Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ci(update): port update.sh to nodejs #1368

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

ttshivers
Copy link
Member

@ttshivers ttshivers commented Oct 15, 2020

Ported the update.sh script to nodejs.
Changes:

  • With no additional arguments, the script only updates Dockerfiles when there is a new node version for that major version
  • -a or --all causes all Dockerfiles to be regenerated from the template.

updateLib.js can be used in the auto-pr cronjob to also get what Dockerfiles changed. By default, it will only update a Dockerfile when node updates, so it would work well in an cronjob action.
Refs: #1314

diff
./update.js -a
diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile
index ebad2ff..fd521bd 100644
--- a/10/alpine3.10/Dockerfile
+++ b/10/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile
index b6472e4..8d5c7e0 100644
--- a/10/alpine3.11/Dockerfile
+++ b/10/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile
index 8cdfc97..50f92f2 100644
--- a/10/alpine3.9/Dockerfile
+++ b/10/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile
index 3dfe42d..64c0d2e 100644
--- a/10/buster-slim/Dockerfile
+++ b/10/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && node --version \
     && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile
index 8ac9c75..8d978ad 100644
--- a/10/buster/Dockerfile
+++ b/10/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && for key in \
diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile
index 1a1d203..a13923c 100644
--- a/10/stretch-slim/Dockerfile
+++ b/10/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && node --version \
     && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile
index 53d43a2..a7b265f 100644
--- a/10/stretch/Dockerfile
+++ b/10/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && for key in \
diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile
index e5a1b79..317ddee 100644
--- a/12/alpine3.10/Dockerfile
+++ b/12/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile
index 8007796..5bc0d8e 100644
--- a/12/alpine3.11/Dockerfile
+++ b/12/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile
index f56baf3..25cbf6b 100644
--- a/12/alpine3.12/Dockerfile
+++ b/12/alpine3.12/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile
index 2bad543..8a23b43 100644
--- a/12/alpine3.9/Dockerfile
+++ b/12/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile
index 5cd732b..04437e9 100644
--- a/12/buster-slim/Dockerfile
+++ b/12/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile
index 90a94be..88027f4 100644
--- a/12/buster/Dockerfile
+++ b/12/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile
index 2e2fe2c..d3d722e 100644
--- a/12/stretch-slim/Dockerfile
+++ b/12/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile
index e0d9bdc..0384ed2 100644
--- a/12/stretch/Dockerfile
+++ b/12/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
cat: .: Is a directory
travis@coniscale:~/docker-node$ ^C
travis@coniscale:~/docker-node$ cat out.txt
diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile
index ebad2ff..fd521bd 100644
--- a/10/alpine3.10/Dockerfile
+++ b/10/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile
index b6472e4..8d5c7e0 100644
--- a/10/alpine3.11/Dockerfile
+++ b/10/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile
index 8cdfc97..50f92f2 100644
--- a/10/alpine3.9/Dockerfile
+++ b/10/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \
   && for key in \
diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile
index 3dfe42d..64c0d2e 100644
--- a/10/buster-slim/Dockerfile
+++ b/10/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && node --version \
     && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile
index 8ac9c75..8d978ad 100644
--- a/10/buster/Dockerfile
+++ b/10/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && for key in \
diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile
index 1a1d203..a13923c 100644
--- a/10/stretch-slim/Dockerfile
+++ b/10/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && node --version \
     && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && savedAptMark="$(apt-mark showmanual)" \
diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile
index 53d43a2..a7b265f 100644
--- a/10/stretch/Dockerfile
+++ b/10/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
@@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && node --version \
   && npm --version

