TEST=mardown_lint - language: node_js - node_js: - - lts/* - install: - - npm i -g markdown-link-check - script: - - find . -name "*.md" | xargs -n 1 markdown-link-check - - - stage: Test - name: Editor Config check - language: node_js - node_js: - - lts/* - install: - - npm i -g eclint - script: - - eclint check - - - stage: Test - name: Doc Toc Check - language: node_js - node_js: - - lts/* - install: npm i -g doctoc - script: - - cp README.md README.md.tmp && - doctoc --title='## Table of Contents' --github README.md && - diff -q README.md README.md.tmp - - - stage: Test - name: shfmt check - script: - - docker run -it --rm -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - - git diff --color - - git diff --stat=220 --color --exit-code - - - stage: Test - name: Shell Check - script: shellcheck *.sh - - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # - - - stage: Build - before_script: *auto_skip - name: 10 on jessie - env: - - NODE_VERSION="10" - - VARIANT="jessie" - - - stage: Build - before_script: *auto_skip - name: 10 on jessie-slim - env: - - NODE_VERSION="10" - - VARIANT="jessie-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on alpine - env: - - NODE_VERSION="10" - - VARIANT="alpine" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch - env: - - NODE_VERSION="10" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 10 on stretch-slim - env: - - NODE_VERSION="10" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 10 on buster - env: - - NODE_VERSION="10" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 10 on buster-slim - env: - - NODE_VERSION="10" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on alpine - env: - - NODE_VERSION="12" - - VARIANT="alpine" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch - env: - - NODE_VERSION="12" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 12 on stretch-slim - env: - - NODE_VERSION="12" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 12 on buster - env: - - NODE_VERSION="12" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 12 on buster-slim - env: - - NODE_VERSION="12" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on alpine - env: - - NODE_VERSION="13" - - VARIANT="alpine" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch - env: - - NODE_VERSION="13" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 13 on stretch-slim - env: - - NODE_VERSION="13" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 13 on buster - env: - - NODE_VERSION="13" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 13 on buster-slim - env: - - NODE_VERSION="13" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on jessie - env: - - NODE_VERSION="8" - - VARIANT="jessie" - - - stage: Build - before_script: *auto_skip - name: 8 on jessie-slim - env: - - NODE_VERSION="8" - - VARIANT="jessie-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on alpine - env: - - NODE_VERSION="8" - - VARIANT="alpine" - - - stage: Build - before_script: *auto_skip - name: 8 on onbuild - env: - - NODE_VERSION="8" - - VARIANT="onbuild" - - - stage: Build - before_script: *auto_skip - name: 8 on stretch - env: - - NODE_VERSION="8" - - VARIANT="stretch" - - - stage: Build - before_script: *auto_skip - name: 8 on stretch-slim - env: - - NODE_VERSION="8" - - VARIANT="stretch-slim" - - - stage: Build - before_script: *auto_skip - name: 8 on buster - env: - - NODE_VERSION="8" - - VARIANT="buster" - - - stage: Build - before_script: *auto_skip - name: 8 on buster-slim - env: - - NODE_VERSION="8" - - VARIANT="buster-slim" - - - stage: Build - before_script: *auto_skip - name: chakracore/10 on default - env: - - NODE_VERSION="chakracore/10" - - VARIANT="default" - - - stage: Build - before_script: *auto_skip - name: chakracore/8 on default - env: - - NODE_VERSION="chakracore/8" - - VARIANT="default" diff --git a/10/alpine/Dockerfile b/10/alpine/Dockerfile deleted file mode 100644 index 1d53cbb2bb..0000000000 --- a/10/alpine/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -FROM alpine:3.9 - -ENV NODE_VERSION 10.17.0 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - binutils-gold \ - curl \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/alpine/docker-entrypoint.sh b/10/alpine/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/architectures b/10/architectures deleted file mode 100644 index 5f77c7cf17..0000000000 --- a/10/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,alpine,stretch,stretch-slim,buster,buster-slim -arm32v6 alpine -arm32v7 jessie,jessie-slim,alpine,stretch,stretch-slim,buster,buster-slim -arm64v8 alpine,stretch,stretch-slim,buster,buster-slim -i386 alpine -ppc64le alpine,stretch,stretch-slim,buster,buster-slim -s390x alpine,stretch,stretch-slim,buster,buster-slim diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile deleted file mode 100644 index 941ae09e5f..0000000000 --- a/10/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/buster-slim/docker-entrypoint.sh b/10/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/buster/docker-entrypoint.sh b/10/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie-slim/Dockerfile b/10/jessie-slim/Dockerfile deleted file mode 100644 index 9a5f591349..0000000000 --- a/10/jessie-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:jessie-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/jessie-slim/docker-entrypoint.sh b/10/jessie-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/jessie/docker-entrypoint.sh b/10/jessie/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/jessie/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile deleted file mode 100644 index abe4b9a5b4..0000000000 --- a/10/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.17.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/10/stretch-slim/docker-entrypoint.sh b/10/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/10/stretch/docker-entrypoint.sh b/10/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/10/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/alpine/Dockerfile b/12/alpine/Dockerfile deleted file mode 100644 index 947128711d..0000000000 --- a/12/alpine/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -FROM alpine:3.9 - -ENV NODE_VERSION 12.13.0 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - binutils-gold \ - curl \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/alpine/docker-entrypoint.sh b/12/alpine/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/architectures b/12/architectures deleted file mode 100644 index 7adab03f0a..0000000000 --- a/12/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 alpine,stretch,stretch-slim,buster,buster-slim -arm32v6 alpine -arm32v7 alpine,stretch,stretch-slim,buster,buster-slim -arm64v8 alpine,stretch,stretch-slim,buster,buster-slim -i386 alpine -ppc64le alpine,stretch,stretch-slim,buster,buster-slim -s390x alpine,stretch,stretch-slim,buster,buster-slim diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile deleted file mode 100644 index 94cf6551af..0000000000 --- a/12/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/buster-slim/docker-entrypoint.sh b/12/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/buster/docker-entrypoint.sh b/12/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile deleted file mode 100644 index f116a98729..0000000000 --- a/12/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch-slim/docker-entrypoint.sh b/12/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile deleted file mode 100644 index bbe171ab61..0000000000 --- a/12/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 12.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/12/stretch/docker-entrypoint.sh b/12/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/12/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/alpine/Dockerfile b/13/alpine/Dockerfile deleted file mode 100644 index e66bbfd18d..0000000000 --- a/13/alpine/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -FROM alpine:3.10 - -ENV NODE_VERSION 13.0.1 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - binutils-gold \ - curl \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/alpine/docker-entrypoint.sh b/13/alpine/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/architectures b/13/architectures deleted file mode 100644 index 7adab03f0a..0000000000 --- a/13/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 alpine,stretch,stretch-slim,buster,buster-slim -arm32v6 alpine -arm32v7 alpine,stretch,stretch-slim,buster,buster-slim -arm64v8 alpine,stretch,stretch-slim,buster,buster-slim -i386 alpine -ppc64le alpine,stretch,stretch-slim,buster,buster-slim -s390x alpine,stretch,stretch-slim,buster,buster-slim diff --git a/13/buster-slim/Dockerfile b/13/buster-slim/Dockerfile deleted file mode 100644 index f0a6eb782d..0000000000 --- a/13/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.0.1 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster-slim/docker-entrypoint.sh b/13/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/buster/Dockerfile b/13/buster/Dockerfile deleted file mode 100644 index 1e3dc74277..0000000000 --- a/13/buster/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:buster - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.0.1 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/buster/docker-entrypoint.sh b/13/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch-slim/Dockerfile b/13/stretch-slim/Dockerfile deleted file mode 100644 index 25db4ddbd6..0000000000 --- a/13/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.0.1 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch-slim/docker-entrypoint.sh b/13/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/13/stretch/Dockerfile b/13/stretch/Dockerfile deleted file mode 100644 index 8b0dc47d35..0000000000 --- a/13/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 13.0.1 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/13/stretch/docker-entrypoint.sh b/13/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/13/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/20/alpine3.22/Dockerfile b/20/alpine3.22/Dockerfile new file mode 100644 index 0000000000..62a5ff07c4 --- /dev/null +++ b/20/alpine3.22/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.22 + +ENV NODE_VERSION=20.20.2 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="2b51a5388f6aaf8e2af65fe3bad6114db0ebd81a1ae1250b1de0cbf034b10c5d" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/alpine3.22/docker-entrypoint.sh b/20/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/alpine3.23/Dockerfile b/20/alpine3.23/Dockerfile new file mode 100644 index 0000000000..87e893c776 --- /dev/null +++ b/20/alpine3.23/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.23 + +ENV NODE_VERSION=20.20.2 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="2b51a5388f6aaf8e2af65fe3bad6114db0ebd81a1ae1250b1de0cbf034b10c5d" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/alpine3.23/docker-entrypoint.sh b/20/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/bookworm-slim/Dockerfile b/20/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..23bd64ead4 --- /dev/null +++ b/20/bookworm-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=20.20.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/bookworm-slim/docker-entrypoint.sh b/20/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/bookworm/Dockerfile b/20/bookworm/Dockerfile new file mode 100644 index 0000000000..0ab5fe66dd --- /dev/null +++ b/20/bookworm/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=20.20.2 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/bookworm/docker-entrypoint.sh b/20/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/bullseye-slim/Dockerfile b/20/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..f285bf0d05 --- /dev/null +++ b/20/bullseye-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=20.20.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/bullseye-slim/docker-entrypoint.sh b/20/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/bullseye/Dockerfile b/20/bullseye/Dockerfile new file mode 100644 index 0000000000..64c55dbfd6 --- /dev/null +++ b/20/bullseye/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=20.20.2 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/bullseye/docker-entrypoint.sh b/20/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/20/trixie-slim/Dockerfile b/20/trixie-slim/Dockerfile new file mode 100644 index 0000000000..174e7d6ddc --- /dev/null +++ b/20/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=20.20.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/20/trixie-slim/docker-entrypoint.sh b/20/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/12/buster/Dockerfile b/20/trixie/Dockerfile similarity index 56% rename from 12/buster/Dockerfile rename to 20/trixie/Dockerfile index 47730761a3..5461ec0491 100644 --- a/12/buster/Dockerfile +++ b/20/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 12.13.0 +ENV NODE_VERSION=20.20.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,51 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/20/trixie/docker-entrypoint.sh b/20/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/20/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/alpine3.22/Dockerfile b/22/alpine3.22/Dockerfile new file mode 100644 index 0000000000..0316ad0fd8 --- /dev/null +++ b/22/alpine3.22/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.22 + +ENV NODE_VERSION=22.22.2 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="c58109c8da448196f0d811df7a6079748678132067e3b53d01c8c8a4bcd86992" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/alpine3.22/docker-entrypoint.sh b/22/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/alpine3.23/Dockerfile b/22/alpine3.23/Dockerfile new file mode 100644 index 0000000000..3fc4635148 --- /dev/null +++ b/22/alpine3.23/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.23 + +ENV NODE_VERSION=22.22.2 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="c58109c8da448196f0d811df7a6079748678132067e3b53d01c8c8a4bcd86992" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/alpine3.23/docker-entrypoint.sh b/22/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bookworm-slim/Dockerfile b/22/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..e173790d37 --- /dev/null +++ b/22/bookworm-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.22.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bookworm-slim/docker-entrypoint.sh b/22/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bookworm/Dockerfile b/22/bookworm/Dockerfile new file mode 100644 index 0000000000..236b0e2d49 --- /dev/null +++ b/22/bookworm/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.22.2 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bookworm/docker-entrypoint.sh b/22/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bullseye-slim/Dockerfile b/22/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..489f7b559a --- /dev/null +++ b/22/bullseye-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.22.