Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-pin Docker base image in Dockerfile #255

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Re-pin Docker base image in Dockerfile #255

wants to merge 1 commit into from

Conversation

atomist[bot]
Copy link
Contributor

@atomist atomist bot commented Oct 19, 2023
edited
Loading

This pull request re-pins the Docker base image node:lts in Dockerfile to the current digest.

github-secret-scanner-skill/Dockerfile

Line 2 in eaf471b

FROM node:lts@sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c AS build

Digest sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c references a multi-CPU architecture image manifest. This image supports the following architectures:

Changelog for node:lts

Commit

New image build caused by commit docker-library/official-images@0edd1eb to library/node:

Node: feat: Nodejs 20 LTS Iron codename

Comparison

Comparing Docker image node:lts at digests

Current sha256:d764525456dfe2f96a436ba00f864ee8ae3690bfb457c9f12a3a2a35b2d8be41 (963mb) and
Proposed sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c (968mb):

Packages

The following package differences were detected:

Name Current Proposed Type
corepack 0.19.0 0.20.0 Node
libssl-dev 3.0.11-1~deb12u1 3.0.11-1~deb12u2 Apt
libssl3 3.0.11-1~deb12u1 3.0.11-1~deb12u2 Apt
npm 9.8.1 10.1.0 Node
openssl 3.0.11-1~deb12u1 3.0.11-1~deb12u2 Apt

Files

The following file modifications were detected:

Name Current Proposed Diff
/etc/apt/sources.list.d/debian.sources 443b 443b 0b
/etc/shadow 500b 500b 0b
/etc/shadow- 474b 474b 0b
/root/.gnupg - -80kb
/root/.gnupg/crls.d - -5b
/root/.gnupg/crls.d/DIR.txt - -5b
/root/.gnupg/private-keys-v1.d + 0b
/root/.gnupg/pubring.kbx - -45kb
/root/.gnupg/pubring.kbx~ - -34kb
/root/.gnupg/random_seed - -600b
/root/.gnupg/trustdb.gpg - -1.2kb
/root/.npm/_logs/2023-10-16T19_25_01_005Z-debug-0.log - -1.5kb
/root/.npm/_logs/2023-11-01T03_16_55_416Z-debug-0.log + 1.5kb
/tmp/v8-compile-cache-0/10.2.154.26-node.26 - -2.1mb
/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB - -2.1mb
/tmp/v8-compile-cache-0/10.2.154.26-node.26/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP - -88b
/tmp/v8-compile-cache-0/11.3.244.8-node.16 + 2.1mb
/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.BLOB + 2.1mb
/tmp/v8-compile-cache-0/11.3.244.8-node.16/zSoptzSyarn-v1.22.19zSbinzSyarn.js.MAP + 88b
/usr/lib/s390x-linux-gnu/libcrypto.a 8.3mb 8.3mb 688b
/usr/lib/s390x-linux-gnu/libcrypto.so.3 4.2mb 4.2mb 0b
/usr/local/CHANGELOG.md 596kb 254kb -341kb
/usr/local/LICENSE 113kb 113kb 20b
/usr/local/README.md 36kb 37kb 363b
/usr/local/bin/node 90mb 95mb 4.3mb
/usr/local/include/node (91 files changed) 772kb 1.1mb 332kb
/usr/local/lib/node_modules (537 files changed) 4.1mb 8.9mb 4.8mb
/usr/local/share/doc/node/gdbinit 6.9kb 8.7kb 1.7kb
/usr/local/share/man/man1/node.1 23kb 23kb 491b
/usr/local/share/systemtap - -10kb
/usr/share/doc/libssl-dev/changelog.Debian.gz 3.8kb 3.9kb 54b
/usr/share/doc/libssl3/changelog.Debian.gz 3.8kb 3.9kb 54b
/usr/share/doc/openssl/changelog.Debian.gz 3.8kb 3.9kb 54b
/usr/share/man/man1 (60 files changed) 318kb 318kb -78b
/usr/share/man/man5 (3 files changed) 21kb 21kb -3b
/usr/share/man/man7 (126 files changed) 463kb 462kb -188b
/var/cache/fontconfig/3830d5c3ddfd5cd38a049b759396e72e-be64.cache-8 144b 144b 0b
/var/cache/fontconfig/4c599c202bc5c08e2d34565a40eac3b2-be64.cache-8 104b 104b 0b
/var/cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-be64.cache-8 160b 160b 0b
/var/cache/fontconfig/d589a48862398ed80a3d6066f4f56f4c-be64.cache-8 16kb 16kb 0b
/var/cache/ldconfig/aux-cache 16kb 16kb 0b
/var/lib/dpkg/info (3 files changed) 25kb 25kb 0b
/var/lib/dpkg/status 368kb 368kb 0b
/var/lib/dpkg/status-old 369kb 369kb 0b
/var/log/alternatives.log 11kb 11kb 0b
/var/log/apt/eipp.log.xz 17kb 17kb -4b
/var/log/apt/history.log 14kb 14kb 0b
/var/log/apt/term.log 77kb 77kb 0b
/var/log/dpkg.log 150kb 150kb 0b

History

The following differences in docker history were detected:

-/bin/sh -c #(nop) ADD file:2dc117136732884ad4b058065700dd66cc49d6ce56b0fdbb672915e3ad8adb84 in /
+/bin/sh -c #(nop) ADD file:6d8ee60b2fe4604969d8feeeb7e0dc8b9619a778d1a905c8bfdde5ede5e1eb54 in /
 /bin/sh -c #(nop)  CMD ["bash"]
 /bin/sh -c set -eux; 	apt-get update; 	apt-get install -y --no-install-recommends 		ca-certificates 		curl 		gnupg 		netbase 		sq 		wget 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c apt-get update && apt-get install -y --no-install-recommends 		git 		mercurial 		openssh-client 		subversion 				procps 	&& rm -rf /var/lib/apt/lists/*
 /bin/sh -c set -ex; 	apt-get update; 	apt-get install -y --no-install-recommends 		autoconf 		automake 		bzip2 		dpkg-dev 		file 		g++ 		gcc 		imagemagick 		libbz2-dev 		libc6-dev 		libcurl4-openssl-dev 		libdb-dev 		libevent-dev 		libffi-dev 		libgdbm-dev 		libglib2.0-dev 		libgmp-dev 		libjpeg-dev 		libkrb5-dev 		liblzma-dev 		libmagickcore-dev 		libmagickwand-dev 		libmaxminddb-dev 		libncurses5-dev 		libncursesw5-dev 		libpng-dev 		libpq-dev 		libreadline-dev 		libsqlite3-dev 		libssl-dev 		libtool 		libwebp-dev 		libxml2-dev 		libxslt-dev 		libyaml-dev 		make 		patch 		unzip 		xz-utils 		zlib1g-dev 				$( 			if apt-cache show 'default-libmysqlclient-dev' 2>/dev/null | grep -q '^Version:'; then 				echo 'default-libmysqlclient-dev'; 			else 				echo 'libmysqlclient-dev'; 			fi 		) 	; 	rm -rf /var/lib/apt/lists/*
 /bin/sh -c groupadd --gid 1000 node   && useradd --uid 1000 --gid node --shell /bin/bash --create-home node
-/bin/sh -c #(nop)  ENV NODE_VERSION=18.18.2
-/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
+/bin/sh -c #(nop)  ENV NODE_VERSION=20.9.0
+/bin/sh -c ARCH= && dpkgArch="$(dpkg --print-architecture)"   && case "${dpkgArch##*-}" in     amd64) ARCH='x64';;     ppc64el) ARCH='ppc64le';;     s390x) ARCH='s390x';;     arm64) ARCH='arm64';;     armhf) ARCH='armv7l';;     i386) ARCH='x86';;     *) echo "unsupported architecture"; exit 1 ;;   esac   && export GNUPGHOME="$(mktemp -d)"   && set -ex   && for key in     4ED778F539E3634C779C87C6D7062848A1AB005C     141F07595B7B3FFE74309A937405533BE57C7D57     74F12602B6F1C4E913FAA37AD3A89613643B6201     DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7     61FC681DFB92A079F1685E77973F295594EC4689     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8     890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4     C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C     108F52B48DB57BB0CC439B2997B01419BD92F80A     A363A499291CBBC940DD62E41F10027AF002F8B0   ; do       gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||       gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH.tar.xz"   && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc"   && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && grep " node-v$NODE_VERSION-linux-$ARCH.tar.xz\$" SHASUMS256.txt | sha256sum -c -   && tar -xJf "node-v$NODE_VERSION-linux-$ARCH.tar.xz" -C /usr/local --strip-components=1 --no-same-owner   && rm "node-v$NODE_VERSION-linux-$ARCH.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt   && ln -s /usr/local/bin/node /usr/local/bin/nodejs   && node --version   && npm --version
 /bin/sh -c #(nop)  ENV YARN_VERSION=1.22.19
-/bin/sh -c set -ex   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
+/bin/sh -c set -ex   && export GNUPGHOME="$(mktemp -d)"   && for key in     6A010C5166006599AA17F08146C2130DFD2497F5   ; do     gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" ||     gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ;   done   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz"   && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc"   && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && gpgconf --kill all   && rm -rf "$GNUPGHOME"   && mkdir -p /opt   && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn   && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg   && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz   && yarn --version
 /bin/sh -c #(nop) COPY file:4d192565a7220e135cab6c77fbc1c73211b69f3d9fb37e62857b2c6eb9363d51 in /usr/local/bin/
 /bin/sh -c #(nop)  ENTRYPOINT ["docker-entrypoint.sh"]
 /bin/sh -c #(nop)  CMD ["node"]

Ports

No different exposed ports detected

Environment Variables

The following different environment variables were detected:

-NODE_VERSION 18.18.2
+NODE_VERSION 20.9.0

Pinning FROM lines to digests makes your builds repeatable. Atomist will raise new pull requests whenever the tag moves, so that you know when the base image has been updated. You can follow a new tag at any time. Just replace the digest with the new tag you want to follow. Atomist, will switch to following this new tag.

File changed:

@atomist atomist bot added auto-merge:on-check-success Auto-merge on passed checks auto-merge-method:merge Auto-merge with merge commit and removed auto-merge-method:merge Auto-merge with merge commit labels Oct 19, 2023
@atomist atomist bot force-pushed the atomist/pin-docker-base-image/dockerfile branch from 82e9335 to c619343 Compare October 26, 2023 04:24
@atomist-bot
Re-pin Docker image node:lts
eaf471b 
node:lts@sha256:d764525456dfe2f96a436ba00f864ee8ae3690bfb457c9f12a3a2a35b2d8be41
->
node:lts@sha256:5f21943fe97b24ae1740da6d7b9c56ac43fe3495acb47c1b232b0a352b02a25c

 [atomist:generated]
 [atomist-skill:atomist/docker-base-image-policy]

Signed-off-by: Atomist Bot <[email protected]>
@atomist atomist bot force-pushed the atomist/pin-docker-base-image/dockerfile branch from c619343 to eaf471b Compare November 1, 2023 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
auto-merge:on-check-success Auto-merge on passed checks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@atomist-bot