v1.2.0+node24.14.1 — Node.js 24.14.1 and CI Overhaul
Runtime Node v1.2.0+node24.14.1
Secure, Distroless, Multi-Arch Node.js Runtime. Built from Scratch.
This is the second minor release on the Node.js 24 maintenance line. The Node.js runtime is upgraded from 24.14.0 to 24.14.1. This release also brings the full CI improvements from the v2.x maintenance line to the Node.js 24 line: GitHub Deployment tracking for release and promotion runs, manual promotion tag normalization, removal of the GHA cache export from the release build step, and a restructured PR test workflow backed by a pushed Docker Hub test image.
Pull the Image
# Docker Hub — versioned (recommended for production)
docker pull runtimenode/runtime-node:v1.2.0-node24.14.1
# GitHub Container Registry — versioned (recommended for production)
docker pull ghcr.io/runtimes-node/runtime-node:v1.2.0-node24.14.1Note: Docker registries normalize
+to-in tag names. The canonical version tag isv1.2.0+node24.14.1— the registry tag isv1.2.0-node24.14.1.
What's Included
| Component | Detail |
|---|---|
| Base | FROM scratch — no OS, no shell |
| Node.js Version | 24.14.1 (from node:24.14.1-alpine3.23) |
NODE_ENV |
production (baked in) |
TZ |
UTC (baked in) |
| Timezone Database | IANA tzdata (/usr/share/zoneinfo) |
| CA Certificates | Included (/etc/ssl/certs/) |
| DNS Resolution | nsswitch.conf included |
| Runtime Libraries | ld-musl, libstdc++, libgcc_s |
/tmp |
Writable, sticky-bit 1777 |
| Shell | None |
| Package Manager | None |
| Vulnerabilities | 0 known |
| Architectures | linux/amd64, linux/arm64 |
| Provenance & SBOM | Attached to this release |
What's New
- Updated
FROM node:24.14.0-alpine3.23 AS buildertoFROM node:24.14.1-alpine3.23 AS builderin theDockerfilebuilder stage, upgrading the Node.js runtime extracted into the final scratch image from24.14.0to24.14.1. - Added
deployments: writeto.github/workflows/deployment.ymland integratedchrnorm/deployment-action@v2withchrnorm/deployment-status@v2so thebuild-and-publishjob creates and tracks aproductionGitHub Deployment and thepromote-floatingjob creates and tracks apromotiondeployment, with both resolving tosuccessorfailureat completion. - Added four tag normalization steps to the
promote-floatingjob (Normalize tag (match tag),Extract normalized tag only,Normalize promote name (floating tag),Extract normalized promote tag) that route bothworkflow_dispatchinputs throughdocker/metadata-action@v5before any registry operation, replacing all direct raw-input references in validation, promotion, and verification steps with the normalized outputs. - Removed
cache-to: type=gha,mode=maxfrom theBuild and push (multi-registry, multi-platform)step in.github/workflows/deployment.ymlso release runs no longer export a GitHub Actions cache layer. - Restructured
.github/workflows/pr-tests.ymlby replacing the singlebuild-and-testjob with separatebuild-imageandtest-imagejobs. The PR image flow changes from a local-only image (push: false,load: true,runtime-node:pr-N) to a pushed Docker Hub image (push: true,runtimenode/test:pr-N) that the matrix test job pulls per platform. Both jobs now authenticate to Docker Hub, QEMU setup intest-imageis restricted to non-linux/amd64runs, and the integrity assertions are simplified to direct shell checks.
Maintenance Line
This tag is published on the maintenance/v1+node24 branch. The v1.x.x+node24.x.x line receives minor and patch updates only — no major Node.js version changes will be made on this branch.
Versioning
Tags follow the pattern v<image_semver>+node<node_version>. The latest tag tracks the most recent stable release on main and is not updated by maintenance releases.
Immutable Tag
This tag is immutable. Once published, v1.2.0+node24.14.1 will never be moved or overwritten on either registry.