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bullseye-slim/docker-entrypoint.sh b/22/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/bullseye/Dockerfile b/22/bullseye/Dockerfile new file mode 100644 index 0000000000..e79027a708 --- /dev/null +++ b/22/bullseye/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.22.2 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/bullseye/docker-entrypoint.sh b/22/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/22/trixie-slim/Dockerfile b/22/trixie-slim/Dockerfile new file mode 100644 index 0000000000..e5de6198b6 --- /dev/null +++ b/22/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=22.22.2 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/22/trixie-slim/docker-entrypoint.sh b/22/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/buster/Dockerfile b/22/trixie/Dockerfile similarity index 56% rename from 10/buster/Dockerfile rename to 22/trixie/Dockerfile index e6394f5c07..1c3c0be208 100644 --- a/10/buster/Dockerfile +++ b/22/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:buster +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=22.22.2 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,51 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/22/trixie/docker-entrypoint.sh b/22/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/22/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/alpine3.22/Dockerfile b/24/alpine3.22/Dockerfile new file mode 100644 index 0000000000..7c9cfb546b --- /dev/null +++ b/24/alpine3.22/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.22 + +ENV NODE_VERSION=24.15.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="8b75070ed35ef8381548f4396d3cf957fd1449db063f288fe00b0cb64456477f" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/alpine3.22/docker-entrypoint.sh b/24/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/alpine3.23/Dockerfile b/24/alpine3.23/Dockerfile new file mode 100644 index 0000000000..1d98f46d67 --- /dev/null +++ b/24/alpine3.23/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.23 + +ENV NODE_VERSION=24.15.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="8b75070ed35ef8381548f4396d3cf957fd1449db063f288fe00b0cb64456477f" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/alpine3.23/docker-entrypoint.sh b/24/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bookworm-slim/Dockerfile b/24/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..a4249a7c83 --- /dev/null +++ b/24/bookworm-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.15.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bookworm-slim/docker-entrypoint.sh b/24/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bookworm/Dockerfile b/24/bookworm/Dockerfile new file mode 100644 index 0000000000..bad1123216 --- /dev/null +++ b/24/bookworm/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.15.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bookworm/docker-entrypoint.sh b/24/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bullseye-slim/Dockerfile b/24/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..5716490dc5 --- /dev/null +++ b/24/bullseye-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.15.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bullseye-slim/docker-entrypoint.sh b/24/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/bullseye/Dockerfile b/24/bullseye/Dockerfile new file mode 100644 index 0000000000..fe5fbfb706 --- /dev/null +++ b/24/bullseye/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.15.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/bullseye/docker-entrypoint.sh b/24/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/24/trixie-slim/Dockerfile b/24/trixie-slim/Dockerfile new file mode 100644 index 0000000000..328a5c365a --- /dev/null +++ b/24/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=24.15.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/24/trixie-slim/docker-entrypoint.sh b/24/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/stretch/Dockerfile b/24/trixie/Dockerfile similarity index 56% rename from 10/stretch/Dockerfile rename to 24/trixie/Dockerfile index d3d984d9c4..c29001bd34 100644 --- a/10/stretch/Dockerfile +++ b/24/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:stretch +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=24.15.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,51 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/24/trixie/docker-entrypoint.sh b/24/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/24/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/alpine3.22/Dockerfile b/25/alpine3.22/Dockerfile new file mode 100644 index 0000000000..e5bf11c3a2 --- /dev/null +++ b/25/alpine3.22/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.22 + +ENV NODE_VERSION=25.9.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="46dfaea08624f9cb9d439d603784b2751ab4d7700c81c26604c032a4dc4e74a1" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/alpine3.22/docker-entrypoint.sh b/25/alpine3.22/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/alpine3.22/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/alpine3.23/Dockerfile b/25/alpine3.23/Dockerfile new file mode 100644 index 0000000000..94090e501b --- /dev/null +++ b/25/alpine3.23/Dockerfile @@ -0,0 +1,110 @@ +FROM alpine:3.23 + +ENV NODE_VERSION=25.9.0 + +RUN addgroup -g 1000 node \ + && adduser -u 1000 -G node -s /bin/sh -D node \ + && apk add --no-cache \ + libstdc++ \ + && apk add --no-cache --virtual .build-deps \ + curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM="46dfaea08624f9cb9d439d603784b2751ab4d7700c81c26604c032a4dc4e74a1" OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ + g++ \ + gcc \ + gnupg \ + libgcc \ + linux-headers \ + make \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xf "node-v$NODE_VERSION.tar.xz" \ + && cd "node-v$NODE_VERSION" \ + && ./configure \ + && make -j$(getconf _NPROCESSORS_ONLN) V= \ + && make install \ + && apk del .build-deps-full \ + && cd .. \ + && rm -Rf "node-v$NODE_VERSION" \ + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/alpine3.23/docker-entrypoint.sh b/25/alpine3.23/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/alpine3.23/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/bookworm-slim/Dockerfile b/25/bookworm-slim/Dockerfile new file mode 100644 index 0000000000..7d3a85827f --- /dev/null +++ b/25/bookworm-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bookworm-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=25.9.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/bookworm-slim/docker-entrypoint.sh b/25/bookworm-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/bookworm-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/bookworm/Dockerfile b/25/bookworm/Dockerfile new file mode 100644 index 0000000000..6be31610c8 --- /dev/null +++ b/25/bookworm/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bookworm + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=25.9.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/bookworm/docker-entrypoint.sh b/25/bookworm/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/bookworm/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/bullseye-slim/Dockerfile b/25/bullseye-slim/Dockerfile new file mode 100644 index 0000000000..de714ee163 --- /dev/null +++ b/25/bullseye-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:bullseye-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=25.9.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/bullseye-slim/docker-entrypoint.sh b/25/bullseye-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/bullseye-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/bullseye/Dockerfile b/25/bullseye/Dockerfile new file mode 100644 index 0000000000..4286794d31 --- /dev/null +++ b/25/bullseye/Dockerfile @@ -0,0 +1,77 @@ +FROM buildpack-deps:bullseye + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=25.9.0 + +RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64';; \ + ppc64el) ARCH='ppc64le';; \ + s390x) ARCH='s390x';; \ + arm64) ARCH='arm64';; \ + armhf) ARCH='armv7l';; \ + i386) ARCH='x86';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && set -ex \ + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/bullseye/docker-entrypoint.sh b/25/bullseye/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/bullseye/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/25/trixie-slim/Dockerfile b/25/trixie-slim/Dockerfile new file mode 100644 index 0000000000..92ba49c7ee --- /dev/null +++ b/25/trixie-slim/Dockerfile @@ -0,0 +1,104 @@ +FROM debian:trixie-slim + +RUN groupadd --gid 1000 node \ + && useradd --uid 1000 --gid node --shell /bin/bash --create-home node + +ENV NODE_VERSION=25.9.0 + +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ + && case "${dpkgArch##*-}" in \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ + *) echo "unsupported architecture"; exit 1 ;; \ + esac \ + && set -ex \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ + 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ + && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ + && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* + +ENV YARN_VERSION=1.22.22 + +RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + && for key in \ + 6A010C5166006599AA17F08146C2130DFD2497F5 \ + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ + && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ + && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ + && mkdir -p /opt \ + && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ + && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* + +COPY docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] + +CMD [ "node" ] diff --git a/25/trixie-slim/docker-entrypoint.sh b/25/trixie-slim/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/trixie-slim/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/10/jessie/Dockerfile b/25/trixie/Dockerfile similarity index 56% rename from 10/jessie/Dockerfile rename to 25/trixie/Dockerfile index 85b82632b0..2225b57f8a 100644 --- a/10/jessie/Dockerfile +++ b/25/trixie/Dockerfile @@ -1,9 +1,9 @@ -FROM buildpack-deps:jessie +FROM buildpack-deps:trixie RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 10.17.0 +ENV NODE_VERSION=25.9.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,51 +15,61 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ + 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 \ + DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 \ + CC68F5A3106FF448322E48ED27F5E38D5B0A215F \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ + 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 \ + C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \ + 108F52B48DB57BB0CC439B2997B01419BD92F80A \ + A363A499291CBBC940DD62E41F10027AF002F8B0 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 1.19.1 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/25/trixie/docker-entrypoint.sh b/25/trixie/docker-entrypoint.sh new file mode 100755 index 0000000000..1b3116e53b --- /dev/null +++ b/25/trixie/docker-entrypoint.sh @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then + set -- node "$@" +fi + +exec "$@" diff --git a/8/alpine/Dockerfile b/8/alpine/Dockerfile deleted file mode 100644 index 23cab3b7d7..0000000000 --- a/8/alpine/Dockerfile +++ /dev/null @@ -1,74 +0,0 @@ -FROM alpine:3.9 - -ENV NODE_VERSION 8.16.2 - -RUN addgroup -g 1000 node \ - && adduser -u 1000 -G node -s /bin/sh -D node \ - && apk add --no-cache \ - libstdc++ \ - && apk add --no-cache --virtual .build-deps \ - binutils-gold \ - curl \ - g++ \ - gcc \ - gnupg \ - libgcc \ - linux-headers \ - make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xf "node-v$NODE_VERSION.tar.xz" \ - && cd "node-v$NODE_VERSION" \ - && ./configure \ - && make -j$(getconf _NPROCESSORS_ONLN) V= \ - && make install \ - && apk del .build-deps \ - && cd .. \ - && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt - -ENV YARN_VERSION 1.19.1 - -RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/alpine/docker-entrypoint.sh b/8/alpine/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/alpine/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/architectures b/8/architectures deleted file mode 100644 index 11c069bf71..0000000000 --- a/8/architectures +++ /dev/null @@ -1,8 +0,0 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -arm32v6 alpine -arm32v7 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -arm64v8 alpine,onbuild,stretch,stretch-slim,buster,buster-slim -i386 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -ppc64le alpine,onbuild,stretch,stretch-slim,buster,buster-slim -s390x alpine,onbuild,stretch,stretch-slim,buster,buster-slim diff --git a/8/buster-slim/Dockerfile b/8/buster-slim/Dockerfile deleted file mode 100644 index a5b235a857..0000000000 --- a/8/buster-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:buster-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/buster-slim/docker-entrypoint.sh b/8/buster-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/buster-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/buster/Dockerfile b/8/buster/Dockerfile deleted file mode 100644 index 4515d7c6aa..0000000000 --- a/8/buster/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:buster - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/buster/docker-entrypoint.sh b/8/buster/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/buster/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/jessie-slim/Dockerfile b/8/jessie-slim/Dockerfile deleted file mode 100644 index d69644ec10..0000000000 --- a/8/jessie-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:jessie-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/jessie-slim/docker-entrypoint.sh b/8/jessie-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/jessie-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/jessie/Dockerfile b/8/jessie/Dockerfile deleted file mode 100644 index b937ad84b4..0000000000 --- a/8/jessie/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:jessie - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/jessie/docker-entrypoint.sh b/8/jessie/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/jessie/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/onbuild/Dockerfile b/8/onbuild/Dockerfile deleted file mode 100644 index b7bbbcc68d..0000000000 --- a/8/onbuild/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM node:8.16.2-stretch - -RUN mkdir -p /usr/src/app -WORKDIR /usr/src/app - -ONBUILD ARG NODE_ENV -ONBUILD ENV NODE_ENV $NODE_ENV -ONBUILD COPY package.json /usr/src/app/ -ONBUILD RUN npm install && npm cache clean --force -ONBUILD COPY . /usr/src/app - -CMD [ "npm", "start" ] diff --git a/8/stretch-slim/Dockerfile b/8/stretch-slim/Dockerfile deleted file mode 100644 index 62e90ae157..0000000000 --- a/8/stretch-slim/Dockerfile +++ /dev/null @@ -1,70 +0,0 @@ -FROM debian:stretch-slim - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ - && rm -rf /var/lib/apt/lists/* \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/stretch-slim/docker-entrypoint.sh b/8/stretch-slim/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/stretch-slim/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/8/stretch/Dockerfile b/8/stretch/Dockerfile deleted file mode 100644 index f1d34d71d9..0000000000 --- a/8/stretch/Dockerfile +++ /dev/null @@ -1,67 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.16.2 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && set -ex \ - && for key in \ - 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ - FD3A5288F042B6850C66B31F09FE44734EB7990E \ - 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ - DD8F2338BAE7501E3DD5AC78C273792F7D83545D \ - C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ - B9AE9905FFD7803F25714661B63B535A4C206CA9 \ - 77984A986EBC2AA786BC0F66B01FBB92821C587A \ - 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ - 4ED778F539E3634C779C87C6D7062848A1AB005C \ - A48C2BEE680E841632CD4E44F07496B3EB3C1762 \ - B9E2F5981AA6E0CD28160D9FF13993A75599653C \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ - && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.19.1 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -COPY docker-entrypoint.sh /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -CMD [ "node" ] diff --git a/8/stretch/docker-entrypoint.sh b/8/stretch/docker-entrypoint.sh deleted file mode 100755 index de6fa8a9ad..0000000000 --- a/8/stretch/docker-entrypoint.