diff --git a/packages/fileimport-service/Dockerfile b/packages/fileimport-service/Dockerfile index a19df84f1a..d4cfe9cfca 100644 --- a/packages/fileimport-service/Dockerfile +++ b/packages/fileimport-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as build-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -47,7 +47,7 @@ RUN apt-get update && \ COPY packages/fileimport-service/requirements.txt /speckle-server/ RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir --requirement /speckle-server/requirements.txt -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as dependency-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as dependency-stage # installing just the production dependencies # separate stage to avoid including development dependencies ARG NODE_ENV @@ -65,9 +65,9 @@ COPY packages/fileimport-service/package.json ./packages/fileimport-service/ WORKDIR /speckle-server/packages/fileimport-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:14c62b8925d3bb30319de2f346bde203fe18103a68898284a62db9d4aa54c794 as python-image +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:97c3cd02198dcda447a6c2e2ee06df3d26491e44ef5640c430dc13206d7159c7 as python-image -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:afdea027580f7afcaf1f316b2b3806690c297cb3ce6ddc5cf6a15804dc1c790f as distributable-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:5f9c575a5a1c82b20087c29ae0f5f03a105ff890f90e2159221800caca649fb4 as distributable-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend-2/Dockerfile b/packages/frontend-2/Dockerfile index 432df6550a..bc6f5f56e7 100644 --- a/packages/frontend-2/Dockerfile +++ b/packages/frontend-2/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as build-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as build-stage ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom @@ -40,7 +40,7 @@ ENV TINI_VERSION v0.19.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini RUN chmod +x /tini -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:afdea027580f7afcaf1f316b2b3806690c297cb3ce6ddc5cf6a15804dc1c790f as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:5f9c575a5a1c82b20087c29ae0f5f03a105ff890f90e2159221800caca649fb4 as production-stage ARG NODE_ENV=production ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend/Dockerfile b/packages/frontend/Dockerfile index 67949c0174..0f7e5fa478 100644 --- a/packages/frontend/Dockerfile +++ b/packages/frontend/Dockerfile @@ -2,7 +2,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom # build stage -FROM node:18-bullseye-slim@sha256:8cc7dcd5aa06715247f8f2f258332f188d4221e2685b1a0159e4e6c3382e4918 as build-stage +FROM node:18-bullseye-slim@sha256:7c499c7253429035b7affe784146e8e54c09012da6e7fc1f0504a0c7e37fd966 as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION diff --git a/packages/preview-service/Dockerfile b/packages/preview-service/Dockerfile index 1d27c3951e..863b85ee25 100644 --- a/packages/preview-service/Dockerfile +++ b/packages/preview-service/Dockerfile @@ -1,7 +1,7 @@ # NOTE: Docker context should be set to git root directory, to include the viewer ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as build-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -36,7 +36,7 @@ COPY packages/preview-service ./packages/preview-service/ # This way the foreach only builds the frontend and its deps RUN yarn workspaces foreach -W run build -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as node +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as node SHELL ["/bin/bash", "-o", "pipefail", "-c"] # hadolint ignore=DL3008,DL3015 diff --git a/packages/server/Dockerfile b/packages/server/Dockerfile index d29d19d17a..eba0ab0734 100644 --- a/packages/server/Dockerfile +++ b/packages/server/Dockerfile @@ -1,7 +1,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as build-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION WORKDIR /speckle-server @@ -39,7 +39,7 @@ RUN yarn workspaces foreach -W run build # install only production dependencies # we need a clean environment, free of build dependencies -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as dependency-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as dependency-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION @@ -56,7 +56,7 @@ COPY packages/objectloader/package.json ./packages/objectloader/ WORKDIR /speckle-server/packages/server RUN yarn workspaces focus --production -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as production-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as production-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION ARG FILE_SIZE_LIMIT_MB=100 diff --git a/packages/webhook-service/Dockerfile b/packages/webhook-service/Dockerfile index f05eec8b3d..a7cf043f07 100644 --- a/packages/webhook-service/Dockerfile +++ b/packages/webhook-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as build-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -32,7 +32,7 @@ ENV TINI_VERSION=${TINI_VERSION} ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini ./tini RUN chmod +x ./tini -FROM node:18-bookworm-slim@sha256:408f8cbbb7b33a5bb94bdb8862795a94d2b64c2d516856824fd86c4a5594a443 as dependency-stage +FROM node:18-bookworm-slim@sha256:f6c7e369acbef53d868ea2bda4a6e3bf4c2cdeda683f12a989211d0fbec7f8c4 as dependency-stage # yarn install ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -50,7 +50,7 @@ COPY packages/shared/package.json ./packages/shared/ WORKDIR /speckle-server/packages/webhook-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:afdea027580f7afcaf1f316b2b3806690c297cb3ce6ddc5cf6a15804dc1c790f as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:5f9c575a5a1c82b20087c29ae0f5f03a105ff890f90e2159221800caca649fb4 as production-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/utils/monitor-deployment/Dockerfile b/utils/monitor-deployment/Dockerfile index 361fd25be3..434bd96cc7 100644 --- a/utils/monitor-deployment/Dockerfile +++ b/utils/monitor-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:67f3931ad8cb1967beec602d8c0506af1e37e8d73c2a0b38b181ec5d8560d395 AS build-stage +FROM debian:12-slim@sha256:ca3372ce30b03a591ec573ea975ad8b0ecaf0eb17a354416741f8001bbcae33d AS build-stage WORKDIR /build @@ -19,7 +19,7 @@ RUN apt-get update && \ COPY utils/monitor-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:14c62b8925d3bb30319de2f346bde203fe18103a68898284a62db9d4aa54c794 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:97c3cd02198dcda447a6c2e2ee06df3d26491e44ef5640c430dc13206d7159c7 as production-stage ARG PG_CONNECTION_STRING ARG NODE_EXTRA_CA_CERTS ENV PG_CONNECTION_STRING=${PG_CONNECTION_STRING} \ diff --git a/utils/test-deployment/Dockerfile b/utils/test-deployment/Dockerfile index 853e1f8199..eb2c63a0e8 100644 --- a/utils/test-deployment/Dockerfile +++ b/utils/test-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:67f3931ad8cb1967beec602d8c0506af1e37e8d73c2a0b38b181ec5d8560d395 AS build-stage +FROM debian:12-slim@sha256:ca3372ce30b03a591ec573ea975ad8b0ecaf0eb17a354416741f8001bbcae33d AS build-stage WORKDIR /venv RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install \ @@ -9,7 +9,7 @@ RUN apt-get update && \ COPY utils/test-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:14c62b8925d3bb30319de2f346bde203fe18103a68898284a62db9d4aa54c794 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:97c3cd02198dcda447a6c2e2ee06df3d26491e44ef5640c430dc13206d7159c7 as production-stage ARG SPECKLE_SERVER ARG SPECKLE_VERSION ENV SPECKLE_SERVER=${SPECKLE_SERVER} \