-ENV YARN_VERSION 1.22.4
+ENV YARN_VERSION 1.22.5

 RUN set -ex \
   && for key in \
diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile
index e5a1b79..317ddee 100644
--- a/12/alpine3.10/Dockerfile
+++ b/12/alpine3.10/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile
index 8007796..5bc0d8e 100644
--- a/12/alpine3.11/Dockerfile
+++ b/12/alpine3.11/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile
index f56baf3..25cbf6b 100644
--- a/12/alpine3.12/Dockerfile
+++ b/12/alpine3.12/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile
index 2bad543..8a23b43 100644
--- a/12/alpine3.9/Dockerfile
+++ b/12/alpine3.9/Dockerfile
@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile
index 5cd732b..04437e9 100644
--- a/12/buster-slim/Dockerfile
+++ b/12/buster-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile
index 90a94be..88027f4 100644
--- a/12/buster/Dockerfile
+++ b/12/buster/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile
index 2e2fe2c..d3d722e 100644
--- a/12/stretch-slim/Dockerfile
+++ b/12/stretch-slim/Dockerfile
@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
     && for key in \
       4ED778F539E3634C779C87C6D7062848A1AB005C \
       94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+      1C050899334244A8AF75E53792EF661D867B9DFA \
       71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
       8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
       C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile
index e0d9bdc..0384ed2 100644
--- a/12/stretch/Dockerfile
+++ b/12/stretch/Dockerfile
@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \
   && for key in \
     4ED778F539E3634C779C87C6D7062848A1AB005C \
     94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
+    1C050899334244A8AF75E53792EF661D867B9DFA \
     71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
     8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
     C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \

Copy link
Member

@SimenB SimenB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

loving it! 😀

@@ -0,0 +1,62 @@
#!/usr/bin/env node
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this work on windows? requiring node update.js is probably better?

@SimenB SimenB requested a review from a team October 15, 2020 08:53
Copy link
Member

@PeterDaveHello PeterDaveHello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also add some basic linter for it as we did for shell scripts before!?

@PeterDaveHello PeterDaveHello requested a review from a team October 15, 2020 11:37
@SimenB
Copy link
Member

SimenB commented Oct 15, 2020

npx xo?

Copy link
Member

@nschonni nschonni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I missed it, but I'm not seeing the a way to do the old -s security updates where only the Node version gets updated

};

const fetchMuslChecksum = async (nodeVersion) => {
const checksums = await fetchText(
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to handle/wait for the checksum to be available? Just thinking more in a CI way, for the auto-update PR flow

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the checksum isn't available, an action using this should fail since fetchText will reject on non 2XX status codes. Is that sufficient? I could instead have it periodically poll that site but that would run into the action time limit of 6 hours. Any thoughts?

@ttshivers
Copy link
Member Author

ttshivers commented Oct 15, 2020

Maybe I missed it, but I'm not seeing the a way to do the old -s security updates where only the Node version gets updated

I didn't implement that (yet). I could add that if desired. I just have it regenerate the entire template when the node version changes by default (no args). Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Are there other situations like that where I should add more customization. For example, I didn't port the logic to specify certain versions or variants to only update. Should I also add this back in?

@ttshivers
Copy link
Member Author

Let's also add some basic linter for it as we did for shell scripts before!?

One option is https://github.com/github/super-linter

@SimenB
Copy link
Member

SimenB commented Oct 15, 2020

Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Probably not keys, but security releases should not update yarn (the -s stands for security) - we want the bar to upgrade to those be as low as possible

@nschonni
Copy link
Member

One option is https://github.com/github/super-linter

Haven't used it before, but I think this is one repo were it actually makes sense 😄 because we don't pin/track versions of those tools
It would also replace a few of our other jobs (eclint, markdownlint, maybe shellfmt), but I think that could be a separate PR from this

@ttshivers
Copy link
Member Author

Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Probably not keys, but security releases should not update yarn (the -s stands for security) - we want the bar to upgrade to those be as low as possible

Okay, just so I understand: There should be an -s option that only updates node versions and the node keys (not yarn keys).

Should that be the default behavior? To only update the node version, and if there is a node version update, only update the node keys.