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -set -e - -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then - set -- node "$@" -fi - -exec "$@" diff --git a/ACTIVE_MAINTAINERS b/ACTIVE_MAINTAINERS deleted file mode 100644 index 6425f28e38..0000000000 --- a/ACTIVE_MAINTAINERS +++ /dev/null @@ -1,5 +0,0 @@ -LaurentGoderre -pesho -PeterDaveHello -SimenB -Starefossen diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 0d81fd960e..808a538f25 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -2,13 +2,52 @@ Thank you for your contribution. Here are a set of guidelines for contributing to the docker-node project. +## Governance and decision making + +Project governance uses consensus seeking. See [GOVERNANCE.md](./GOVERNANCE.md) for +roles and the decision process. + +For governance-sensitive or potentially contentious changes, open a PR (or issue) +with rationale and allow time for async feedback. + +If a final decision cannot be reached via consensus seeking, escalation goes to +the Node.js TSC as final arbiter. + +## Discussion Areas + +You can use Node.js channels (prefixed by `#nodejs-`) in the [OpenJSF Slack](https://slack-invite.openjsf.org/) workspace for discussions. + +- [#nodejs-distributions](https://openjs-foundation.slack.com/archives/C0ALS3UDE8G) covers discussions for this repo (`docker-node`). + +- [#nodejs-release](https://openjs-foundation.slack.com/archives/C019MGJQ8RH) is linked to the [Node.js Release Working Group](https://github.com/nodejs/release#readme) responsible for the upstream releases of Node.js used by this repo. + ## Version Updates New **Node.js** releases are released as soon as possible. -New **NPM** releases are not tracked. We simply use the NPM version bundled in the corresponding Node.js release. +New **npm** releases are not tracked. We simply use the npm version bundled in the corresponding Node.js release. + +**[Yarn v1 Classic](https://classic.yarnpkg.com/)** is no longer maintained upstream, and will be removed starting with the Node 26 images. + +### Image Creation Automation + +- Every 15 minutes, the [workflow](https://github.com/nodejs/docker-node/blob/main/.github/workflows/automatic-updates.yml) within the [nodejs/docker-node](https://github.com/nodejs/docker-node) repo [checks](https://github.com/nodejs/docker-node/blob/main/build-automation.mjs) for new versions of Node.js [published to the website's `index.json` file](https://nodejs.org/download/release/index.json). + - If found, it also checks for an [unofficial musl/Alpine build](https://unofficial-builds.nodejs.org/download/release/index.json). + - If found, the [update script](https://github.com/nodejs/docker-node/blob/main/update.sh) runs + - The workflow opens a pull request either automatically via [nodejs-github-bot](https://github.com/nodejs-github-bot) or in some cases manually, such as when there is a new major release. +- Another [workflow](https://github.com/nodejs/docker-node/blob/main/.github/workflows/official-pr.yml) detects the merger of these pull requests and opens a pull request to [docker-library/official-images](https://github.com/docker-library/official-images). +- The official images are built and published according to [docker's process](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what), resulting in the new images being available on [Docker Hub](https://hub.docker.com/_/node). + +### Submitting a PR for a version update + +If you'd like to help us by submitting a PR for a version update, please do the following: -**Yarn** is updated to the latest version only when there is a new Node.js SemVer PATCH release, and it's updated only in the branch with the new release, preferably in the same PR. The `update.sh` script does this automatically when invoked with a specific branch, e.g. `./update.sh 6.10`. +1. [Fork this project.](https://docs.github.com/en/get-started/quickstart/fork-a-repo) +1. [Clone the forked repository.](https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/cloning-a-repository) +1. Create a branch for the update PR. For example, `git checkout main; git checkout -b version-update`. +1. Run `./update.sh`. You can see additional options by using accessing the built-in help documentation with `./update.sh -h`. This script will automatically update the appropriate files with the latest versions and checksums. +1. Commit the modified files to the `version-update` branch and push the branch to your fork. +1. [Create a PR to merge the branch from your fork into this project's default branch.](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork). ## Adding dependencies to the base images diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 36d281b2be..d4096cc086 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -1,62 +1,101 @@ FROM alpine:0.0 -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 RUN addgroup -g 1000 node \ && adduser -u 1000 -G node -s /bin/sh -D node \ && apk add --no-cache \ libstdc++ \ && apk add --no-cache --virtual .build-deps \ - binutils-gold \ curl \ + && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" \ + && case "${alpineArch##*-}" in \ + x86_64) ARCH='x64' CHECKSUM=CHECKSUM_x64 OPENSSL_ARCH=linux-x86_64;; \ + x86) OPENSSL_ARCH=linux-elf;; \ + aarch64) OPENSSL_ARCH=linux-aarch64;; \ + arm*) OPENSSL_ARCH=linux-armv4;; \ + ppc64le) OPENSSL_ARCH=linux-ppc64le;; \ + s390x) OPENSSL_ARCH=linux-s390x;; \ + *) ;; \ + esac \ + && if [ -n "${CHECKSUM}" ]; then \ + set -eu; \ + curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; \ + echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - \ + && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs; \ + else \ + echo "Building from source" \ + # backup build + && apk add --no-cache --virtual .build-deps-full \ + binutils-gold \ g++ \ gcc \ gnupg \ libgcc \ linux-headers \ make \ - python \ - # gpg keys listed at https://github.com/nodejs/node#release-keys - && for key in \ - "${NODE_KEYS[@]}" - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ + python3 \ + py-setuptools \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys + && for key in \ + "${NODE_KEYS[@]}" + ; do \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ + done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xf "node-v$NODE_VERSION.tar.xz" \ && cd "node-v$NODE_VERSION" \ && ./configure \ && make -j$(getconf _NPROCESSORS_ONLN) V= \ && make install \ - && apk del .build-deps \ + && apk del .build-deps-full \ && cd .. \ && rm -Rf "node-v$NODE_VERSION" \ - && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt + && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \ + fi \ + && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" \ + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apk del .build-deps \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && apk del .build-deps-yarn + && apk del .build-deps-yarn \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 13ec6404b3..42f866df70 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -3,7 +3,7 @@ FROM buildpack-deps:name RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ @@ -15,41 +15,54 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ i386) ARCH='x86';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ # gpg keys listed at https://github.com/nodejs/node#release-keys && set -ex \ && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/Dockerfile-onbuild.template b/Dockerfile-onbuild.template deleted file mode 100644 index 5b0cbc8846..0000000000 --- a/Dockerfile-onbuild.template +++ /dev/null @@ -1,12 +0,0 @@ -FROM node:0.0.0-stretch - -RUN mkdir -p /usr/src/app -WORKDIR /usr/src/app - -ONBUILD ARG NODE_ENV -ONBUILD ENV NODE_ENV $NODE_ENV -ONBUILD COPY package.json /usr/src/app/ -ONBUILD RUN npm install && npm cache clean --force -ONBUILD COPY . /usr/src/app - -CMD [ "npm", "start" ] diff --git a/Dockerfile-slim.template b/Dockerfile-slim.template index 89de397259..4794c87a10 100644 --- a/Dockerfile-slim.template +++ b/Dockerfile-slim.template @@ -3,56 +3,93 @@ FROM debian:name-slim RUN groupadd --gid 1000 node \ && useradd --uid 1000 --gid node --shell /bin/bash --create-home node -ENV NODE_VERSION 0.0.0 +ENV NODE_VERSION=0.0.0 -RUN buildDeps='xz-utils' \ - && ARCH= && dpkgArch="$(dpkg --print-architecture)" \ +RUN ARCH= OPENSSL_ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - ppc64el) ARCH='ppc64le';; \ - s390x) ARCH='s390x';; \ - arm64) ARCH='arm64';; \ - armhf) ARCH='armv7l';; \ - i386) ARCH='x86';; \ + amd64) ARCH='x64' OPENSSL_ARCH='linux-x86_64';; \ + ppc64el) ARCH='ppc64le' OPENSSL_ARCH='linux-ppc64le';; \ + s390x) ARCH='s390x' OPENSSL_ARCH='linux*-s390x';; \ + arm64) ARCH='arm64' OPENSSL_ARCH='linux-aarch64';; \ + armhf) ARCH='armv7l' OPENSSL_ARCH='linux-armv4';; \ + i386) ARCH='x86' OPENSSL_ARCH='linux-elf';; \ *) echo "unsupported architecture"; exit 1 ;; \ esac \ && set -ex \ - && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr $buildDeps --no-install-recommends \ + # libatomic1 for arm + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr xz-utils libatomic1 --no-install-recommends \ && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ + # gpg keys listed at https://github.com/nodejs/node#release-keys && for key in \ "${NODE_KEYS[@]}" ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" \ && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt \ - && apt-get purge -y --auto-remove $buildDeps \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs + # Remove unused OpenSSL headers to save ~34MB. See this NodeJS issue: https://github.com/nodejs/node/issues/46451 + && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; \ + && apt-mark auto '.*' > /dev/null \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + && ln -s /usr/local/bin/node /usr/local/bin/nodejs \ + # smoke tests + && node --version \ + && npm --version \ + && rm -rf /tmp/* -ENV YARN_VERSION 0.0.0 +ENV YARN_VERSION=1.22.22 RUN set -ex \ + && savedAptMark="$(apt-mark showmanual)" \ + && apt-get update && apt-get install -y ca-certificates curl wget gnupg dirmngr --no-install-recommends \ + && rm -rf /var/lib/apt/lists/* \ + # use pre-existing gpg directory, see https://github.com/nodejs/docker-node/pull/1895#issuecomment-1550389150 + && export GNUPGHOME="$(mktemp -d)" \ && for key in \ - "${YARN_KEYS[@]}" + 6A010C5166006599AA17F08146C2130DFD2497F5 \ ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ + { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || \ + { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; \ done \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && gpgconf --kill all \ + && rm -rf "$GNUPGHOME" \ && mkdir -p /opt \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz + && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ + && apt-mark auto '.*' > /dev/null \ + && { [ -z "$savedAptMark" ] || apt-mark manual $savedAptMark > /dev/null; } \ + && find /usr/local -type f -executable -exec ldd '{}' ';' \ + | awk '/=>/ { so = $(NF-1); if (index(so, "/usr/local/") == 1) { next }; gsub("^/(usr/)?", "", so); print so }' \ + | sort -u \ + | xargs -r dpkg-query --search \ + | cut -d: -f1 \ + | sort -u \ + | xargs -r apt-mark manual \ + && apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false \ + # smoke test + && yarn --version \ + && rm -rf /tmp/* COPY docker-entrypoint.sh /usr/local/bin/ ENTRYPOINT ["docker-entrypoint.sh"] diff --git a/GOVERNANCE.md b/GOVERNANCE.md index 77020bc50c..47759b9993 100644 --- a/GOVERNANCE.md +++ b/GOVERNANCE.md @@ -1,139 +1,107 @@ -# Docker Working Group - -The Node.js Docker project is jointly governed by a Working Group (WG) -that is responsible for high-level guidance of the project. - -The WG has final authority over this project including: - -* Technical direction -* Project governance and process (including this policy) -* Contribution policy -* GitHub repository hosting -* Conduct guidelines -* Maintaining the list of additional Collaborators - -For the current list of WG members, see the project -[README.md](./README.md#people). - -## Collaborators - -The [nodejs/docker-node](https://github.com/nodejs/docker-node) GitHub -repository is maintained by the WG and additional Collaborators who -are added by the WG on an ongoing basis. - -Individuals making significant and valuable contributions are made -Collaborators and given commit-access to the project. These -individuals are identified by the WG and their addition as -Collaborators is discussed as a pull request to this project's -[README.md](./README.md#people). - -_Note:_ If you make a significant contribution and are not considered -for commit-access log an issue or contact a WG member directly. - -Modifications of the contents of the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -are made on a collaborative basis. Anybody with a GitHub account may -propose a modification via pull request and it will be considered by -the project Collaborators. All pull requests must be reviewed and -accepted by a Collaborator with sufficient expertise who is able to -take full responsibility for the change. In the case of pull requests -proposed by an existing Collaborator, an additional Collaborator is -required for sign-off. Consensus should be sought if additional -Collaborators participate and there is disagreement around a -particular modification. See _Consensus Seeking Process_ below for -further detail on the consensus model used for governance. - -Collaborators may opt to elevate significant or controversial -modifications, or modifications that have not found consensus to the -WG for discussion by assigning the ***WG-agenda*** label to a pull -request or issue. The WG should serve as the final arbiter where -required. - -For the current list of Collaborators, see the project -[README.md](./README.md#people). - -## WG Membership - -WG seats are not time-limited. There is no fixed size of the WG. -However, the expected target is between 6 and 12, to ensure adequate -coverage of important areas of expertise, balanced with the ability to -make decisions efficiently. - -There is no specific set of requirements or qualifications for WG -membership beyond these rules. - -The WG may add, or remove, members to and from the WG. A WG member may -choose to be removed from the WG by voluntary resignation. - -Changes to WG membership should be posted in the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -as an issue or pull request with the ***WG-agenda*** label followed by -the consensus seeking process described below. - -No more than 1/3 of the WG members may be affiliated with the same -employer. If removal or resignation of a WG member, or a change of -employment by a WG member, creates a situation where more than 1/3 of -the WG membership shares an employer, then the situation must be -immediately remedied by the resignation or removal of one or more WG -members affiliated with the over-represented employer(s). - -## WG Meetings - -This working group does not meet. All discussions and decisions -happen in the -[nodejs/docker-node](https://github.com/nodejs/docker-node) repository -in issues and pull requests. Items that requires a decision by the -WG can be flagged with the ***WG-agenda*** label. - -When an issue is tagged with ***WG-agenda***, the WG may invite -persons or representatives from certain projects to participate in the -discussion in a non-voting capacity. - -## Consensus Seeking Process - -The WG follows a [Consensus -Seeking](http://en.wikipedia.org/wiki/Consensus-seeking_decision-making) -decision-making model. - -All proposed changes to the project must be made in the form of a pull -request to the repository (directly committing to a production branch -of the repository is not permitted). The consensus seeking process -will then follow via discussion by the WG members on that pull -request. Changes deemed trivial by WG members may be merged instantly -by any WG member, without waiting for consensus, so long as they leave -a note explaining the reason for the merge. - -When an agenda item has appeared to reach a consensus any WG member -may ask "Does anyone object?" as a final call for dissent from the +# Governance + +The Node.js Docker image project is governed using an **open maintainer model**. + +This repository is no longer operated as a Node.js TSC-chartered working group. +Instead, project decisions are made by maintainers in public, in this repository. + +## Guiding principles + +- Default to public discussion in issues and pull requests. +- Use [Consensus Seeking](https://en.wikipedia.org/wiki/Consensus_decision-making) for decision making. +- Keep decision records in-repo so contributors can follow context. +- Keep a clear path from contributor → collaborator → maintainer. + +## Roles + +### Contributors + +Anyone who proposes changes, reports issues, reviews code, or helps users. + +### Collaborators + +[Collaborators](README.md#collaborators) have write access and help with day-to-day maintenance: + +- review and merge pull requests +- triage issues +- help drive technical direction + +Collaborators are nominated by maintainers via pull request and added after consensus. -If an agenda item cannot reach a consensus a WG member can call for a -closing vote. The call for a vote must be seconded by a majority of -the WG or else the discussion will continue. Simple majority wins. +### Maintainers + +[Maintainers](README.md#docker-maintainers) are responsible for long-term stewardship of the project: + +- facilitate consensus and escalate unresolved final decisions to the Node.js TSC +- governance and membership updates +- release/publishing policy and automation oversight +- security and incident handling for this repository + +## Decision making + +### Standard changes (code/docs/automation) + +- Pull requests are discussed in public. +- A PR from a non-collaborator can be merged by one collaborator. +- A PR from a collaborator should be approved by another collaborator before + merge. + +### Maintainer-level decisions + +For governance, membership, major policy, or contentious technical changes: + +1. Open an issue or PR describing the decision and proposed outcome. +2. Allow time for async feedback (normally at least 5 days). +3. If no unresolved objections remain, a maintainer may merge/close with a + summary. + +If a final decision cannot be made using Consensus Seeking, the issue should be +escalated to the Node.js TSC (for example by requesting `tsc-agenda`). + +In that case, the Node.js TSC is the final arbiter, consistent with the +[TSC Charter](https://github.com/nodejs/TSC/blob/main/TSC-Charter.md). + +## Meetings + +The project primarily operates asynchronously in GitHub issues and pull +requests. If maintainers hold synchronous meetings, outcomes should be posted +publicly in this repository. + +## Membership changes + +Collaborator and maintainer changes are proposed via pull request to +[`README.md`](README.md), with rationale included in the PR +description. + +Project access should be managed via the +[@nodejs/docker team](https://github.com/orgs/nodejs/teams/docker) and kept in +sync with Node.js collaborator tooling. - +Maintainers can also move inactive members to emeritus status through the same +public process. ## Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: -* (a) The contribution was created in whole or in part by me and I +- (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or -* (b) The contribution is based upon previous work that, to the best +- (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that - work with modifications, whether created in whole or in part + work with modifications, whether created wholly or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or -* (c) The contribution was provided directly to me by some other - person who certified (a), (b) or (c) and I have not modified +- (c) The contribution was provided directly to me by some other + person who certified (a), (b), or (c) and I have not modified it. -* (d) I understand and agree that this project and the contribution +- (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with @@ -141,44 +109,5 @@ By making a contribution to this project, I certify that: ## Code of Conduct -This Code of Conduct is adapted from [Rust's wonderful -CoC](https://github.com/rust-lang/rust/wiki/Note-development-policy#conduct). - -* We are committed to providing a friendly, safe and welcoming - environment for all, regardless of gender, sexual orientation, - disability, ethnicity, religion, or similar personal characteristic. - -* Please avoid using overtly sexual nicknames or other nicknames that - might detract from a friendly, safe and welcoming environment for - all. - -* Please be kind and courteous. There's no need to be mean or rude. -* Respect that people have differences of opinion and that every - design or implementation choice carries a trade-off and numerous - costs. There is seldom a right answer. - -* Please keep unstructured critique to a minimum. If you have solid - ideas you want to experiment with, make a fork and see how it works. - -* We will exclude you from interaction if you insult, demean or harass - anyone. That is not welcome behaviour. We interpret the term - "harassment" as including the definition in the [Citizen Code of - Conduct](http://citizencodeofconduct.org/); if you have any lack of - clarity about what might be included in that concept, please read - their definition. In particular, we don't tolerate behavior that - excludes people in socially marginalized groups. - -* Private harassment is also unacceptable. No matter who you are, if - you feel you have been or are being harassed or made uncomfortable - by a community member, please contact one of the channel ops or any - of the TC members immediately with a capture (log, photo, email) of - the harassment if possible. Whether you're a regular contributor or - a newcomer, we care about making this community a safe place for you - and we've got your back. - -* Likewise any spamming, trolling, flaming, baiting or other - attention-stealing behaviour is not welcome. - -* Avoid the use of personal pronouns in code comments or - documentation. There is no need to address persons when explaining - code (e.g. "When the developer") +The Node.js Code of Conduct applies to this project: +. diff --git a/README.md b/README.md index 36c40479e5..e0458b3f3c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Node.js -[![dockeri.co](http://dockeri.co/image/_/node)](https://registry.hub.docker.com/_/node/) +[**node - Docker Official Images on Docker Hub**](https://hub.docker.com/_/node) [![GitHub issues](https://img.shields.io/github/issues/nodejs/docker-node.svg "GitHub issues")](https://github.com/nodejs/docker-node) [![GitHub stars](https://img.shields.io/github/stars/nodejs/docker-node.svg "GitHub stars")](https://github.com/nodejs/docker-node) @@ -19,20 +19,24 @@ The official Node.js docker image, made with love by the node community. - [Verbosity](#verbosity) - [Dockerfile](#dockerfile) - [Docker Run](#docker-run) - - [NPM run](#npm-run) + - [npm run](#npm-run) - [Image Variants](#image-variants) - [`node:`](#nodeversion) - [`node:alpine`](#nodealpine) - - [`node:onbuild`](#nodeonbuild) + - [`node:bullseye`](#nodebullseye) + - [`node:bookworm`](#nodebookworm) + - [`node:trixie`](#nodetrixie) - [`node:slim`](#nodeslim) +- [Release Availability](#release-availability) - [License](#license) - [Supported Docker versions](#supported-docker-versions) - [Supported Node.js versions](#supported-nodejs-versions) +- [Yarn v1 Classic bundling](#yarn-v1-classic-bundling) - [Governance and Current Members](#governance-and-current-members) - - [Docker Working Group Members](#docker-working-group-members) - - [Docker Working Group Collaborators](#docker-working-group-collaborators) + - [Docker Maintainers](#docker-maintainers) + - [Collaborators](#collaborators) - [Emeritus](#emeritus) - - [Docker Working Group Members](#docker-working-group-members-1) + - [Former Maintainers](#former-maintainers) @@ -43,7 +47,7 @@ fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -See: http://nodejs.org +See: https://nodejs.org ## How to use this image @@ -51,7 +55,7 @@ See: http://nodejs.org ```dockerfile # specify the node base image with your desired version node: -FROM node:10 +FROM node:24 # replace this with your application's default port EXPOSE 8888 ``` @@ -66,19 +70,18 @@ $ docker run -it --rm --name my-running-app my-nodejs-app If you prefer Docker Compose: ```yml -version: "2" services: node: - image: "node:8" + image: "node:24" user: "node" working_dir: /home/node/app environment: - NODE_ENV=production volumes: - ./:/home/node/app - expose: - - "8081" - command: "npm start" + ports: # use if it is necessary to expose the container to the host machine + - "8888:8888" + command: ["npm", "start"] ``` You can then run using Docker Compose: @@ -87,7 +90,7 @@ You can then run using Docker Compose: $ docker-compose up -d ``` -Docker Compose example copies your current directory (including node_modules) to the container. +Docker Compose example mounts your current directory (including node_modules) to the container. It assumes that your application has a file named [`package.json`](https://docs.npmjs.com/files/package.json) defining [start script](https://docs.npmjs.com/misc/scripts#default-values). @@ -102,40 +105,40 @@ complete `Dockerfile`. In such cases, you can run a Node.js script by using the Node.js Docker image directly: ```console -$ docker run -it --rm --name my-running-script -v "$PWD":/usr/src/app -w /usr/src/app node:8 node your-daemon-or-script.js +$ docker run -it --rm --name my-running-script -v "$PWD":/usr/src/app -w /usr/src/app node:24 node your-daemon-or-script.js ``` ### Verbosity -Prior to 8.7.0 and 6.11.4 the docker images overrode the default npm log -level from `warn` to `info`. However due to improvements to npm and new Docker +Prior to 8.7.0 and 6.11.4, the docker images overrode the default npm log +level from `warn` to `info`. However, due to improvements to npm and new Docker patterns (e.g. multi-stage builds) the working group reached a [consensus](https://github.com/nodejs/docker-node/issues/528) to revert the log level to npm defaults. If you need more verbose output, please use one of the following methods to change the verbosity level. #### Dockerfile -If you create your own `Dockerfile` which inherits from the `node` image you can +If you create your own `Dockerfile` which inherits from the `node` image, you can simply use `ENV` to override `NPM_CONFIG_LOGLEVEL`. ```dockerfile FROM node -ENV NPM_CONFIG_LOGLEVEL info +ENV NPM_CONFIG_LOGLEVEL=info ... ``` #### Docker Run -If you run the node image using `docker run` you can use the `-e` flag to +If you run the node image using `docker run`, you can use the `-e` flag to override `NPM_CONFIG_LOGLEVEL`. ```console $ docker run -e NPM_CONFIG_LOGLEVEL=info node ... ``` -#### NPM run +#### npm run -If you are running npm commands you can use `--loglevel` to control the +If you are running npm commands, you can use `--loglevel` to control the verbosity of the output. ```console @@ -146,10 +149,12 @@ $ docker run node npm --loglevel=warn ... The `node` images come in many flavors, each designed for a specific use case. All of the images contain pre-installed versions of `node`, -[`npm`](https://www.npmjs.com/), and [`yarn`](https://yarnpkg.com). For each +[`npm`](https://www.npmjs.com/), and [Yarn v1 Classic](https://classic.yarnpkg.com/). For each supported architecture, the supported variants are different. In the file: -[architectures](./architectures), it lists all supported variants for all of +[versions.json](./versions.json), it lists all supported variants for all of the architectures that we support now. +See [Yarn v1 Classic bundling](#yarn-v1-classic-bundling) for future plans to +remove this legacy version. ### `node:` @@ -166,24 +171,28 @@ need to install, thus reducing the overall size of all images on your system. ### `node:alpine` This image is based on the popular -[Alpine Linux project](http://alpinelinux.org), available in +[Alpine Linux project](https://alpinelinux.org), available in [the `alpine` official image](https://hub.docker.com/_/alpine). Alpine Linux is much smaller than most distribution base images (~5MB), and thus leads to much slimmer images in general. This variant is highly recommended when final image size being as small as possible is desired. The main caveat to note is that it does use -[musl libc](http://www.musl-libc.org) instead of -[glibc and friends](http://www.etalabs.net/compare_libcs.html), so certain +[musl libc](https://musl.libc.org/) instead of +[glibc and friends](https://www.etalabs.net/compare_libcs.html), so certain software might run into issues depending on the depth of their libc requirements. However, most software doesn't have an issue with this, so this variant is usually a very safe choice. See [this Hacker News comment thread](https://news.ycombinator.com/item?id=10782897) for more discussion of the issues that might arise and some pro/con comparisons -of using Alpine-based images. One common issue that may arise is a missing shared -library required for use of `process.dlopen`. To add the missing shared libraries -to your image, adding the [`libc6-compat`](https://pkgs.alpinelinux.org/package/edge/main/x86/libc6-compat) -package