Re-pin Docker base image in Dockerfile #255

atomist · 2023-10-19T10:24:29Z

This pull request re-pins the Docker base image node:lts in Dockerfile to the current digest.

    
           FROM node:lts@sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c AS build

Digest sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c references a multi-CPU architecture image manifest. This image supports the following architectures:

sha256:96065975e8272a0df6b1ed456ade8185519a7fb5b7076e16dbf9fa9eae3d3dd7 linux/s390x

Changelog for node:lts

Commit

New image build caused by commit docker-library/official-images@0edd1eb to library/node:

Node: feat: Nodejs 20 LTS Iron codename

Comparison

Comparing Docker image node:lts at digests

Current sha256:d764525456dfe2f96a436ba00f864ee8ae3690bfb457c9f12a3a2a35b2d8be41 (963mb) and
Proposed sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c (968mb):

Packages

The following package differences were detected:

Name	Current	Proposed	Type
`corepack`	`0.19.0`	`0.20.0`	Node
`libssl-dev`	`3.0.11-1~deb12u1`	`3.0.11-1~deb12u2`	Apt
`libssl3`	`3.0.11-1~deb12u1`	`3.0.11-1~deb12u2`	Apt
`npm`	`9.8.1`	`10.1.0`	Node
`openssl`	`3.0.11-1~deb12u1`	`3.0.11-1~deb12u2`	Apt

Files

The following file modifications were detected:

Name	Current	Proposed	Diff
`/etc/apt/sources.list.d/debian.sources`	`443b`	`443b`	`0b`
`/etc/shadow`	`500b`	`500b`	`0b`
`/etc/shadow-`	`474b`	`474b`	`0b`
`/root/.gnupg`		`-`	`-80kb`
`/root/.gnupg/crls.d`		`-`	`-5b`
`/root/.gnupg/crls.d/DIR.txt`		`-`	`-5b`
`/root/.gnupg/private-keys-v1.d`		`+`	`0b`
`/root/.gnupg/pubring.kbx`		`-`	`-45kb`
`/root/.gnupg/pubring.kbx~`		`-`	`-34kb`
`/root/.gnupg/random_seed`		`-`	`-600b`
`/root/.gnupg/trustdb.gpg`		`-`	`-1.2kb`
`/root/.npm/_logs/2023-10-16T19_25_01_005Z-debug-0.log`		`-`	`-1.5kb`
`/root/.npm/_logs/2023-11-01T03_16_55_416Z-debug-0.log`		`+`	`1.5kb`
`/tmp/v8-compile-cache-0/10.2.154.26-node.26`		`-`	`-2.1mb`
`/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB`		`-`	`-2.1mb`
`/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP`		`-`	`-88b`
`/tmp/v8-compile-cache-0/11.3.244.8-node.16`		`+`	`2.1mb`
`/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB`		`+`	`2.1mb`
`/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP`		`+`	`88b`
`/usr/lib/s390x-linux-gnu/libcrypto.a`	`8.3mb`	`8.3mb`	`688b`
`/usr/lib/s390x-linux-gnu/libcrypto.so.3`	`4.2mb`	`4.2mb`	`0b`
`/usr/local/CHANGELOG.md`	`596kb`	`254kb`	`-341kb`
`/usr/local/LICENSE`	`113kb`	`113kb`	`20b`
`/usr/local/README.md`	`36kb`	`37kb`	`363b`
`/usr/local/bin/node`	`90mb`	`95mb`	`4.3mb`
`/usr/local/include/node` (91 files changed)	`772kb`	`1.1mb`	`332kb`
`/usr/local/lib/node_modules` (537 files changed)	`4.1mb`	`8.9mb`	`4.8mb`
`/usr/local/share/doc/node/gdbinit`	`6.9kb`	`8.7kb`	`1.7kb`
`/usr/local/share/man/man1/node.1`	`23kb`	`23kb`	`491b`
`/usr/local/share/systemtap`		`-`	`-10kb`
`/usr/share/doc/libssl-dev/changelog.Debian.gz`	`3.8kb`	`3.9kb`	`54b`
`/usr/share/doc/libssl3/changelog.Debian.gz`	`3.8kb`	`3.9kb`	`54b`
`/usr/share/doc/openssl/changelog.Debian.gz`	`3.8kb`	`3.9kb`	`54b`
`/usr/share/man/man1` (60 files changed)	`318kb`	`318kb`	`-78b`
`/usr/share/man/man5` (3 files changed)	`21kb`	`21kb`	`-3b`
`/usr/share/man/man7` (126 files changed)	`463kb`	`462kb`	`-188b`
`/var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-be64.cache-8`	`144b`	`144b`	`0b`
`/var/cache/fontconfig/4c599c202bc5c08e2d34565a40eac3b2-be64.cache-8`	`104b`	`104b`	`0b`
`/var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-be64.cache-8`	`160b`	`160b`	`0b`
`/var/cache/fontconfig/d589a48862398ed80a3d6066f4f56f4c-be64.cache-8`	`16kb`	`16kb`	`0b`
`/var/cache/ldconfig/aux-cache`	`16kb`	`16kb`	`0b`
`/var/lib/dpkg/info` (3 files changed)	`25kb`	`25kb`	`0b`
`/var/lib/dpkg/status`	`368kb`	`368kb`	`0b`
`/var/lib/dpkg/status-old`	`369kb`	`369kb`	`0b`
`/var/log/alternatives.log`	`11kb`	`11kb`	`0b`
`/var/log/apt/eipp.log.xz`	`17kb`	`17kb`	`-4b`
`/var/log/apt/history.log`	`14kb`	`14kb`	`0b`
`/var/log/apt/term.log`	`77kb`	`77kb`	`0b`
`/var/log/dpkg.log`	`150kb`	`150kb`	`0b`

