Skip to content
This repository was archived by the owner on Jul 18, 2025. It is now read-only.

Re-pin Docker base image in Dockerfile #288

Merged
merged 1 commit into from
Jun 6, 2022
Merged

Re-pin Docker base image in Dockerfile #288

merged 1 commit into from
Jun 6, 2022

Conversation

@atomist
Copy link
Contributor

@atomist atomist bot commented Jun 6, 2022
edited
Loading

This pull request re-pins the Docker base image node:lts in Dockerfile to the current digest.

https://github.com/atomist-skills/npm-build-skill/blob/eb9fe8293234541e88498ea534ffd25b4888f5b1/Dockerfile#L2-L2

Digest sha256:6de7f80669b9141eb258d7198de679419efd523aaf2195a43e2f869e22b494f1 references a multi-CPU architecture image manifest. This image supports the following architectures:

Changelog for node:lts

Commit

New image build caused by commit docker-library/official-images@2ccfa7f to library/node:

Node: feat: Node.js 16.15.1, 17.9.1, and 18.3.0

Comparison

Comparing Docker image node:lts at digests

Current sha256:59eb4e9d6a344ae1161e7d6d8af831cb50713cc631889a5a8c2d438d6ec6aa0f (866mb) and
Proposed sha256:6de7f80669b9141eb258d7198de679419efd523aaf2195a43e2f869e22b494f1 (867mb):

Packages

The following package differences were detected:

Name Current Proposed Type
npm 8.5.5 8.11.0 Node

Files

The following file modifications were detected:

Name Current Proposed Diff
/opt/yarn-v1.22.18 - -5.1mb
/opt/yarn-v1.22.18/LICENSE - -1.3kb
/opt/yarn-v1.22.18/README.md - -3.3kb
/opt/yarn-v1.22.18/bin - -2.1kb
/opt/yarn-v1.22.18/bin/yarn - -1.0kb
/opt/yarn-v1.22.18/bin/yarn.cmd - -34b
/opt/yarn-v1.22.18/bin/yarn.js - -1015b
/opt/yarn-v1.22.18/bin/yarnpkg - -42b
/opt/yarn-v1.22.18/bin/yarnpkg.cmd - -30b
/opt/yarn-v1.22.18/lib - -5.1mb
/opt/yarn-v1.22.18/lib/cli.js - -5.1mb
/opt/yarn-v1.22.18/lib/v8-compile-cache.js - -9.7kb
/opt/yarn-v1.22.18/package.json - -634b
/opt/yarn-v1.22.18/preinstall.js - -2.3kb
/opt/yarn-v1.22.19 + 5.1mb
/opt/yarn-v1.22.19/LICENSE + 1.3kb
/opt/yarn-v1.22.19/README.md + 3.3kb
/opt/yarn-v1.22.19/bin + 2.1kb
/opt/yarn-v1.22.19/bin/yarn + 1.0kb
/opt/yarn-v1.22.19/bin/yarn.cmd + 34b
/opt/yarn-v1.22.19/bin/yarn.js + 1015b
/opt/yarn-v1.22.19/bin/yarnpkg + 42b
/opt/yarn-v1.22.19/bin/yarnpkg.cmd + 30b
/opt/yarn-v1.22.19/lib + 5.1mb
/opt/yarn-v1.22.19/lib/cli.js + 5.1mb
/opt/yarn-v1.22.19/lib/v8-compile-cache.js + 9.7kb
/opt/yarn-v1.22.19/package.json + 634b
/opt/yarn-v1.22.19/preinstall.js + 2.3kb
/root/.gnupg/pubring.kbx 44kb 49kb 4.4kb
/root/.gnupg/pubring.kbx~ 34kb 38kb 4.4kb
/root/.gnupg/random_seed 600b 600b 0b
/root/.gnupg/trustdb.gpg 1.2kb 1.2kb 0b
/root/.npm/_logs/2022-05-28T05_52_31_779Z-debug-0.log - -1.4kb
/root/.npm/_logs/2022-06-06T19_28_16_150Z-debug-0.log + 1.6kb
/tmp/v8-compile-cache-0/9.4.146.24-node.20 - -2.1mb
/tmp/v8-compile-cache-0/9.4.146.24-node.20/zSoptzSyarn-v1.22.18zSbinzSyarn.js.BLOB - -2.1mb
/tmp/v8-compile-cache-0/9.4.146.24-node.20/zSoptzSyarn-v1.22.18zSbinzSyarn.js.MAP - -88b
/tmp/v8-compile-cache-0/9.4.146.24-node.21 + 2.1mb
/tmp/v8-compile-cache-0/9.4.146.24-node.21/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB + 2.1mb
/tmp/v8-compile-cache-0/9.4.146.24-node.21/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP + 88b
/usr/local/CHANGELOG.md 466kb 469kb 3.2kb
/usr/local/README.md 33kb 33kb 373b
/usr/local/bin/node 77mb 77mb -96b
/usr/local/bin/yarn 27b 27b 0b
/usr/local/bin/yarnpkg 30b 30b 0b
/usr/local/include/node/common.gypi 21kb 21kb 0b
/usr/local/include/node/config.gypi 23kb 23kb 0b
/usr/local/include/node/node_version.h 3.7kb 3.7kb 0b
/usr/local/include/node/openssl/archs (65 files changed) 110kb 110kb 0b
/usr/local/include/node/openssl/opensslv.h 4.0kb 4.0kb 0b
/usr/local/lib/node_modules/npm/README.md 4.1kb 4.3kb 182b
/usr/local/lib/node_modules/npm/bin/npx 1.5kb 1.5kb 60b
/usr/local/lib/node_modules/npm/docs (77 files changed) 846kb 877kb 31kb
/usr/local/lib/node_modules/npm/lib (79 files changed) 345kb 341kb -4.1kb
/usr/local/lib/node_modules/npm/man (80 files changed) 446kb 459kb 13kb
/usr/local/lib/node_modules/npm/node_modules (333 files changed) 1.2mb 1.7mb 438kb
/usr/local/lib/node_modules/npm/package.json 6.3kb 6.0kb -402b
/usr/local/lib/node_modules/npm/tap-snapshots - -61kb