in your Dockerfile is recommended: `apk add --no-cache libc6-compat` +of using Alpine-based images. + +One common issue that may arise is a missing shared library required for use of +`process.dlopen`. To add the missing shared libraries to your image: + +- Starting from Alpine v3.19, you can use the +[`gcompat`](https://pkgs.alpinelinux.org/package/v3.19/main/x86/gcompat) package +to add the missing shared libraries: `apk add --no-cache gcompat` To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this @@ -191,48 +200,25 @@ image as a base, add the things you need in your own Dockerfile (see the [`alpine` image description](https://hub.docker.com/_/alpine/) for examples of how to install packages if you are unfamiliar). -### `node:onbuild` - -The `ONBUILD` image variants are deprecated, and their usage is discouraged. For more details, see [docker-library/official-images#2076](https://github.com/docker-library/official-images/issues/2076). - -This image makes building derivative images easier. For most use cases, creating -a `Dockerfile` in the base of your project directory with the line `FROM -node:onbuild` will be enough to create a stand-alone image for your project. +To make the image size even smaller, you can [bundle without npm/yarn](./docs/BestPractices.md#smaller-images-without-npmyarn). -While the `onbuild` variant is really useful for "getting off the ground -running" (zero to Dockerized in a short period of time), it's not recommended -for long-term usage within a project due to the lack of control over *when* the -`ONBUILD` triggers fire (see also -[`docker/docker#5714`](https://github.com/docker/docker/issues/5714), -[`docker/docker#8240`](https://github.com/docker/docker/issues/8240), -[`docker/docker#11917`](https://github.com/docker/docker/issues/11917)). +### `node:bullseye` -Once you've got a handle on how your project functions within Docker, you'll -probably want to adjust your `Dockerfile` to inherit from a non-`onbuild` -variant and copy the commands from the `onbuild` variant `Dockerfile` (moving -the `ONBUILD` lines to the end and removing the `ONBUILD` keywords) into your -own file so that you have tighter control over them and more transparency for -yourself and others looking at your `Dockerfile` as to what it does. This also -makes it easier to add additional requirements as time goes on (such as -installing more packages before performing the previously-`ONBUILD` steps). +This image is based on version 11 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). -This `onbuild` variant will only install npm packages according to the -`package.json` and *does not* adhere to the `npm-shrinkwrap.json` (see full -discussion in -[`nodejs/docker-node#65`](https://github.com/nodejs/docker-node/issues/65). +### `node:bookworm` -Note that npm installs devDependencies by default, which is undesirable if -you're building a production image. To avoid this pass NODE_ENV as a build -argument i.e. `docker build --build-arg NODE_ENV=production …`. +This image is based on version 12 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). -The image assumes that your application has a file named -[`package.json`](https://docs.npmjs.com/files/package.json) listing its -dependencies and defining its [start -script](https://docs.npmjs.com/misc/scripts#default-values). +### `node:trixie` -It also assumes that you have a file named [`.dockerignore`](https://docs.docker.com/engine/reference/builder/#/dockerignore-file) otherwise it will copy your local npm modules: - -`node_modules` +This image is based on version 13 of +[Debian](https://debian.org), available in +[the `debian` official image](https://hub.docker.com/_/debian). ### `node:slim` @@ -242,50 +228,89 @@ in an environment where *only* the Node.js image will be deployed and you have space constraints, we highly recommend using the default image of this repository. +## Release Availability + +This repo automatically triggers a process to build new `node` images when Node.js releases +become available. The build processes can take several hours to complete. + +Images may initially appear on [Docker Hub](https://hub.docker.com/_/node) +with incomplete or missing OS/ARCH listings as the build process first publishes a tag +and then backfills each architecture when ready. +During this time, if you try to pull the image, you may see an error +message "no matching manifest". In this case, check back later. +(See [Docker Library FAQs](https://github.com/docker-library/faq#an-images-source-changed-in-git-now-what) +for a detailed description of the complex build process.) + +For Node.js security releases, Debian-based `node` images may be published in advance +of Alpine-based images. To build an Alpine-based `node` image requires +a `musl` build. This may not initially be ready at Node.js release time. +When processing non-security Node.js releases, the build process will wait for +the `musl` build before proceeding with Debian- and Alpine-based images. + ## License -[License information](https://github.com/nodejs/node/blob/master/LICENSE) for -the software contained in this image. [License -information](https://github.com/nodejs/docker-node/blob/master/LICENSE) for the +[License information](https://github.com/nodejs/node/blob/main/LICENSE) for +the software contained in this image. [License information](LICENSE) for the Node.js Docker project. ## Supported Docker versions -This image is officially supported on Docker version 1.9.1. - -Support for older versions (down to 1.6) is provided on a best-effort basis. +If you are using [Docker Desktop](https://docs.docker.com/get-started/get-docker/), +it is recommended to use a recent version, released in the last six months. -Please see [the Docker installation -documentation](https://docs.docker.com/installation/) for details on how to -upgrade your Docker daemon. +Refer to [Docker Engine release notes](https://docs.docker.com/engine/release-notes/) +for current Engine versions. ## Supported Node.js versions This project will support Node.js versions as still under active support as per the [Node.js release schedule](https://github.com/nodejs/Release). -## Governance and Current Members +## Yarn v1 Classic bundling -The Node.js Docker Image is governed by the Docker Working Group. See -[GOVERNANCE.md](https://github.com/nodejs/docker-node/blob/master/GOVERNANCE.md) -to learn more about the group's structure and [CONTRIBUTING.md](CONTRIBUTING.md) for guidance -about the expectations for all contributors to this project. +[Yarn v1 Classic](https://classic.yarnpkg.com/) is currently bundled in `node` image +variants. Because Yarn v1 is [frozen](https://github.com/yarnpkg/yarn) and no longer maintained, +bundling plans have been revised. -### Docker Working Group Members +As of Node.js 26.0.0 it is planned to no longer bundle Yarn v1 into `node` images. +For lower versions of Node.js (<26) `node` images will continue to bundle Yarn v1. -- Hans Kristian Flaatten ([starefossen](https://github.com/starefossen)) -- Hugues Malphettes ([hmalphettes](https://github.com/hmalphettes)) -- John Mitchell ([jlmitch5](https://github.com/jlmitch5)) -- Peter Petrov ([pesho](https://github.com/pesho)) +Users with legacy requirements for Yarn v1 under Node.js 26 and above may be able +to follow [Yarn v1 installation instructions](https://classic.yarnpkg.com/en/docs/install) +and install using `npm install --global yarn`. -### Docker Working Group Collaborators +## Governance and Current Members + +The Node.js Docker Image is governed by an open maintainer model. See +[GOVERNANCE.md](GOVERNANCE.md) +for project roles and decision-making, and [CONTRIBUTING.md](CONTRIBUTING.md) for contribution guidance. If a final decision cannot be reached using consensus seeking, the Node.js TSC is the final arbiter. + +### Docker Maintainers -- Mikeal Rogers ([mikeal](https://github.com/mikeal)) - Laurent Goderre ([LaurentGoderre](https://github.com/LaurentGoderre)) - Simen Bekkhus ([SimenB](https://github.com/SimenB)) - Peter Dave Hello ([PeterDaveHello](https://github.com/PeterDaveHello)) +- Rafael Gonzaga ([rafaelgss](https://github.com/rafaelgss)) +- Matteo Collina ([mcollina](https://github.com/mcollina)) +- Nick Schonning ([nschonni](https://github.com/nschonni)) + +### Collaborators + +- Tianon Gravi ([tianon](https://github.com/tianon)) +- ttshivers ([ttshivers](https://github.com/ttshivers)) +- [yosifkit](https://github.com/yosifkit) +- Stewart X Addison ([sxa](https://github.com/sxa)) +- Mike McCready ([MikeMcC399](https://github.com/MikeMcC399)) + +Collaborators are managed via the +[@nodejs/docker team](https://github.com/orgs/nodejs/teams/docker). ### Emeritus -#### Docker Working Group Members +#### Former Maintainers +- Hans Kristian Flaatten ([Starefossen](https://github.com/Starefossen)) +- Mikeal Rogers ([mikeal](https://github.com/mikeal)) - Christopher Horrell ([chorrell](https://github.com/chorrell)) +- Peter Petrov ([pesho](https://github.com/pesho)) +- John Mitchell ([jlmitch5](https://github.com/jlmitch5)) +- Hugues Malphettes ([hmalphettes](https://github.com/hmalphettes)) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..6ae4285ed8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,18 @@ +# Security Policy + +## Reporting a Vulnerability + +This repo builds releases of Node.js unchanged into Docker images. Node.js itself bundles certain packages as described in the [distribution](https://github.com/nodejs/node/blob/main/doc/contributing/distribution.md) document. This includes also the npm package manager. + +Common Vulnerabilities and Exposures (CVE) reports that relate to Node.js or its packaged dependencies cannot be addressed in this repo. Security issues relating to the Node.js project should follow the process documented on where it is also advised that vulnerabilities in third-party packages should be reported to their respective owners. + +CVEs for the base operating system image packages should be reported to those repositories. Nothing to address those CVEs is in the hands of this repo. + +- [Alpine](https://github.com/alpinelinux/docker-alpine) +- [Debian (bullseye, bookworm, trixie)](https://github.com/debuerreotype/docker-debian-artifacts) + +When base images are patched, the images are rebuilt and rolled out to the Docker hub without intervention by this repo. This process is explained in . + +When vulnerabilities are resolved in a Node.js release, they are routinely released in a corresponding new Node.js Docker image. The schedule is determined by the Node.js releases not by the Node.js Docker repo. + +Please do not open issues in this repo for vulnerabilities in the above components. If they cannot be actioned here, the issue will be closed. diff --git a/architectures b/architectures index 64b416475d..63bad4558f 100644 --- a/architectures +++ b/architectures @@ -1,8 +1,8 @@ -bashbrew-arch variants -amd64 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -arm32v6 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -arm32v7 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -arm64v8 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -i386 jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -ppc64le jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim -s390x jessie,jessie-slim,alpine,onbuild,stretch,stretch-slim,buster,buster-slim +bashbrew-arch variants +amd64 alpine3.22,alpine3.23,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +arm32v6 alpine3.22,alpine3.23 +arm32v7 alpine3.22,alpine3.23,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +arm64v8 alpine3.22,alpine3.23,bookworm,bookworm-slim,bullseye,bullseye-slim,trixie,trixie-slim +i386 alpine3.22,alpine3.23 +ppc64le alpine3.22,alpine3.23,bookworm,bookworm-slim,trixie,trixie-slim +s390x alpine3.22,alpine3.23,bookworm,bookworm-slim,trixie,trixie-slim diff --git a/build-automation.mjs b/build-automation.mjs new file mode 100644 index 0000000000..ba296d1ed4 --- /dev/null +++ b/build-automation.mjs @@ -0,0 +1,105 @@ +import { promisify } from "util"; + +import child_process from "child_process"; + +const exec = promisify(child_process.exec); + +// a function that queries the Node.js release website for new versions, +// compare the available ones with the ones we use in this repo +// and returns whether we should update or not +const checkIfThereAreNewVersions = async (github) => { + try { + const { stdout: versionsOutput } = await exec(". ./functions.sh && get_versions", { shell: "bash" }); + + const supportedVersions = versionsOutput.trim().split(" "); + + let latestSupportedVersions = {}; + + for (let supportedVersion of supportedVersions) { + const { stdout } = await exec(`ls ${supportedVersion}`); + + const { stdout: fullVersionOutput } = await exec(`. ./functions.sh && get_full_version ./${supportedVersion}/${stdout.trim().split("\n")[0]}`, { shell: "bash" }); + + console.log(fullVersionOutput); + + latestSupportedVersions[supportedVersion] = { fullVersion: fullVersionOutput.trim() }; + } + + const { data: availableVersionsJson } = await github.request('https://nodejs.org/download/release/index.json'); + + // filter only more recent versions of availableVersionsJson for each major version in latestSupportedVersions' keys + // e.g. if latestSupportedVersions = { "12": "12.22.10", "14": "14.19.0", "16": "16.14.0", "17": "17.5.0" } + // and availableVersions = ["Node.js 12.22.10", "Node.js 12.24.0", "Node.js 14.19.0", "Node.js 14.22.0", "Node.js 16.14.0", "Node.js 16.16.0", "Node.js 17.5.0", "Node.js 17.8.0"] + // return { "12": "12.24.0", "14": "14.22.0", "16": "16.16.0", "17": "17.8.0" } + + let filteredNewerVersions = {}; + + for (let availableVersion of availableVersionsJson) { + const [availableMajor, availableMinor, availablePatch] = availableVersion.version.split("v")[1].split("."); + if (latestSupportedVersions[availableMajor] == null) { + continue; + } + const [_latestMajor, latestMinor, latestPatch] = latestSupportedVersions[availableMajor].fullVersion.split("."); + if (latestSupportedVersions[availableMajor] && (Number(availableMinor) > Number(latestMinor) || (availableMinor === latestMinor && Number(availablePatch) > Number(latestPatch)))) { + filteredNewerVersions[availableMajor] = { fullVersion: `${availableMajor}.${availableMinor}.${availablePatch}` }; + } + } + + return { + shouldUpdate: Object.keys(filteredNewerVersions).length > 0 && JSON.stringify(filteredNewerVersions) !