History

The following differences in docker history were detected:

-/bin/sh -c #(nop) ADD file:2dc117136732884ad4b058065700dd66cc49d6ce56b0fdbb672915e3ad8adb84 in /
+/bin/sh -c #(nop) ADD file:6d8ee60b2fe4604969d8feeeb7e0dc8b9619a778d1a905c8bfdde5ede5e1eb54 in /
 /bin/sh -c #(nop)  CMD ["bash"]
 /bin/sh -c set -eux; 	apt-get update; 	apt-get install -y --no-install-recommends 		ca-certificates 		curl 		gnupg 		netbase 		sq 		wget 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends 		git 		mercurial 		openssh-client 		subversion 				procps 	&& rm -rf /var/lib/apt/lists/*
 /bin/sh -c set -ex; 	apt-get update; 	apt-get install -y --no-install-recommends 		autoconf 		automake 		bzip2 		dpkg-dev 		file 		g++ 		gcc 		imagemagick 		libbz2-dev 		libc6-dev 		libcurl4-openssl-dev 		libdb-dev 		libevent-dev 		libffi-dev 		libgdbm-dev 		libglib2.0-dev 		libgmp-dev 		libjpeg-dev 		libkrb5-dev 		liblzma-dev 		libmagickcore-dev 		libmagickwand-dev 		libmaxminddb-dev 		libncurses5-dev 		libncursesw5-dev 		libpng-dev 		libpq-dev 		libreadline-dev 		libsqlite3-dev 		libssl-dev 		libtool 		libwebp-dev 		libxml2-dev 		libxslt-dev 		libyaml-dev 		make 		patch 		unzip 		xz-utils 		zlib1g-dev 				$( 			if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then 				echo 'default-libmysqlclient-dev'; 			else 				echo 'libmysqlclient-dev'; 			fi 		) 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c groupadd --gid 1000 node   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
-/bin/sh -c #(nop)  ENV NODE_VERSION=18.18.2
-/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
+/bin/sh -c #(nop)  ENV NODE_VERSION=20.9.0
+/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && export GNUPGHOME="$(mktemp -d)"   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
 /bin/sh -c #(nop)  ENV YARN_VERSION=1.22.19
-/bin/sh -c set -ex   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
+/bin/sh -c set -ex   && export GNUPGHOME="$(mktemp -d)"   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
 /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/
 /bin/sh -c #(nop)  ENTRYPOINT ["docker-entrypoint.sh"]
 /bin/sh -c #(nop)  CMD ["node"]

Ports

No different exposed ports detected

Environment Variables

The following different environment variables were detected:

-NODE_VERSION 18.18.2
+NODE_VERSION 20.9.0

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

Dockerfile

node:lts@sha256:d764525456dfe2f96a436ba00f864ee8ae3690bfb457c9f12a3a2a35b2d8be41 -> node:lts@sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c [atomist:generated] [atomist-skill:atomist/docker-base-image-policy] Signed-off-by: Atomist Bot <[email protected]>

atomist bot added auto-merge:on-check-success Auto-merge on passed checks auto-merge-method:merge Auto-merge with merge commit and removed auto-merge-method:merge Auto-merge with merge commit labels Oct 19, 2023

atomist bot force-pushed the atomist/pin-docker-base-image/dockerfile branch from 82e9335 to c619343 Compare October 26, 2023 04:24

atomist bot force-pushed the atomist/pin-docker-base-image/dockerfile branch from c619343 to eaf471b Compare November 1, 2023 22:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Re-pin Docker base image in Dockerfile #255

Re-pin Docker base image in Dockerfile #255

atomist bot commented Oct 19, 2023 •

edited

Loading

Re-pin Docker base image in Dockerfile #255

Are you sure you want to change the base?

Re-pin Docker base image in Dockerfile #255

Conversation

atomist bot commented Oct 19, 2023 • edited Loading

Commit

Comparison

Packages

Files

History

Ports

Environment Variables

atomist bot commented Oct 19, 2023 •

edited

Loading