History

The following differences in docker history were detected:

 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends 		git 		mercurial 		openssh-client 		subversion 				procps 	&& rm -rf /var/lib/apt/lists/*
 /bin/sh -c set -ex; 	apt-get update; 	apt-get install -y --no-install-recommends 		autoconf 		automake 		bzip2 		dpkg-dev 		file 		g++ 		gcc 		imagemagick 		libbz2-dev 		libc6-dev 		libcurl4-openssl-dev 		libdb-dev 		libevent-dev 		libffi-dev 		libgdbm-dev 		libglib2.0-dev 		libgmp-dev 		libjpeg-dev 		libkrb5-dev 		liblzma-dev 		libmagickcore-dev 		libmagickwand-dev 		libmaxminddb-dev 		libncurses5-dev 		libncursesw5-dev 		libpng-dev 		libpq-dev 		libreadline-dev 		libsqlite3-dev 		libssl-dev 		libtool 		libwebp-dev 		libxml2-dev 		libxslt-dev 		libyaml-dev 		make 		patch 		unzip 		xz-utils 		zlib1g-dev 				$( 			if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then 				echo 'default-libmysqlclient-dev'; 			else 				echo 'libmysqlclient-dev'; 			fi 		) 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c groupadd --gid 1000 node   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
-/bin/sh -c #(nop)  ENV NODE_VERSION=16.15.0
-/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     74F12602B6F1C4E913FAA37AD3A89613643B6201     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     A48C2BEE680E841632CD4E44F07496B3EB3C1762     108F52B48DB57BB0CC439B2997B01419BD92F80A     B9E2F5981AA6E0CD28160D9FF13993A75599653C   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
-/bin/sh -c #(nop)  ENV YARN_VERSION=1.22.18
+/bin/sh -c #(nop)  ENV NODE_VERSION=16.15.1
+/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     94AE36675C464D64BAFA68DD7434390BDBE9B9C5     74F12602B6F1C4E913FAA37AD3A89613643B6201     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     DD8F2338BAE7501E3DD5AC78C273792F7D83545D     A48C2BEE680E841632CD4E44F07496B3EB3C1762     108F52B48DB57BB0CC439B2997B01419BD92F80A     B9E2F5981AA6E0CD28160D9FF13993A75599653C   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
+/bin/sh -c #(nop)  ENV YARN_VERSION=1.22.19
 /bin/sh -c set -ex   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
 /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/
 /bin/sh -c #(nop)  ENTRYPOINT ["docker-entrypoint.sh"]

Ports

No different exposed ports detected

Environment Variables

The following different environment variables were detected:

-NODE_VERSION 16.15.0
+NODE_VERSION 16.15.1
-YARN_VERSION 1.22.18
+YARN_VERSION 1.22.19

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

@atomist-bot
Re-pin Docker image node:lts
eb9fe82 
node:lts@sha256:59eb4e9d6a344ae1161e7d6d8af831cb50713cc631889a5a8c2d438d6ec6aa0f
->
node:lts@sha256:6de7f80669b9141eb258d7198de679419efd523aaf2195a43e2f869e22b494f1

 [atomist:generated]
 [atomist-skill:atomist/docker-base-image-policy]

Signed-off-by: Atomist Bot <bot@atomist.com>
@atomist atomist bot added the auto-merge:on-check-success Auto-merge on passed checks label Jun 6, 2022
@atomist atomist bot merged commit e2b1f7a into main Jun 6, 2022
@atomist atomist bot added the auto-merge-method:merge Auto-merge with merge commit label Jun 6, 2022
@atomist
Copy link
Contributor Author

atomist bot commented Jun 6, 2022

Pull request auto merged:

  • No reviews
  • 1 successful check

@atomist atomist bot added auto-branch-delete:on-close Delete branch when pull request gets closed and removed auto-merge-method:merge Auto-merge with merge commit auto-branch-delete:on-close Delete branch when pull request gets closed labels Jun 6, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

auto-merge:on-check-success Auto-merge on passed checks

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@atomist-bot