== JSON.stringify(latestSupportedVersions), + versions: filteredNewerVersions, + } + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +// a function that queries the Node.js unofficial release website for new musl versions and security releases, +// and returns relevant information +const checkForMuslVersionsAndSecurityReleases = async (github, versions) => { + try { + const { data: unofficialBuildsIndexText } = await github.request('https://unofficial-builds.nodejs.org/download/release/index.json'); + + for (let version of Object.keys(versions)) { + const buildVersion = unofficialBuildsIndexText.find(indexVersion => indexVersion.version === `v${versions[version].fullVersion}`); + + versions[version].muslBuildExists = buildVersion?.files.includes("linux-x64-musl") ?? false; + versions[version].isSecurityRelease = buildVersion?.security ?? false; + } + return versions; + } catch (error) { + console.error(error); + process.exit(1); + } +}; + +export default async function(github) { +// if there are no new versions, exit gracefully +// if there are new versions, +// check for musl builds +// then run update.sh + const { shouldUpdate, versions } = await checkIfThereAreNewVersions(github); + + if (!shouldUpdate) { + console.log("No new versions found. No update required."); + process.exit(0); + } else { + const newVersions = await checkForMuslVersionsAndSecurityReleases(github, versions); + let updatedVersions = []; + for (const [version, newVersion] of Object.entries(newVersions)) { + if (newVersion.muslBuildExists) { + const { stdout } = await exec(`./update.sh ${newVersion.isSecurityRelease ? "-s " : ""}${version}`); + console.log(stdout); + updatedVersions.push(newVersion.fullVersion); + } else { + console.log(`There's no musl build for version ${newVersion.fullVersion} yet.`); + process.exit(0); + } + } + const { stdout } = (await exec(`git diff`)); + console.log(stdout); + + return updatedVersions.join(', '); + } +} diff --git a/chakracore/10/Dockerfile b/chakracore/10/Dockerfile deleted file mode 100644 index 52a24d4d5d..0000000000 --- a/chakracore/10/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 10.13.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.12.3 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/8/Dockerfile b/chakracore/8/Dockerfile deleted file mode 100644 index b268beee2f..0000000000 --- a/chakracore/8/Dockerfile +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:jessie - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 8.11.1 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 1.6.0 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/Dockerfile.template b/chakracore/Dockerfile.template deleted file mode 100644 index 401f7d58e0..0000000000 --- a/chakracore/Dockerfile.template +++ /dev/null @@ -1,39 +0,0 @@ -FROM buildpack-deps:stretch - -RUN groupadd --gid 1000 node \ - && useradd --uid 1000 --gid node --shell /bin/bash --create-home node - -ENV NODE_VERSION 0.0.0 - -RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ - && case "${dpkgArch##*-}" in \ - amd64) ARCH='x64';; \ - *) echo "unsupported architecture"; exit 1 ;; \ - esac \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz" \ - && curl -fsSLO --compressed "https://nodejs.org/download/chakracore-release/v$NODE_VERSION/SHASUMS256.txt" \ - && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c - \ - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \ - && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt \ - && ln -s /usr/local/bin/node /usr/local/bin/nodejs - -ENV YARN_VERSION 0.0.0 - -RUN set -ex \ - && for key in \ - 6A010C5166006599AA17F08146C2130DFD2497F5 \ - ; do \ - gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "$key" || \ - gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "$key" || \ - gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "$key" ; \ - done \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ - && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" \ - && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz \ - && mkdir -p /opt \ - && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn \ - && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg \ - && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz - -CMD [ "node" ] diff --git a/chakracore/architectures b/chakracore/architectures deleted file mode 100644 index 85bd3bd021..0000000000 --- a/chakracore/architectures +++ /dev/null @@ -1,2 +0,0 @@ -bashbrew-arch variants -amd64 default diff --git a/chakracore/config b/chakracore/config deleted file mode 100644 index 116285c2f0..0000000000 --- a/chakracore/config +++ /dev/null @@ -1 +0,0 @@ -baseuri https://nodejs.org/download/chakracore-release diff --git a/config b/config index db40669a5f..0c4717b9f9 100644 --- a/config +++ b/config @@ -1,4 +1,4 @@ baseuri https://nodejs.org/dist -default_variant stretch -alpine_version 3.9 -debian_versions jessie stretch buster +default_variant bookworm +alpine_version 3.23 +debian_versions bookworm bullseye trixie diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index de6fa8a9ad..1b3116e53b 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,7 +1,10 @@ #!/bin/sh set -e -if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ]; then +# Run command with node if the first argument contains a "-" or is not a system command. The last +# part inside the "{}" is a workaround for the following bug in ash/dash: +# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874264 +if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then set -- node "$@" fi diff --git a/docs/BestPractices.md b/docs/BestPractices.md index c883b2a0a4..bbc64c6340 100644 --- a/docs/BestPractices.md +++ b/docs/BestPractices.md @@ -1,17 +1,24 @@ # Docker and Node.js Best Practices + + ## Table of Contents - [Environment Variables](#environment-variables) - [Global npm dependencies](#global-npm-dependencies) - [Upgrading/downgrading Yarn](#upgradingdowngrading-yarn) + - [Local](#local) + - [Global](#global) - [Handling Kernel Signals](#handling-kernel-signals) - [Non-root User](#non-root-user) - [Memory](#memory) - [CMD](#cmd) - [Docker Run](#docker-run) - [Security](#security) -- [node-gyp in alpine variant](#node-gyp-alpine) +- [node-gyp alpine](#node-gyp-alpine) +- [Smaller images without npm/yarn](#smaller-images-without-npmyarn) + + ## Environment Variables @@ -37,14 +44,14 @@ ENV PATH=$PATH:/home/node/.npm-global/bin # optionally if you want to run npm gl If you need to upgrade/downgrade `yarn` for a local install, you can do so by issuing the following commands in your `Dockerfile`: -> Note that if you create some other directory which is not a descendant one from where you ran the command, you will end up using the global (dated) version. If you wish to upgrade `yarn` globally follow the instructions in the next section. +> Note that if you create some other directory which is not a descendant one from where you ran the command, you will end up using the global (dated) version. If you wish to upgrade `yarn` globally, follow the instructions in the next section. > When following the local install instructions, due to duplicated yarn the image will end up being bigger. ```Dockerfile FROM node:6 -ENV YARN_VERSION 1.16.0 +ENV YARN_VERSION=1.16.0 RUN yarn policies set-version $YARN_VERSION ``` @@ -54,7 +61,7 @@ RUN yarn policies set-version $YARN_VERSION ```Dockerfile FROM node:6 -ENV YARN_VERSION 1.16.0 +ENV YARN_VERSION=1.16.0 RUN curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ \ @@ -68,7 +75,7 @@ If you're using an Alpine-based image, `curl` won't be present, so you'll need t ```Dockerfile FROM node:6-alpine -ENV YARN_VERSION 1.5.1 +ENV YARN_VERSION=1.5.1 RUN apk add --no-cache --virtual .build-deps-yarn curl \ && curl -fSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" \ @@ -91,7 +98,7 @@ You can also include Tini [directly in your Dockerfile](https://github.com/krall ## Non-root User -By default, Docker runs container as root which inside of the container can pose as a security issue. You would want to run the container as an unprivileged user wherever possible. The node images provide the `node` user for such purpose. The Docker Image can then be run with the `node` user in the following way: +By default, Docker runs commands inside the container as root which violates the [Principle of Least Privilege (PoLP)](https://en.wikipedia.org/wiki/Principle_of_least_privilege) when superuser permissions are not strictly required. You want to run the container as an unprivileged user whenever possible. The node images provide the `node` user with uid 1000 for such purpose. The Docker Image can then be run with the `node` user in the following way: ``` -u "node" @@ -103,12 +110,12 @@ Alternatively, the user can be activated in the `Dockerfile`: FROM node:6.10.3 ... # At the end, set the user to use when running this image -USER node +USER 1000 # node ``` Note that the `node` user is neither a build-time nor a run-time dependency and it can be removed or altered, as long as the functionality of the application you want to add to the container does not depend on it. -If you do not want nor need the user created in this image you can remove it with the following: +If you do not want nor need the user created in this image, you can remove it with the following: ```Dockerfile # For debian based images use: @@ -118,13 +125,13 @@ RUN userdel -r node RUN deluser --remove-home node ``` -If you need to change the uid/gid of the user you can use: +If you need to change the uid/gid of the user, you can use: ```Dockerfile RUN groupmod -g 999 node && usermod -u 999 -g 999 node ``` -If you need another name for the user (ex. `myapp`) execute: +If you need another name for the user (ex. `myapp`), execute: ```Dockerfile RUN usermod -d /home/myapp -l myapp node @@ -140,7 +147,7 @@ RUN deluser --remove-home node \ ## Memory -By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host you should limit how much memory they can consume. +By default, any Docker Container may consume as much of the hardware such as CPU and RAM. If you are running multiple containers on the same host, you should limit how much memory they can consume. ``` -m "300M" --memory-swap "1G" @@ -148,7 +155,7 @@ By default, any Docker Container may consume as much of the hardware such as CPU ## CMD -When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off this reduces the number of processes running inside of your container. Secondly it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. +When creating an image, you can bypass the `package.json`'s `start` command and bake it directly into the image itself. First off, this reduces the number of processes running inside of your container. Secondly, it causes exit signals such as `SIGTERM` and `SIGINT` to be received by the Node.js process instead of npm swallowing them. ```Dockerfile CMD ["node","index.js"] @@ -160,6 +167,7 @@ Here is an example of how you would run a default Node.JS Docker Containerized a ``` $ docker run \ + --init \ -e "NODE_ENV=production" \ -u "node" \ -m "300M" --memory-swap "1G" \ @@ -179,18 +187,18 @@ Here is an example of how you would install dependencies for packages that requi ```Dockerfile FROM node:alpine -RUN apk add --no-cache --virtual .gyp python make g++ \ +RUN apk add --no-cache --virtual .gyp python3 py-setuptools make g++ \ && npm install [ your npm dependencies here ] \ && apk del .gyp ``` -And Here's a multistage build example +And, here's a multistage build example: ```Dockerfile FROM node:alpine as builder ## Install build toolchain, install node deps and compile native add-ons -RUN apk add --no-cache python make g++ +RUN apk add --no-cache python3 make g++ RUN npm install [ your npm dependencies here ] FROM node:alpine as app @@ -198,3 +206,37 @@ FROM node:alpine as app ## Copy built node modules and binaries without including the toolchain COPY --from=builder node_modules . ``` + + +## Smaller images without npm/yarn + +If you want to achieve an even smaller image size than the `-alpine`, you can omit the npm/yarn like this: + +```Dockerfile +ARG ALPINE_VERSION=3.23 + +FROM node:24-alpine${ALPINE_VERSION} AS builder +WORKDIR /build-stage +COPY package*.json ./ +RUN npm ci +# Copy the the files you need +COPY . ./ +RUN npm run build + +FROM alpine:${ALPINE_VERSION} +# Create app directory +WORKDIR /usr/src/app +# Add required binaries +RUN apk add --no-cache libstdc++ dumb-init \ + && addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node \ + && chown node:node ./ +COPY --from=builder /usr/local/bin/node /usr/local/bin/ +COPY --from=builder /usr/local/bin/docker-entrypoint.sh /usr/local/bin/ +ENTRYPOINT ["docker-entrypoint.sh"] +USER node +# Update the following COPY lines based on your codebase +COPY --from=builder /build-stage/node_modules ./node_modules +COPY --from=builder /build-stage/dist ./dist +# Run with dumb-init to not start node with PID=1, since Node.js was not designed to run as PID 1 +CMD ["dumb-init", "node", "dist/index.js"] +``` diff --git a/functions.sh b/functions.sh index 203b08a0e8..444dc2f679 100755 --- a/functions.sh +++ b/functions.sh @@ -1,6 +1,8 @@ #!/usr/bin/env bash # # Utlity functions +# Don't change this file unless needed +# The GitHub Action for automating new builds rely on this file info() { printf "%s\\n" "$@" @@ -30,14 +32,14 @@ function get_arch() { s390x) arch="s390x" ;; - aarch64) + aarch64 | arm64) arch="arm64" ;; armv7l) arch="arm32v7" ;; *) - echo "$0 does not support architecture ${arch} ... aborting" + echo "$0 does not support architecture ${arch:-unknown} ... aborting" exit 1 ;; esac @@ -46,10 +48,10 @@ function get_arch() { } # Get corresponding variants based on the architecture. -# All supported variants of each supported architecutre are listed in a +# All supported variants of each supported architecture are listed in a # file - 'architectures'. Its format is: -# ,... -# ,... +# ,... +# ,... function get_variants() { local dir dir=${1:-.} @@ -133,14 +135,9 @@ function get_config() { # Get available versions for a given path # -# If full or partial versions are provided then they are processed and -# validated. e.g. "6 chakracore" returns "6 chakracore/8" since it processed the -# chakracore entry and found it to be a fork rather than a complete version. -# # The result is a list of valid versions. +# shellcheck disable=SC2120 function get_versions() { - local prefix - prefix=${1:-.