docker-node
docker-node copied to clipboard
nodejs
ci(update): port update.sh to nodejs
Ported the update.sh script to nodejs. Changes:
- With no additional arguments, the script only updates Dockerfiles when there is a new node version for that major version
-
-aor--allcauses all Dockerfiles to be regenerated from the template.
updateLib.js can be used in the auto-pr cronjob to also get what Dockerfiles changed. By default, it will only update a Dockerfile when node updates, so it would work well in an cronjob action.
Refs: https://github.com/nodejs/docker-node/pull/1314
diff ./update.js -a
diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile
index ebad2ff..fd521bd 100644
--- a/10/alpine3.10/Dockerfile
+++ b/10/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile
index b6472e4..8d5c7e0 100644
--- a/10/alpine3.11/Dockerfile
+++ b/10/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile
index 8cdfc97..50f92f2 100644
--- a/10/alpine3.9/Dockerfile
+++ b/10/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile
index 3dfe42d..64c0d2e 100644
--- a/10/buster-slim/Dockerfile
+++ b/10/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile
index 8ac9c75..8d978ad 100644
--- a/10/buster/Dockerfile
+++ b/10/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& for key in \
diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile
index 1a1d203..a13923c 100644
--- a/10/stretch-slim/Dockerfile
+++ b/10/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile
index 53d43a2..a7b265f 100644
--- a/10/stretch/Dockerfile
+++ b/10/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& for key in \
diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile
index e5a1b79..317ddee 100644
--- a/12/alpine3.10/Dockerfile
+++ b/12/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile
index 8007796..5bc0d8e 100644
--- a/12/alpine3.11/Dockerfile
+++ b/12/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile
index f56baf3..25cbf6b 100644
--- a/12/alpine3.12/Dockerfile
+++ b/12/alpine3.12/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile
index 2bad543..8a23b43 100644
--- a/12/alpine3.9/Dockerfile
+++ b/12/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile
index 5cd732b..04437e9 100644
--- a/12/buster-slim/Dockerfile
+++ b/12/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile
index 90a94be..88027f4 100644
--- a/12/buster/Dockerfile
+++ b/12/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile
index 2e2fe2c..d3d722e 100644
--- a/12/stretch-slim/Dockerfile
+++ b/12/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile
index e0d9bdc..0384ed2 100644
--- a/12/stretch/Dockerfile
+++ b/12/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
cat: .: Is a directory
travis@coniscale:~/docker-node$ ^C
travis@coniscale:~/docker-node$ cat out.txt
diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile
index ebad2ff..fd521bd 100644
--- a/10/alpine3.10/Dockerfile
+++ b/10/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile
index b6472e4..8d5c7e0 100644
--- a/10/alpine3.11/Dockerfile
+++ b/10/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile
index 8cdfc97..50f92f2 100644
--- a/10/alpine3.9/Dockerfile
+++ b/10/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
&& for key in \
diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile
index 3dfe42d..64c0d2e 100644
--- a/10/buster-slim/Dockerfile
+++ b/10/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile
index 8ac9c75..8d978ad 100644
--- a/10/buster/Dockerfile
+++ b/10/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& for key in \
diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile
index 1a1d203..a13923c 100644
--- a/10/stretch-slim/Dockerfile
+++ b/10/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile
index 53d43a2..a7b265f 100644
--- a/10/stretch/Dockerfile
+++ b/10/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& node --version \
&& npm --version
-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5
RUN set -ex \
&& for key in \
diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile
index e5a1b79..317ddee 100644
--- a/12/alpine3.10/Dockerfile
+++ b/12/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile
index 8007796..5bc0d8e 100644
--- a/12/alpine3.11/Dockerfile
+++ b/12/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile
index f56baf3..25cbf6b 100644
--- a/12/alpine3.12/Dockerfile
+++ b/12/alpine3.12/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile
index 2bad543..8a23b43 100644
--- a/12/alpine3.9/Dockerfile
+++ b/12/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile
index 5cd732b..04437e9 100644
--- a/12/buster-slim/Dockerfile
+++ b/12/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile
index 90a94be..88027f4 100644
--- a/12/buster/Dockerfile
+++ b/12/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile
index 2e2fe2c..d3d722e 100644
--- a/12/stretch-slim/Dockerfile
+++ b/12/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile
index e0d9bdc..0384ed2 100644
--- a/12/stretch/Dockerfile
+++ b/12/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
&& for key in \
4ED778F539E3634C779C87C6D7062848A1AB005C \
94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+ 1C050899334244A8AF75E53792EF661D867B9DFA \
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
Maybe I missed it, but I'm not seeing the a way to do the old
-ssecurity updates where only the Node version gets updated
I didn't implement that (yet). I could add that if desired. I just have it regenerate the entire template when the node version changes by default (no args). Is there a case where you would only want to update the node version and not also update the yarn version and keys?