@nschonni
Copy link
Member

I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the -s process documented in the release instructions for security releases.

@ttshivers
Copy link
Member Author

ttshivers commented Oct 16, 2020

I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the -s process documented in the release instructions for security releases.

At the moment, it appears that the only thing the -s flag does it make it use the yarn version currently present in the file. It will still regenerates the entire file from the template with the new keys for both npm and yarn.

docker-node/update.sh

Lines 68 to 71 in 0e87209

if [ "${SKIP}" != true ]; then
alpine_version=$(get_config "./" "alpine_version")
yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)"
fi

docker-node/update.sh

Lines 138 to 142 in 0e87209

if [ "${SKIP}" = true ]; then
# Get the currently used Yarn version
yarnVersion="$(grep "ENV YARN_VERSION" "${dockerfile}" | cut -d' ' -f3)"
fi
sed -Ei -e 's/^(ENV YARN_VERSION ).*/\1'"${yarnVersion}"'/' "${dockerfile}-tmp"

Note, setting the alpine_version in the first snippet looks like it does nothing because alpine_version is later set at:

alpine_version="${variant#*alpine}"

So, it appears that the current behavior of the -s flag may not be what is wanted. Is the desired behavior that if the -s flag is specified, only the node version is updated? This would be the easiest to code. Is the desired behavior also to update the node keys? That would take a bit more work.

@nschonni
Copy link
Member

Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release

@ttshivers
Copy link
Member Author

Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release

That does make sense. I am trying to think of the best way to handle that. Currently, my script takes the same approach as update.sh and regenerates the Dockerfile every time from the template. If I were to just support updating the node version and node keys, I would need to somehow get the yarn version and yarn keys used to generate the old/current Dockerfile. I could parse these from the current Dockerfile. Another option might be storing some metadata (perhaps in a json) in some file about the keys and versions used to generate the current version of the Dockerfile.

Any advice or other strategies?

Copy link
Member

@nschonni nschonni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, not a solution, but took a quick read down the files and commented where the start of the Yarn/Security-only bubbling would need to start

console.log(usage);
};

const runUpdate = async (updateAll) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the Yarn part would be a separate parameter here, defaulting to true

};

const updateDockerfiles = async (outdated) => {
const yarnVersion = await fetchText(yarnVersionUrl);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think here, if it is a security update, it would read the existing Dockerfile, instead of doing the fetch

@yosifkit
Copy link
Contributor

Another option might be storing some metadata (perhaps in a json)

We've actually started doing that in a few repos in https://github.com/docker-library like docker-library/php#1052 and it's been super helpful. (You definitely don't have to use our unique templating format). It has been helpful for us to split updating the json file (versions.sh) from applying that metadata to the Dockerfiles (apply-templates.sh). Parsing json is much easier that trying to parse a Dockerfile for the current/previous version of something 😉.

@ttshivers
Copy link
Member Author

Coming back around to work on this. I think I'm going to try out the json metadata approach that yousifkit mentioned.

I know my current scripts lacked a security only mode, so I'm going to add that. I am trying to see if there is a good way to see if a given nodejs update is a security release or not.
So far, I think I might be able to look on the github nodejs page and see if the release has the text This is a security release.
Examples:

I don't see a good way of determining if a yarn release is a security update or not.

Base automatically changed from master to main March 15, 2021 16:23
@SimenB
Copy link
Member

SimenB commented Mar 10, 2022

Might be a good idea to update this after #1646 lands

@SimenB
Copy link
Member

SimenB commented May 15, 2022

@ttshivers hey, would you be up for continuing this? 🙂

});

const fetchText = (url) => new Promise((resolve, reject) => {
https.get(url, (res) => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should use the builtin fetch

@SimenB
Copy link
Member

SimenB commented Feb 17, 2023

yarn v1 version (which is what we ship) will never change, so we can drop the -s flag entirely if it complicates things

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants