Merge pull request #4948 from mozilla/dependabot/docker/node-22.6-alpine

chore(deps): bump node from 22.5-alpine to 22.6-alpine
mozilla · Aug 28, 2024 · cba6a0b · cba6a0b
2 parents 8ffc71b + 8c1e2f7
commit cba6a0b
Show file tree

Hide file tree

Showing 12 changed files with 48 additions and 15 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.5.x'
+          node-version: '22.6.x'
       - run: npm ci
       - run: npm run build-glean
       # Verify that the build (incl. type-checking) succeeds

diff --git a/.github/workflows/e2e_cron.yml b/.github/workflows/e2e_cron.yml
@@ -21,7 +21,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 22.5.x
+          node-version: 22.6.x
 
       - name: Install dependencies
         run: npm ci

diff --git a/.github/workflows/e2e_pr.yml b/.github/workflows/e2e_pr.yml
@@ -32,7 +32,7 @@ jobs:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
         with:
-          node-version: 22.5.x
+          node-version: 22.6.x
 
       - name: Install dependencies
         run: npm ci

diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.5.x'
+          node-version: '22.6.x'
       - run: npm ci
       - run: npm run build-glean
       - run: npm run build-nimbus

diff --git a/.github/workflows/unittests.yaml b/.github/workflows/unittests.yaml
@@ -12,7 +12,7 @@ jobs:
       - name: Use Node.js
         uses: actions/setup-node@v4
         with:
-          node-version: '22.5.x'
+          node-version: '22.6.x'
       - run: npm ci
       - run: npm run build-glean
       - run: npm test

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:22.5-alpine
+FROM node:22.6-alpine
 
 RUN addgroup -g 10001 app && \
     adduser -D -G app -h /app -u 10001 app

diff --git a/Dockerfile.cloudrun b/Dockerfile.cloudrun
@@ -1,4 +1,4 @@
-FROM node:22.5-alpine
+FROM node:22.6-alpine
 
 RUN addgroup -g 10001 app && \
     adduser -D -G app -h /app -u 10001 app

diff --git a/docs/dependency-updates.md b/docs/dependency-updates.md
@@ -49,10 +49,43 @@ For example, the unit tests Workflow (`/.github/workflows/unittests.yaml`) uses
 the `setup-node` Action, so if that gets updated, the tests should continue to
 run, and to result in a failing check if the tests fail.
 
-## Docker
+## Docker / Node
 
-TODO: Describe how to verify that an update of the base Docker image doesn't
-break the app.
+Monitor specifies the official Node:Alpine Docker image, which bundles both the minimalistic
+Alpine Linux distribution with the latest version of Node.
+
+GitHub's Dependabot only updates `Dockerfile`, but the Node version is specified in many
+different config files. The PR that Dependabot opens will always fail the lint check because
+the script `scripts/check-node-version-alignment.js` will fail if the Node version isn't
+set consistently across all config files.
+
+1. clone the branch that Dependabot creates
+
+e.g.
+
+```sh
+git clone dependabot/docker/node-22.6-alpine
+```
+
+2. Run the Node version alignment script and fix any problems it finds
+
+```sh
+node scripts/check-node-version-alignment.js
+```
+
+3. Commit and push to branch Dependabot opened
+
+e.g.
+
+```sh
+git push origin dependabot/docker/node-22.6-alpine
+```
+
+Lint on the GitHub PR should now pass and the PR may be merged.
+
+Testing: NOTE This must be pushed to the stage environment and the full e2e test suite must pass
+before this is pushed to production. The release notes must be reviewed to determine how
+urgent the update is (e.g. security fixes) and if more thorough testing should be performed.
 
 ## npm
 

diff --git a/esbuild.cronjobs.js b/esbuild.cronjobs.js
@@ -21,6 +21,6 @@ build({
   format: "esm",
   outdir: "dist/scripts/cronjobs/",
   sourcemap: true,
-  target: "node22.5",
+  target: "node22.6",
   packages: "external",
 });
diff --git a/netlify.toml b/netlify.toml
@@ -18,4 +18,4 @@
   # Default build command.
   command = "npm ci; npm run build-storybook"
 
-  environment = { NODE_VERSION = "22.5.1", NPM_VERSION = "10.8.1" }
+  environment = { NODE_VERSION = "22.6.0", NPM_VERSION = "10.8.1" }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -3,7 +3,7 @@
   "version": "1.0.0",
   "description": "Firefox Monitor",
   "engines": {
-    "node": "22.5.x",
+    "node": "22.6.x",
     "npm": "10.8.x"
   },
   "type": "module",
@@ -58,7 +58,7 @@
   "homepage": "https://github.com/mozilla/blurts-server",
   "license": "MPL-2.0",
   "volta": {
-    "node": "22.5.1",
+    "node": "22.6.0",
     "npm": "10.8.1"
   },
   "dependencies": {