Skip to content

v2.2.0+node25.9.0 — Node.js 25.9.0 and CI Workflow Updates

Choose a tag to compare

View all tags
@Amnoor Amnoor released this 04 Apr 12:42
Immutable release. Only release title and notes can be modified.
v2.2.0+node25.9.0
37c8311
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Runtime Node v2.2.0+node25.9.0

Secure, Distroless, Multi-Arch Node.js Runtime. Built from Scratch.

This is the second minor release on the Node.js 25 maintenance line. The Node.js runtime is upgraded from 25.8.2 to 25.9.0. This release also moves PR image testing from Docker Hub-pushed images to OCI artifact handoff, updates docker/build-push-action to v7 in both workflows, enables signed mode=max provenance and SBOM attestations in the release workflow, and refreshes documentation examples and CI/CD tooling references to match the current release state.

Pull the Image

# Docker Hub — versioned (recommended for production)
docker pull runtimenode/runtime-node:v2.2.0-node25.9.0

# GitHub Container Registry — versioned (recommended for production)
docker pull ghcr.io/runtimes-node/runtime-node:v2.2.0-node25.9.0

Note: Docker registries normalize + to - in tag names. The canonical version tag is v2.2.0+node25.9.0 — the registry tag is v2.2.0-node25.9.0.

What's Included

Component Detail
Base FROM scratch — no OS, no shell
Node.js Version 25.9.0 (from node:25.9.0-alpine3.23)
NODE_ENV production (baked in)
TZ UTC (baked in)
Timezone Database IANA tzdata (/usr/share/zoneinfo)
CA Certificates Included (/etc/ssl/certs/)
DNS Resolution nsswitch.conf included
Runtime Libraries ld-musl, libstdc++, libgcc_s
/tmp Writable, sticky-bit 1777
Shell None
Package Manager None
Architectures linux/amd64, linux/arm64
Provenance & SBOM Attached to this release

What's New

  • Updated FROM node:25.8.2-alpine3.23 AS builder to FROM node:25.9.0-alpine3.23 AS builder in Dockerfile, upgrading the Node.js runtime bundled into the final scratch image from 25.8.2 to 25.9.0.
  • Updated .github/workflows/pr-tests.yml to stop pushing PR images to Docker Hub by changing the Build Image step from push: true to push: false with outputs: type=oci,dest=image.tar, and added Upload Docker Image Artifact, Download Docker Image Artifact, Extract single-arch image with Skopeo, and artifact-clean-up to hand the image between jobs as an OCI artifact.
  • Updated .github/workflows/pr-tests.yml from uses: docker/build-push-action@v6 to uses: docker/build-push-action@v7 in the Build Image step, and updated .github/workflows/deployment.yml from uses: docker/build-push-action@v5 to uses: docker/build-push-action@v7 in the Build and push (multi-registry, multi-platform) step.
  • Added id-token: write to the top-level permissions: block in .github/workflows/deployment.yml and replaced provenance: true and sbom: true with attests: entries type=provenance,mode=max and type=sbom,mode=max in the Build and push (multi-registry, multi-platform) step.
  • Updated the Node.js Version Bumps example in CONTRIBUTING.md from node:25.8.2-alpine3.23 to node:25.9.0-alpine3.23, updated the Versioning and Tags example in README.md from v2.1.3+node25.8.2 to v2.2.0+node25.9.0, and added actions/upload-artifact, actions/download-artifact, geekyeggo/delete-artifact, chrnorm/deployment-action, and chrnorm/deployment-status to the CI/CD & Build Tooling section of README.md.

Maintenance Line

This tag is published on the maintenance/v2+node25 branch. The v2.x.x+node25.x.x line receives minor and patch updates only — no major Node.js version changes will be made on this branch.

Versioning

Tags follow the pattern v<image_semver>+node<node_version>. GitHub marks this release as the latest published release as of April 4, 2026.

Immutable Tag

This tag is immutable. Once published, v2.2.0+node25.9.0 will never be moved or overwritten on either registry.

Full Changelog

v2.1.6+node25.8.2...v2.2.0+node25.9.0

Assets 3
Loading
0 Join discussion