Skip to content

ci(update): port update.sh to nodejs#1368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ttshivers wants to merge 1 commit into
base:main
Choose a base branch
from
Open

ci(update): port update.sh to nodejs #1368

ttshivers wants to merge 1 commit into from
+268 −382

Conversation

@ttshivers
Copy link
Member

@ttshiversttshivers commented Oct 15, 2020
edited
Loading

Ported the update.sh script to nodejs.
Changes:

  • With no additional arguments, the script only updates Dockerfiles when there is a new node version for that major version
  • -a or --all causes all Dockerfiles to be regenerated from the template.

updateLib.js can be used in the auto-pr cronjob to also get what Dockerfiles changed. By default, it will only update a Dockerfile when node updates, so it would work well in an cronjob action.
Refs: #1314

diff 
./update.js -a
diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile index ebad2ff..fd521bd 100644 --- a/10/alpine3.10/Dockerfile+++ b/10/alpine3.10/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile index b6472e4..8d5c7e0 100644 --- a/10/alpine3.11/Dockerfile+++ b/10/alpine3.11/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile index 8cdfc97..50f92f2 100644 --- a/10/alpine3.9/Dockerfile+++ b/10/alpine3.9/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile index 3dfe42d..64c0d2e 100644 --- a/10/buster-slim/Dockerfile+++ b/10/buster-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 8ac9c75..8d978ad 100644 --- a/10/buster/Dockerfile+++ b/10/buster/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && for key in \ diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile index 1a1d203..a13923c 100644 --- a/10/stretch-slim/Dockerfile+++ b/10/stretch-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 53d43a2..a7b265f 100644 --- a/10/stretch/Dockerfile+++ b/10/stretch/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && for key in \ diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile index e5a1b79..317ddee 100644 --- a/12/alpine3.10/Dockerfile+++ b/12/alpine3.10/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile index 8007796..5bc0d8e 100644 --- a/12/alpine3.11/Dockerfile+++ b/12/alpine3.11/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile index f56baf3..25cbf6b 100644 --- a/12/alpine3.12/Dockerfile+++ b/12/alpine3.12/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile index 2bad543..8a23b43 100644 --- a/12/alpine3.9/Dockerfile+++ b/12/alpine3.9/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile index 5cd732b..04437e9 100644 --- a/12/buster-slim/Dockerfile+++ b/12/buster-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 90a94be..88027f4 100644 --- a/12/buster/Dockerfile+++ b/12/buster/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile index 2e2fe2c..d3d722e 100644 --- a/12/stretch-slim/Dockerfile+++ b/12/stretch-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile index e0d9bdc..0384ed2 100644 --- a/12/stretch/Dockerfile+++ b/12/stretch/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ cat: .: Is a directory travis@coniscale:~/docker-node$ ^C travis@coniscale:~/docker-node$ cat out.txt diff --git a/10/alpine3.10/Dockerfile b/10/alpine3.10/Dockerfile index ebad2ff..fd521bd 100644 --- a/10/alpine3.10/Dockerfile+++ b/10/alpine3.10/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/alpine3.11/Dockerfile b/10/alpine3.11/Dockerfile index b6472e4..8d5c7e0 100644 --- a/10/alpine3.11/Dockerfile+++ b/10/alpine3.11/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/alpine3.9/Dockerfile b/10/alpine3.9/Dockerfile index 8cdfc97..50f92f2 100644 --- a/10/alpine3.9/Dockerfile+++ b/10/alpine3.9/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -71,7 +72,7 @@ RUN addgroup -g 1000 node \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN apk add --no-cache --virtual .build-deps-yarn curl gnupg tar \ && for key in \ diff --git a/10/buster-slim/Dockerfile b/10/buster-slim/Dockerfile index 3dfe42d..64c0d2e 100644 --- a/10/buster-slim/Dockerfile+++ b/10/buster-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ diff --git a/10/buster/Dockerfile b/10/buster/Dockerfile index 8ac9c75..8d978ad 100644 --- a/10/buster/Dockerfile+++ b/10/buster/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && for key in \ diff --git a/10/stretch-slim/Dockerfile b/10/stretch-slim/Dockerfile index 1a1d203..a13923c 100644 --- a/10/stretch-slim/Dockerfile+++ b/10/stretch-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -55,7 +56,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && savedAptMark="$(apt-mark showmanual)" \ diff --git a/10/stretch/Dockerfile b/10/stretch/Dockerfile index 53d43a2..a7b265f 100644 --- a/10/stretch/Dockerfile+++ b/10/stretch/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ @@ -44,7 +45,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && node --version \ && npm --version -ENV YARN_VERSION 1.22.4+ENV YARN_VERSION 1.22.5 RUN set -ex \ && for key in \ diff --git a/12/alpine3.10/Dockerfile b/12/alpine3.10/Dockerfile index e5a1b79..317ddee 100644 --- a/12/alpine3.10/Dockerfile+++ b/12/alpine3.10/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.11/Dockerfile b/12/alpine3.11/Dockerfile index 8007796..5bc0d8e 100644 --- a/12/alpine3.11/Dockerfile+++ b/12/alpine3.11/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.12/Dockerfile b/12/alpine3.12/Dockerfile index f56baf3..25cbf6b 100644 --- a/12/alpine3.12/Dockerfile+++ b/12/alpine3.12/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/alpine3.9/Dockerfile b/12/alpine3.9/Dockerfile index 2bad543..8a23b43 100644 --- a/12/alpine3.9/Dockerfile+++ b/12/alpine3.9/Dockerfile@@ -38,6 +38,7 @@ RUN addgroup -g 1000 node \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/buster-slim/Dockerfile b/12/buster-slim/Dockerfile index 5cd732b..04437e9 100644 --- a/12/buster-slim/Dockerfile+++ b/12/buster-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/buster/Dockerfile b/12/buster/Dockerfile index 90a94be..88027f4 100644 --- a/12/buster/Dockerfile+++ b/12/buster/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/stretch-slim/Dockerfile b/12/stretch-slim/Dockerfile index 2e2fe2c..d3d722e 100644 --- a/12/stretch-slim/Dockerfile+++ b/12/stretch-slim/Dockerfile@@ -22,6 +22,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \ diff --git a/12/stretch/Dockerfile b/12/stretch/Dockerfile index e0d9bdc..0384ed2 100644 --- a/12/stretch/Dockerfile+++ b/12/stretch/Dockerfile@@ -20,6 +20,7 @@ RUN ARCH= && dpkgArch="$(dpkg --print-architecture)" \ && for key in \ 4ED778F539E3634C779C87C6D7062848A1AB005C \ 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \ + 1C050899334244A8AF75E53792EF661D867B9DFA \ 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \ 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \ C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \

SimenB
SimenB approved these changes Oct 15, 2020
View reviewed changes
Copy link
Member

@SimenBSimenB left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

loving it! 😀

update.js
@@ -0,0 +1,62 @@
#!/usr/bin/env node
Copy link
Member

@SimenBSimenBOct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this work on windows? requiring node update.js is probably better?

@SimenBSimenB requested a review from a teamOctober 15, 2020 08:53
PeterDaveHello
PeterDaveHello reviewed Oct 15, 2020
View reviewed changes
Copy link
Member

@PeterDaveHelloPeterDaveHello left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's also add some basic linter for it as we did for shell scripts before!?

@PeterDaveHelloPeterDaveHello requested a review from a teamOctober 15, 2020 11:37
@SimenB
Copy link
Member

SimenB commented Oct 15, 2020

npx xo?

nschonni
nschonni reviewed Oct 15, 2020
View reviewed changes
Copy link
Member

@nschonninschonni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe I missed it, but I'm not seeing the a way to do the old -s security updates where only the Node version gets updated

updateLib.js
};

const fetchMuslChecksum = async (nodeVersion) =>{
const checksums = await fetchText(
Copy link
Member

@nschonninschonniOct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a way to handle/wait for the checksum to be available? Just thinking more in a CI way, for the auto-update PR flow

Copy link
MemberAuthor

@ttshiversttshiversOct 15, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the checksum isn't available, an action using this should fail since fetchText will reject on non 2XX status codes. Is that sufficient? I could instead have it periodically poll that site but that would run into the action time limit of 6 hours. Any thoughts?

@ttshivers
Copy link
MemberAuthor

ttshivers commented Oct 15, 2020
edited
Loading

Maybe I missed it, but I'm not seeing the a way to do the old -s security updates where only the Node version gets updated

I didn't implement that (yet). I could add that if desired. I just have it regenerate the entire template when the node version changes by default (no args). Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Are there other situations like that where I should add more customization. For example, I didn't port the logic to specify certain versions or variants to only update. Should I also add this back in?

@ttshivers
Copy link
MemberAuthor

ttshivers commented Oct 15, 2020

Let's also add some basic linter for it as we did for shell scripts before!?

One option is https://github.com/github/super-linter

@SimenB
Copy link
Member

SimenB commented Oct 15, 2020

Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Probably not keys, but security releases should not update yarn (the -s stands for security) - we want the bar to upgrade to those be as low as possible

@nschonni
Copy link
Member

nschonni commented Oct 15, 2020

One option is https://github.com/github/super-linter

Haven't used it before, but I think this is one repo were it actually makes sense 😄 because we don't pin/track versions of those tools
It would also replace a few of our other jobs (eclint, markdownlint, maybe shellfmt), but I think that could be a separate PR from this

@ttshivers
Copy link
MemberAuthor

ttshivers commented Oct 15, 2020

Is there a case where you would only want to update the node version and not also update the yarn version and keys?

Probably not keys, but security releases should not update yarn (the -s stands for security) - we want the bar to upgrade to those be as low as possible

Okay, just so I understand: There should be an -s option that only updates node versions and the node keys (not yarn keys).

Should that be the default behavior? To only update the node version, and if there is a node version update, only update the node keys.

@nschonni
Copy link
Member

nschonni commented Oct 16, 2020

I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the -s process documented in the release instructions for security releases.