} shift local versions=() @@ -149,17 +146,11 @@ function get_versions() { local default_variant default_variant=$(get_config "./" "default_variant") if [ ${#dirs[@]} -eq 0 ]; then - IFS=' ' read -ra dirs <<< "$(echo "${prefix%/}/"*/)" + IFS=' ' read -ra dirs <<< "$(echo "./"*/)" fi for dir in "${dirs[@]}"; do - if [ -a "${dir}/config" ]; then - local subdirs - IFS=' ' read -ra subdirs <<< "$(get_versions "${dir#./}")" - for subdir in "${subdirs[@]}"; do - versions+=("${subdir}") - done - elif [ -a "${dir}/Dockerfile" ] || [ -a "${dir}/${default_variant}/Dockerfile" ]; then + if [ -a "${dir}/Dockerfile" ] || [ -a "${dir}/${default_variant}/Dockerfile" ]; then versions+=("${dir#./}") fi done @@ -169,6 +160,16 @@ function get_versions() { fi } +function is_alpine() { + local variant + variant=${1} + shift + + if [ "${variant}" = "${variant#alpine}" ]; then + return 1 + fi +} + function is_debian() { local variant variant=$1 @@ -238,7 +239,7 @@ function get_full_version() { default_dockerfile="${version}/Dockerfile" fi - grep -m1 'ENV NODE_VERSION ' "${default_dockerfile}" | cut -d' ' -f3 + grep -m1 'ENV NODE_VERSION=' "${default_dockerfile}" | cut -d= -f2 } function get_major_minor_version() { diff --git a/genMatrix.js b/genMatrix.js new file mode 100644 index 0000000000..1d592cca37 --- /dev/null +++ b/genMatrix.js @@ -0,0 +1,80 @@ +'use strict'; +const path = require('path'); +const fs = require('fs'); + +const testFiles = [ + 'genMatrix.js', + '.github/workflows/build-test.yml', +]; + +const nodeDirRegex = /^\d+$/; + +const areTestFilesChanged = (changedFiles) => changedFiles + .some((file) => testFiles.includes(file)); + +// Returns a list of the child directories in the given path +const getChildDirectories = (parent) => fs.readdirSync(parent, { withFileTypes: true }) + .filter((dirent) => dirent.isDirectory()) + .map(({ name }) => path.resolve(parent, name)); + +const getNodeVerionDirs = (base) => getChildDirectories(base) + .filter((childPath) => nodeDirRegex.test(path.basename(childPath))); + +// Returns the paths of Dockerfiles that are at: base/*/Dockerfile +const getDockerfilesInChildDirs = (base) => getChildDirectories(base) + .map((childDir) => path.resolve(childDir, 'Dockerfile')); + +const getAllDockerfiles = (base) => getNodeVerionDirs(base).flatMap(getDockerfilesInChildDirs); + +const getAffectedDockerfiles = (filesAdded, filesModified, filesRenamed) => { + const files = [ + ...filesAdded, + ...filesModified, + ...filesRenamed, + ]; + + // If the test files were changed, include everything + if (areTestFilesChanged(files)) { + console.log('Test files changed so scheduling all Dockerfiles'); + return getAllDockerfiles(__dirname); + } + + const modifiedDockerfiles = files.filter((file) => file.endsWith('/Dockerfile')); + + // Get Dockerfiles affected by modified docker-entrypoint.sh files + const entrypointAffectedDockerfiles = files + .filter((file) => file.endsWith('/docker-entrypoint.sh')) + .map((file) => path.resolve(path.dirname(file), 'Dockerfile')); + + return [ + ...modifiedDockerfiles, + ...entrypointAffectedDockerfiles, + ]; +}; + +const getFullNodeVersionFromDockerfile = (file) => fs.readFileSync(file, 'utf8') + .match(/^ENV NODE_VERSION=(\d*\.*\d*\.\d*)/m)[1]; + +const getDockerfileMatrixEntry = (file) => { + const [variant] = path.dirname(file).split(path.sep).slice(-1); + + const version = getFullNodeVersionFromDockerfile(file); + + return { + version, + variant, + }; +}; + +const generateBuildMatrix = (filesAdded, filesModified, filesRenamed) => { + const dockerfiles = [...new Set(getAffectedDockerfiles(filesAdded, filesModified, filesRenamed))]; + + const entries = dockerfiles.map(getDockerfileMatrixEntry); + + // Return null if there are no entries so we can skip the matrix step + return entries.length + ? { include: entries } + : null; +}; + +module.exports = generateBuildMatrix; diff --git a/generate-stackbrew-library.sh b/generate-stackbrew-library.sh deleted file mode 100755 index 5dbe1f1235..0000000000 --- a/generate-stackbrew-library.sh +++ /dev/null @@ -1,112 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -hash git 2> /dev/null || { echo >&2 "git not found, exiting."; } - -# Used dynamically: print "$array_" $1 -# shellcheck disable=SC2034 -array_8='8 carbon' -# shellcheck disable=SC2034 -array_10='10 dubnium' -# shellcheck disable=SC2034 -array_12='12 erbium lts current' -# shellcheck disable=SC2034 -array_13='13 latest' -# shellcheck disable=SC2034 -array_chakracore_8='chakracore-8' -# shellcheck disable=SC2034 -array_chakracore_10='chakracore-10 chakracore' - -default_variant=$(get_config "./" "default_variant") - -cd "$(cd "${0%/*}" && pwd -P)" - -self="$(basename "${BASH_SOURCE[0]}")" - -IFS=' ' read -ra versions <<< "$(get_versions)" -IFS=' ' read -ra versions <<< "$(sort_versions "${versions[@]}")" -url='https://github.com/nodejs/docker-node' - -# get the most recent commit which modified any of "$@" -fileCommit() { - git log -1 --format='format:%H' HEAD -- "$@" -} - -echo "# this file is generated via ${url}/blob/$(fileCommit "${self}")/${self}" -echo -echo "Maintainers: The Node.js Docker Team <${url}> (@nodejs)" -echo "GitRepo: ${url}.git" -echo - -# prints "$2$1$3$1...$N" -join() { - local sep="$1" - shift - local out - printf -v out "${sep//%/%%}%s" "$@" - echo "${out#$sep}" -} - -get_stub() { - local version="${1}" - shift - IFS='/' read -ra versionparts <<< "${version}" - local stub - eval stub="$(join '_' "${versionparts[@]}" | awk -F. '{ print "$array_" $1 }')" - echo "${stub}" -} - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -f "${version}/${default_variant}/Dockerfile" ] || continue - - stub=$(get_stub "${version}") - commit="$(fileCommit "${version}")" - fullVersion="$(get_tag "${version}" full)" - majorMinorVersion="$(get_tag "${version}" majorminor)" - - IFS=' ' read -ra versionAliases <<< "$fullVersion $majorMinorVersion $stub" - - if [ -f "${version}/Dockerfile" ]; then - # Get supported architectures for a specific version. See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "default")" - - echo "Tags: $(join ', ' "${versionAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}" - echo - fi - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")")" - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - commit="$(fileCommit "${version}/${variant}")" - - slash='/' - variantAliases=("${versionAliases[@]/%/-${variant//${slash}/-}}") - if [ "${variant}" = "${default_variant}-slim" ]; then - variantAliases+=("${versionAliases[@]/%/-slim}") - fi - variantAliases=("${variantAliases[@]//latest-/}") - if [ "${variant}" = "${default_variant}" ]; then - variantAliases+=("${versionAliases[@]}") - fi - - # Get supported architectures for a specific version and variant. - # See details in function.sh - IFS=' ' read -ra supportedArches <<< "$(get_supported_arches "${version}" "${variant}")" - - echo "Tags: $(join ', ' "${variantAliases[@]}")" - echo "Architectures: $(join ', ' "${supportedArches[@]}")" - echo "GitCommit: ${commit}" - echo "Directory: ${version}/${variant}" - echo - done -done diff --git a/generate-stackbrew-pr.sh b/generate-stackbrew-pr.sh deleted file mode 100755 index b01c905603..0000000000 --- a/generate-stackbrew-pr.sh +++ /dev/null @@ -1,168 +0,0 @@ -#!/usr/bin/env bash - -set -e -. functions.sh - -COMMIT_RANGE="${1}" -COMMIT_ID="$(git show -s --format="%H" "${COMMIT_RANGE}" | head -n 1)" - -if [ -n "$TRAVIS" ]; then - COMMIT_MESSAGE="${TRAVIS_COMMIT_MESSAGE}" - BRANCH_NAME="travis-${TRAVIS_BUILD_ID}" - GITHUB_USERNAME="${AUTOPR_GITHUB_USERNAME:-nodejs-github-bot}" -else - COMMIT_MESSAGE="$(git show -s --format=%B "${COMMIT_ID}")" - BRANCH_NAME="autopr-$(date +%s)" - if [[ "$(git remote get-url origin)" =~ github.com/([^/]*)/docker-node.git ]]; then - GITHUB_USERNAME="${BASH_REMATCH[1]}" - fi -fi - -if [[ "${COMMIT_MESSAGE}" =~ Merge\ pull\ request\ \#([0-9]*) ]]; then - - # This is a merge from a pull request - PR_NUMBER="${BASH_REMATCH[1]}" - COMMIT_MESSAGE="$(printf "%s" "${COMMIT_MESSAGE}" | tail -n 1)" -fi - -IMAGES_FILE="library/node" -REPO_NAME="official-images" -ORIGIN_SLUG="${GITHUB_USERNAME}/${REPO_NAME}" -UPSTREAM_SLUG="${AUTOPR_UPSTREAM:-docker-library}/${REPO_NAME}" -DOCKER_SLUG="${TRAVIS_REPO_SLUG:-nodejs/docker-node}" -gitpath="../${REPO_NAME}" - -function auth_header() { - echo "Authorization: token ${GITHUB_API_TOKEN}" -} - -function permission_check() { - if [ -z "${GITHUB_API_TOKEN}" ]; then - fatal "Environment variable \$GITHUB_API_TOKEN is missing or empty" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com")" - - if [ "$(echo "${auth}" | jq -r .message)" = "Bad credentials" ]; then - fatal "Authentication Failed! Invalid \$GITHUB_API_TOKEN" - fi - - auth="$(curl -H "$(auth_header)" \ - -s \ - "https://api.github.com/repos/${ORIGIN_SLUG}/collaborators/${GITHUB_USERNAME}/permission")" - if [ "$(echo "${auth}" | jq -r .message)" != "null" ]; then - fatal "\$GITHUB_API_TOKEN can't push to https://github.com/${ORIGIN_SLUG}.git" - fi -} - -function setup_git_author() { - # Set Git User Info - GIT_AUTHOR_NAME="Node.js GitHub Bot" - GIT_AUTHOR_EMAIL="github-bot@iojs.org" - GIT_COMMITTER_NAME="Node.js GitHub Bot" - GIT_COMMITTER_EMAIL="github-bot@iojs.org" - - export GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL -} - -function message() { - echo "Node: ${COMMIT_MESSAGE}" -} - -function pr_payload() { - local escaped_message - local body - local maintainers - - escaped_message="$(echo "${COMMIT_MESSAGE}" | sed -E -e "s/\"/\\\\\"/g")" - - if [ -n "${PR_NUMBER}" ]; then - body="Pull Request: ${DOCKER_SLUG}#${PR_NUMBER}" - else - body="Commit: https://github.com/${DOCKER_SLUG}/compare/${COMMIT_RANGE}" - fi - - for maintainer in $(xargs < ACTIVE_MAINTAINERS); do - maintainers="$maintainers @$maintainer" - done - - printf "{ - \"title\": \"Node: %s\", - \"body\" : \"%s.
cc %s\", - \"head\" : \"%s\", - \"base\": \"master\" - }" "${escaped_message}" "${body}" "${maintainers}" "${GITHUB_USERNAME}:${BRANCH_NAME}" -} - -function comment_payload() { - local pr_url - pr_url="${1}" - echo "{ - \"body\": \"Created PR to the ${REPO_NAME} repo (${pr_url})\" - }" -} - -if images_updated "${COMMIT_RANGE}"; then - - permission_check - - # Set Git User Info - [ -z "$GIT_AUTHOR_NAME" ] && setup_git_author - - info "Cloning..." - git clone --depth 50 "https://github.com/${UPSTREAM_SLUG}.git" ${gitpath} 2> /dev/null - - stackbrew="$(./generate-stackbrew-library.sh)" - - cd ${gitpath} - - echo "${stackbrew}" > "${IMAGES_FILE}" - git checkout -b "${BRANCH_NAME}" - git add "${IMAGES_FILE}" - git commit -m "$(message)" - - info "Pushing..." - git fetch --unshallow "https://github.com/${ORIGIN_SLUG}.git" - git push "https://${GITHUB_API_TOKEN}:x-oauth-basic@github.com/${ORIGIN_SLUG}.git" -f "${BRANCH_NAME}" || fatal "Error pushing the updated stackbrew" - - cd - && rm -rf ${gitpath} - - info "Creating Pull request" - pr_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(pr_payload)" \ - "https://api.github.com/repos/${UPSTREAM_SLUG}/pulls")" - - url="$(echo "${pr_response_payload}" | jq -r .html_url)" - if [ "${url}" != "null" ]; then - info "Pull request created at ${url}" - - if [ -n "${PR_NUMBER}" ]; then - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/issues/${PR_NUMBER}/comments" - else - comment_endpoint="https://api.github.com/repos/${DOCKER_SLUG}/commits/${COMMIT_ID}/comments" - fi - - info "Creating Commit Comment" - commit_response_payload="$(curl -H "$(auth_header)" \ - -s \ - -X POST \ - -d "$(comment_payload "${url}")" \ - "${comment_endpoint}")" - - if [ "$(echo "${commit_response_payload}" | jq -r .message)" != "null" ]; then - fatal "Error linking the pull request (${error_message})" - else - comment_url="$(echo "${commit_response_payload}" | jq -r .html_url)" - info "Created comment at ${comment_url}" - fi - else - error_message=$(echo "${pr_response_payload}" | jq -r .message) - fatal "Error creating pull request (${error_message})" - fi -else - info "No change!" -fi diff --git a/keys/node.keys b/keys/node.keys index 94a01e332c..c2406457ff 100644 --- a/keys/node.keys +++ b/keys/node.keys @@ -1,11 +1,8 @@ -94AE36675C464D64BAFA68DD7434390BDBE9B9C5 -FD3A5288F042B6850C66B31F09FE44734EB7990E -71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 -DD8F2338BAE7501E3DD5AC78C273792F7D83545D -C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 -B9AE9905FFD7803F25714661B63B535A4C206CA9 -77984A986EBC2AA786BC0F66B01FBB92821C587A +5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 +DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 +CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 -4ED778F539E3634C779C87C6D7062848A1AB005C -A48C2BEE680E841632CD4E44F07496B3EB3C1762 -B9E2F5981AA6E0CD28160D9FF13993A75599653C +890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 +C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C +108F52B48DB57BB0CC439B2997B01419BD92F80A +A363A499291CBBC940DD62E41F10027AF002F8B0 diff --git a/keys/yarn.keys b/keys/yarn.keys deleted file mode 100644 index 6b0feed13c..0000000000 --- a/keys/yarn.keys +++ /dev/null @@ -1 +0,0 @@ -6A010C5166006599AA17F08146C2130DFD2497F5 diff --git a/markdown_link_check_config.json b/markdown_link_check_config.json new file mode 100644 index 0000000000..9448b35354 --- /dev/null +++ b/markdown_link_check_config.json @@ -0,0 +1,19 @@ +{ + "ignorePatterns": [ + { + "pattern": "^https://nodejs\\.org/" + }, + { + "pattern": "^https://www\\.npmjs\\.com/" + }, + { + "pattern": "^https://news\\.ycombinator\\.com/" + }, + { + "pattern": "^https://musl\\.libc\\.org/" + }, + { + "pattern": "^https://www\\.etalabs\\.net/" + } + ] +} diff --git a/stackbrew.js b/stackbrew.js new file mode 100755 index 0000000000..9e7c8eab14 --- /dev/null +++ b/stackbrew.js @@ -0,0 +1,157 @@ +#!/usr/bin/env node + +const fs = require('fs'); +const path = require('path'); + +// Grab last git commit +function getCommitHasForPath(path) { + return require('child_process') + .execSync(`git log -1 --format=%H HEAD -- ${path}`) + .toString().trim() +} + +const stackbrewPath = path.basename(__filename); + +// Header +let stackbrew = `# this file is generated via https://github.com/nodejs/docker-node/blob/${getCommitHasForPath(stackbrewPath)}/${stackbrewPath} + +Maintainers: The Node.js Docker Team (@nodejs) +GitRepo: https://github.com/nodejs/docker-node.git +GitFetch: refs/heads/main\n`; + +// Loop versions + +const config = require('./versions.json'); + +const versions = Object.keys(config).reverse() + +let midnight = new Date() +midnight.setHours(0, 0, 0, 0) +const now = midnight.getTime() +const aplineRE = new RegExp(/alpine*/); +const slimRE = new RegExp(/\*-slim/); +let foundLTS = false; +let foundCurrent = false; + +for (version of versions) { + let lts = new Date(`${config[version].lts}T00:00:00.00`).getTime(); + let maintenance = new Date(`${config[version].maintenance}T00:00:00.00`).getTime(); + let isCurrent = foundCurrent ? false : isNaN(lts) || lts >= now; + foundCurrent = isCurrent || foundCurrent; + let isLTS = foundLTS ? false : (now >= lts); + foundLTS = isLTS || foundLTS; + let codename = config[version].codename + let defaultAlpine = config[version]['alpine-default'] + let defaultDebian = config[version]['debian-default'] + let variants = config[version].variants + let fullversion; + for (variant in variants) { + let dockerfilePath = path.join(version, variant, 'Dockerfile'); + let isAlpine = aplineRE.test(variant) + let isSlim = slimRE.test(variant) + let isDefaultSlim = new RegExp(`${defaultDebian}-slim`).test(variant) + + // Get full version from the Dockerfile + let dockerfile = fs.readFileSync(dockerfilePath, 'utf-8') + fullversion = dockerfile.match(/ENV NODE_VERSION=(?\d+)\.(?\d+)\.(?\d+)/) + + let tags = [ + `${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-${variant}`, + `${fullversion.groups.major}.${fullversion.groups.minor}-${variant}`, + `${fullversion.groups.major}-${variant}`, + ] + + if (codename) { + tags.push(`${codename}-${variant}`) + } + + if (variant === defaultAlpine) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-alpine`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-alpine`) + tags.push(`${fullversion.groups.major}-alpine`) + if (codename) { + tags.push(`${codename}-alpine`) + } + } + + if (variant === defaultDebian) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}`) + tags.push(`${fullversion.groups.major}`) + if (isSlim) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-slim`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-slim`) + tags.push(`${fullversion.groups.major}-slim`) + } + if (codename) { + tags.push(`${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-slim`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-slim`) + tags.push(`${fullversion.groups.major}-slim`) + if (codename) { + tags.push(`${codename}-slim`) + } + } + + if (isCurrent) { + if (variant === defaultAlpine) { + tags.push(variant) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}.