Are there other situations like that where I should add more customization. For example, I didn't port the logic to specify certain versions or variants to only update. Should I also add this back in?
Let's also add some basic linter for it as we did for shell scripts before!?
One option is https://github.com/github/super-linter
Is there a case where you would only want to update the node version and not also update the yarn version and keys?
Probably not keys, but security releases should not update yarn (the -s stands for security) - we want the bar to upgrade to those be as low as possible
One option is https://github.com/github/super-linter
Haven't used it before, but I think this is one repo were it actually makes sense 😄 because we don't pin/track versions of those tools It would also replace a few of our other jobs (eclint, markdownlint, maybe shellfmt), but I think that could be a separate PR from this
Is there a case where you would only want to update the node version and not also update the yarn version and keys?
Probably not
keys, but security releases should not updateyarn(the-sstands forsecurity) - we want the bar to upgrade to those be as low as possible
Okay, just so I understand: There should be an -s option that only updates node versions and the node keys (not yarn keys).
Should that be the default behavior? To only update the node version, and if there is a node version update, only update the node keys.
I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the -s process documented in the release instructions for security releases.
I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the
-sprocess documented in the release instructions for security releases.
At the moment, it appears that the only thing the -s flag does it make it use the yarn version currently present in the file. It will still regenerates the entire file from the template with the new keys for both npm and yarn.
https://github.com/nodejs/docker-node/blob/0e872097bd07fc798e762a5bfd1e2dfad90e81b2/update.sh#L68-L71 https://github.com/nodejs/docker-node/blob/0e872097bd07fc798e762a5bfd1e2dfad90e81b2/update.sh#L138-L142
Note, setting the alpine_version in the first snippet looks like it does nothing because alpine_version is later set at:
https://github.com/nodejs/docker-node/blob/0e872097bd07fc798e762a5bfd1e2dfad90e81b2/update.sh#L158
So, it appears that the current behavior of the -s flag may not be what is wanted. Is the desired behavior that if the -s flag is specified, only the node version is updated? This would be the easiest to code. Is the desired behavior also to update the node keys? That would take a bit more work.
Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release
Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release
That does make sense. I am trying to think of the best way to handle that. Currently, my script takes the same approach as update.sh and regenerates the Dockerfile every time from the template. If I were to just support updating the node version and node keys, I would need to somehow get the yarn version and yarn keys used to generate the old/current Dockerfile. I could parse these from the current Dockerfile. Another option might be storing some metadata (perhaps in a json) in some file about the keys and versions used to generate the current version of the Dockerfile.
Any advice or other strategies?
Another option might be storing some metadata (perhaps in a json)
We've actually started doing that in a few repos in https://github.com/docker-library like https://github.com/docker-library/php/pull/1052 and it's been super helpful. (You definitely don't have to use our unique templating format). It has been helpful for us to split updating the json file (versions.sh) from applying that metadata to the Dockerfiles (apply-templates.sh). Parsing json is much easier that trying to parse a Dockerfile for the current/previous version of something :wink:.
Coming back around to work on this. I think I'm going to try out the json metadata approach that yousifkit mentioned.
I know my current scripts lacked a security only mode, so I'm going to add that. I am trying to see if there is a good way to see if a given nodejs update is a security release or not.
So far, I think I might be able to look on the github nodejs page and see if the release has the text This is a security release.
Examples:
- https://github.com/nodejs/node/releases/tag/v12.18.4
- https://github.com/nodejs/node/releases/tag/v10.22.1
I don't see a good way of determining if a yarn release is a security update or not.
yarn v1 version (which is what we ship) will never change, so we can drop the -s flag entirely if it complicates things