@ttshivers
Copy link
MemberAuthor

ttshivers commented Oct 16, 2020
edited
Loading

I don't think it needs to be the default behaviour, we can just keep it for the cases where there is a security release. I believe they have the -s process documented in the release instructions for security releases.

At the moment, it appears that the only thing the -s flag does it make it use the yarn version currently present in the file. It will still regenerates the entire file from the template with the new keys for both npm and yarn.

docker-node/update.sh

Lines 68 to 71 in 0e87209

if [ "${SKIP}"!=true ];then
alpine_version=$(get_config "./""alpine_version")
yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)"
fi

docker-node/update.sh

Lines 138 to 142 in 0e87209

if [ "${SKIP}"=true ];then
# Get the currently used Yarn version
yarnVersion="$(grep "ENV YARN_VERSION""${dockerfile}"| cut -d'' -f3)"
fi
sed -Ei -e 's/^(ENV YARN_VERSION ).*/\1'"${yarnVersion}"'/'"${dockerfile}-tmp"

Note, setting the alpine_version in the first snippet looks like it does nothing because alpine_version is later set at:

docker-node/update.sh

Line 158 in 0e87209

alpine_version="${variant#*alpine}"

So, it appears that the current behavior of the -s flag may not be what is wanted. Is the desired behavior that if the -s flag is specified, only the node version is updated? This would be the easiest to code. Is the desired behavior also to update the node keys? That would take a bit more work.

@nschonni
Copy link
Member

nschonni commented Oct 16, 2020

Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release

@ttshivers
Copy link
MemberAuthor

ttshivers commented Oct 16, 2020

Updating the keys is fine, as that might actually be the ones being used by the person cutting the security release

That does make sense. I am trying to think of the best way to handle that. Currently, my script takes the same approach as update.sh and regenerates the Dockerfile every time from the template. If I were to just support updating the node version and node keys, I would need to somehow get the yarn version and yarn keys used to generate the old/current Dockerfile. I could parse these from the current Dockerfile. Another option might be storing some metadata (perhaps in a json) in some file about the keys and versions used to generate the current version of the Dockerfile.

Any advice or other strategies?

nschonni
nschonni reviewed Oct 16, 2020
View reviewed changes
Copy link
Member

@nschonninschonni left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, not a solution, but took a quick read down the files and commented where the start of the Yarn/Security-only bubbling would need to start

update.js
console.log(usage);
};

const runUpdate = async (updateAll) =>{
Copy link
Member

@nschonninschonniOct 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the Yarn part would be a separate parameter here, defaulting to true

updateLib.js
};

const updateDockerfiles = async (outdated) =>{
const yarnVersion = await fetchText(yarnVersionUrl);
Copy link
Member

@nschonninschonniOct 16, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think here, if it is a security update, it would read the existing Dockerfile, instead of doing the fetch

@yosifkit
Copy link
Contributor

yosifkit commented Oct 16, 2020

Another option might be storing some metadata (perhaps in a json)

We've actually started doing that in a few repos in https://github.com/docker-library like docker-library/php#1052 and it's been super helpful. (You definitely don't have to use our unique templating format). It has been helpful for us to split updating the json file (versions.sh) from applying that metadata to the Dockerfiles (apply-templates.sh). Parsing json is much easier that trying to parse a Dockerfile for the current/previous version of something 😉.

@ttshiversttshivers mentioned this pull request Oct 19, 2020
Open
@ttshivers
Copy link
MemberAuthor

ttshivers commented Nov 15, 2020

Coming back around to work on this. I think I'm going to try out the json metadata approach that yousifkit mentioned.

I know my current scripts lacked a security only mode, so I'm going to add that. I am trying to see if there is a good way to see if a given nodejs update is a security release or not.
So far, I think I might be able to look on the github nodejs page and see if the release has the text This is a security release.
Examples:

I don't see a good way of determining if a yarn release is a security update or not.

Base automatically changed from master to mainMarch 15, 2021 16:23
@SimenB
Copy link
Member

SimenB commented Mar 10, 2022

Might be a good idea to update this after #1646 lands

@SimenBSimenB mentioned this pull request Apr 7, 2022
Merged
@SimenB
Copy link
Member

SimenB commented May 15, 2022

@ttshivers hey, would you be up for continuing this? 🙂

@SimenBSimenB mentioned this pull request Feb 17, 2023
Closed
SimenB
SimenB reviewed Feb 17, 2023
View reviewed changes
updateLib.js
});

const fetchText = (url) => new Promise((resolve, reject) =>{
https.get(url, (res) =>{
Copy link
Member

@SimenBSimenBFeb 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we should use the builtin fetch

@SimenB
Copy link
Member

SimenB commented Feb 17, 2023

yarn v1 version (which is what we ship) will never change, so we can drop the -s flag entirely if it complicates things

Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nschonninschonninschonni left review comments

@SimenBSimenBSimenB approved these changes

@PeterDaveHelloPeterDaveHelloPeterDaveHello left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ttshivers@SimenB@nschonni@yosifkit@PeterDaveHello