${fullversion.groups.patch}-alpine`) + tags.push(`${fullversion.groups.major}.${fullversion.groups.minor}-alpine`) + tags.push(`${fullversion.groups.major}-alpine`) + tags.push('alpine') + tags.push('current-alpine') + } + if (variant === defaultDebian) { + tags.push(variant) + tags.push('latest') + tags.push('current') + } + if (isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (!isAlpine) { + tags.push(`${variant}`) + tags.push(`current-${variant}`) + } + if (isDefaultSlim) { + tags.push('slim') + tags.push('current-slim') + } + } + + if (isLTS) { + tags.push(`lts-${variant}`) + if (variant === defaultAlpine) { + } + if (variant === defaultDebian) { + tags.push('lts') + if (codename) { + tags.push(`lts-${codename}`) + } + } + if (isDefaultSlim) { + tags.push(`lts-slim`) + } + if (variant === defaultAlpine) { + tags.push(`lts-alpine`) + } + } + + // remove duplicates + tags = tags.filter((x, i, a) => a.indexOf(x) == i) + tags = tags.sort() + let directory = `${version}/${variant}` + stackbrew += `\nTags: ${tags.join(', ')}\n` + stackbrew += `Architectures: ${config[version].variants[variant].join(', ')}\n` + stackbrew += `GitCommit: ${getCommitHasForPath(directory)}\n` + stackbrew += `Directory: ${directory}\n` + } +} + +// output +console.log(stackbrew) diff --git a/test-build.sh b/test-build.sh deleted file mode 100755 index 7b30e7509e..0000000000 --- a/test-build.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/usr/bin/env bash -# -# Run a test build for all images. - -set -euo pipefail - -. functions.sh - -# Convert comma delimited cli arguments to arrays -# E.g. ./test-build.sh 8,10 slim,onbuild -# "8,10" becomes "8 10" and "slim,onbuild" becomes "slim onbuild" -IFS=',' read -ra versions_arg <<< "${1:-}" -IFS=',' read -ra variant_arg <<< "${2:-}" - -default_variant=$(get_config "./" "default_variant") - -function build() { - local version - local tag - local variant - local full_tag - local path - version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - path=$(get_path "${version}" "${variant}") - - info "Building ${full_tag}..." - - if ! docker build --cpuset-cpus="0,1" -t node:"${full_tag}" "${path}"; then - fatal "Build of ${full_tag} failed!" - fi - info "Build of ${full_tag} succeeded." -} - -function test_image() { - local full_version - local variant - local tag - local full_tag - full_version="$1" - shift - variant="$1" - shift - tag="$1" - shift - - full_tag=$(get_full_tag "${variant}" "${tag}") - - info "Testing ${full_tag}" - ( - export full_version=${full_version} - export full_tag=${full_tag} - bats test-image.bats - ) -} - -cd "$(cd "${0%/*}" && pwd -P)" || exit - -IFS=' ' read -ra versions <<< "$(get_versions . "${versions_arg[@]}")" -if [ ${#versions[@]} -eq 0 ]; then - fatal "No valid versions found!" -fi - -for version in "${versions[@]}"; do - # Skip "docs" and other non-docker directories - [ -f "${version}/Dockerfile" ] || [ -a "${version}/${default_variant}/Dockerfile" ] || continue - - tag=$(get_tag "${version}") - full_version=$(get_full_version "${version}") - - # Required for chakracore - if [ -f "${version}/Dockerfile" ]; then - build "${version}" "default" "${tag}" - test_image "${full_version}" "default" "${tag}" - fi - - # Get supported variants according to the target architecture. - # See details in function.sh - IFS=' ' read -ra variants <<< "$(get_variants "$(dirname "${version}")" "${variant_arg[@]}")" - - for variant in "${variants[@]}"; do - # Skip non-docker directories - [ -f "${version}/${variant}/Dockerfile" ] || continue - - if [ "${variant}" = "onbuild" ]; then - build "${version}" "${default_variant}" "$tag" - test_image "${full_version}" "${default_variant}" "$tag" - fi - - build "${version}" "${variant}" "${tag}" - test_image "${full_version}" "${variant}" "${tag}" - done - -done - -info "All builds successful!" - -exit 0 diff --git a/test-image.bats b/test-image.bats deleted file mode 100755 index 0ed164867c..0000000000 --- a/test-image.bats +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bats - -@test "Test for node and version" { - run docker run --rm -it node:"$full_tag" node -e "process.stdout.write(process.versions.node)" - [ "$status" -eq 0 ] - [ "$output" == "${full_version}" ] -} - -@test "Test for npm" { - run docker run --rm -it node:"$full_tag" npm --version - [ "$status" -eq 0 ] -} - -@test "Test for yarn" { - run docker run --rm -it node:"$full_tag" yarn --version - [ "$status" -eq 0 ] -} diff --git a/travis.yml.template b/travis.yml.template deleted file mode 100644 index d28f814ab1..0000000000 --- a/travis.yml.template +++ /dev/null @@ -1,113 +0,0 @@ ---- - -dist: xenial - -language: minimal - -services: - - docker - -.before_script: &auto_skip -- | - if [ "false" != "$TRAVIS_PULL_REQUEST" ]; then - TRAVIS_COMMIT_RANGE="$TRAVIS_BRANCH..$TRAVIS_PULL_REQUEST_SHA" - fi - if [ "default" = "$VARIANT" ]; then - Dockerfile="$NODE_VERSION/Dockerfile" - else - Dockerfile="$NODE_VERSION/$VARIANT/Dockerfile" - fi - if [ "" = "$TRAVIS_COMMIT_RANGE" ]; then - echo "This is a new branch" - elif ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- &> /dev/null; then - echo "Change range not recognized: '$TRAVIS_COMMIT_RANGE'" - elif git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^$Dockerfile$"; then - echo "Change of $Dockerfile detected." - else - echo "Skip build of $Dockerfile as it's not changed." - exit - fi - -script: ./test-build.sh $NODE_VERSION $VARIANT - -stages: - - Test - - Build - - name: Deploy - if: branch = master AND type IN (push) - -jobs: - fast_finish: true - allow_failures: - - env: - - TEST=mardown_lint - - include: - - stage: Test - name: Markdown link check - env: - - TEST=mardown_lint - language: node_js - node_js: - - lts/* - install: - - npm i -g markdown-link-check - script: - - find . -name "*.md" | xargs -n 1 markdown-link-check - - - stage: Test - name: Editor Config check - language: node_js - node_js: - - lts/* - install: - - npm i -g eclint - script: - - eclint check - - - stage: Test - name: Doc Toc Check - language: node_js - node_js: - - lts/* - install: npm i -g doctoc - script: - - cp README.md README.md.tmp && - doctoc --title='## Table of Contents' --github README.md && - diff -q README.md README.md.tmp - - - stage: Test - name: shfmt check - script: - - docker run -it --rm -v "$(pwd)":/sh -w /sh peterdavehello/shfmt:2.6.3 shfmt -sr -i 2 -l -w -ci . - - git diff --color - - git diff --stat=220 --color --exit-code - - - stage: Test - name: Shell Check - script: shellcheck *.sh - - - stage: Test - name: .travis.yml and travis.yml.template consistency - script: - - ./update.sh -t - - git diff --stat --exit-code .travis.yml - - - stage: Deploy - before_script: - - | - if ! git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "Dockerfile$"; then - if git diff --name-only "$TRAVIS_COMMIT_RANGE" -- | grep -Eq "^generate-stackbrew-library.sh$"; then - if ! git diff "$TRAVIS_COMMIT_RANGE" -- generate-stackbrew-library.sh | grep -Eq '^[-+]array_[0-9]'; then - echo "Skip deployment as none of the Dockerfiles and version tag array in generate-stackbrew-library.sh has been changed." - exit - fi - else - echo "Skip deployment as none of the Dockerfiles and generate-stackbrew-library.sh has been changed." - exit - fi - fi - script: - - ./generate-stackbrew-pr.sh "$TRAVIS_COMMIT_RANGE" - - # Docker Build # diff --git a/update-keys.sh b/update-keys.sh new file mode 100755 index 0000000000..b6fec15418 --- /dev/null +++ b/update-keys.sh @@ -0,0 +1,3 @@ +#!/bin/sh -ex + +curl -fsSLo- --compressed https://github.com/nodejs/node/raw/main/README.md | awk '/--recv-keys.*#/{ gsub(/^.*--recv-keys\s+/,"");gsub(/\s+#.*$/,""); print }' > keys/node.keys diff --git a/update.sh b/update.sh index c10f685e0a..278ed8063f 100755 --- a/update.sh +++ b/update.sh @@ -1,4 +1,5 @@ -#!/bin/bash +#!/usr/bin/env bash + set -ue function usage() { @@ -10,33 +11,25 @@ function usage() { $0 [-s] [MAJOR_VERSION(S)] [VARIANT(S)] Examples: - - update.sh # Update all images - - update.sh -s # Update all images, skip updating Alpine and Yarn - - update.sh 8,10 # Update version 8 and 10 and variants (default, slim, alpine etc.) - - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn - - update.sh 8 slim,stretch # Update only slim and stretch variants for version 8 - - update.sh -s 8 slim,stretch # Update only slim and stretch variants for version 8, skip updating Alpine and Yarn - - update.sh . alpine # Update the alpine variant for all versions - - update.sh -t # Update .travis.yml only + - update.sh # Update all images + - update.sh -s # Update all images, skip updating Alpine if the musl build is unavailable + - update.sh 22,24 # Update all variants of version 22 and 24 + - update.sh -s 24 # Update all variants of version 24, except skip updating Alpine if the musl build is unavailable + - update.sh 24 alpine3.22,alpine3.23 # Update only alpine3.22 & alpine3.23 variants for version 24 + - update.sh . trixie,trixie-slim # Update only trixie & trixie-slim Debian variants for all versions OPTIONS: - -s Security update; skip updating the yarn and alpine versions. - -t Travis CI config update only + -s Security update; allows Debian updates even if musl build for Alpine is unavailable -h Show this message EOF } -SKIP=false -TRAVIS_CI_ONLY=false -while getopts "sth" opt; do +SKIP_ALPINE=false +while getopts "sh" opt; do case "${opt}" in s) - SKIP=true - shift - ;; - t) - TRAVIS_CI_ONLY=true + SKIP_ALPINE=true shift ;; h) @@ -65,16 +58,11 @@ if [ ${#versions[@]} -eq 0 ]; then fi # Global variables -# Get architecure and use this as target architecture for docker image +# Get architecture and use this as target architecture for docker image # See details in function.sh # TODO: Should be able to specify target architecture manually arch=$(get_arch) -if [ "${SKIP}" != true ]; then - alpine_version=$(get_config "./" "alpine_version") - yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)" -fi - function in_versions_to_update() { local version=$1 @@ -127,56 +115,56 @@ function update_node_version() { shift fi - fullVersion="$(curl -sSL --compressed "${baseuri}" | grep ' /dev/null; then @@ -185,29 +173,19 @@ function update_node_version() { echo "${dockerfile} updated!" fi - mv -f "${dockerfile}-tmp" "${dockerfile}" - ) -} - -function add_stage() { - local baseuri=${1} - shift - local version=${1} - shift - local variant=${1} - shift + # Required for POSIX sed + if [ -f "${dockerfile}-tmp-e" ]; then + rm "${dockerfile}-tmp-e" + fi - echo ' - - stage: Build - before_script: *auto_skip - name: '"${version}"' on '"${variant}"' - env: - - NODE_VERSION="'"${version}"'" - - VARIANT="'"${variant}"'"' >> .travis.yml + # Guard the move because Alpine sometimes will be missing + if [ -f "${dockerfile}-tmp" ]; then + mv -f "${dockerfile}-tmp" "${dockerfile}" + fi + ) } -echo '# DO NOT MODIFY. THIS FILE IS AUTOGENERATED # -' | cat - travis.yml.template > .travis.yml +pids=() for version in "${versions[@]}"; do parentpath=$(dirname "${version}") @@ -215,26 +193,22 @@ for version in "${versions[@]}"; do baseuri=$(get_config "${parentpath}" "baseuri") update_version=$(in_versions_to_update "${version}") - [ "${update_version}" -eq 0 ] && [ true != "$TRAVIS_CI_ONLY" ] && info "Updating version ${version}..." + [ "${update_version}" -eq 0 ] && info "Updating version ${version}..." # Get supported variants according the target architecture # See details in function.sh IFS=' ' read -ra variants <<< "$(get_variants "${parentpath}")" if [ -f "${version}/Dockerfile" ]; then - add_stage "${baseuri}" "${version}" "default" - [ true = "$TRAVIS_CI_ONLY" ] && continue - if [ "${update_version}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${parentpath}/Dockerfile.template" "${version}/Dockerfile" & + pids+=($!) fi fi for variant in "${variants[@]}"; do # Skip non-docker directories [ -f "${version}/${variant}/Dockerfile" ] || continue - add_stage "${baseuri}" "${version}" "${variant}" - [ true = "$TRAVIS_CI_ONLY" ] && continue update_variant=$(in_variants_to_update "${variant}") template_file="${parentpath}/Dockerfile-${variant}.template" @@ -243,14 +217,22 @@ for version in "${versions[@]}"; do template_file="${parentpath}/Dockerfile-debian.template" elif is_debian_slim "${variant}"; then template_file="${parentpath}/Dockerfile-slim.template" + elif is_alpine "${variant}"; then + template_file="${parentpath}/Dockerfile-alpine.template" fi - [ "$variant" != "onbuild" ] && cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" + cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" if [ "${update_version}" -eq 0 ] && [ "${update_variant}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${template_file}" "${version}/${variant}/Dockerfile" "${variant}" & + pids+=($!) fi done done -wait +# The reason we explicitly wait on each pid is so the return status of this script is set properly +# if one of the jobs fails. If we just called "wait", the exit status would always be 0 +for pid in "${pids[@]}"; do + wait "$pid" +done + info "Done!" diff --git a/versions.json b/versions.json new file mode 100644 index 0000000000..2b820f58fc --- /dev/null +++ b/versions.json @@ -0,0 +1,232 @@ +{ + "25": { + "start": "2025-10-15", + "lts": "", + "maintenance": "2026-04-01", + "end": "2026-06-01", + "codename": "", + "alpine-default": "alpine3.23", + "debian-default": "bookworm", + "variants": { + "alpine3.22": [ + "amd64", + "arm64v8", + "s390x" + ], + "alpine3.23": [ + "amd64", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + }, + "24": { + "start": "2025-05-06", + "lts": "2025-10-28", + "maintenance": "2026-10-20", + "end": "2028-04-30", + "codename": "krypton", + "alpine-default": "alpine3.23", + "debian-default": "bookworm", + "variants": { + "alpine3.22": [ + "amd64", + "arm64v8", + "s390x" + ], + "alpine3.23": [ + "amd64", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + }, + "22": { + "start": "2024-04-23", + "lts": "2024-10-29", + "maintenance": "2025-10-21", + "end": "2027-04-30", + "codename": "jod", + "alpine-default": "alpine3.23", + "debian-default": "bookworm", + "variants": { + "alpine3.22": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "alpine3.23": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "s390x" + ], + "bookworm": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + }, + "20": { + "start": "2023-04-18", + "lts": "2023-10-24", + "maintenance": "2024-10-22", + "end": "2026-04-30", + "codename": "iron", + "alpine-default": "alpine3.23", + "debian-default": "bookworm", + "variants": { + "alpine3.22": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "alpine3.23": [ + "amd64", + "arm32v6", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bookworm-slim": [ + "amd64", + "arm32v7", + "arm64v8", + "ppc64le", + "s390x" + ], + "bullseye": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "bullseye-slim": [ + "amd64", + "arm32v7", + "arm64v8" + ], + "trixie": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ], + "trixie-slim": [ + "amd64", + "arm64v8", + "ppc64le", + "s390x" + ] + } + } +}