From 58224e691e156a385ef3f5caa53fc5ff53de916c Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 16 Mar 2024 15:00:57 +0100 Subject: [PATCH 01/22] Return to pushing OCI manifests, old JIB versions should be gone --- hooks/build | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hooks/build b/hooks/build index 57c7699..10630db 100755 --- a/hooks/build +++ b/hooks/build @@ -56,12 +56,14 @@ XTAG="" cat ./Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM \ + --output type=registry,oci-mediatypes=true \ -t yolean/docker-base -t ${PREFIX}yolean/docker-base:$SOURCE_COMMIT$XTAG - for CONTEXT in $MULTIARCH_NONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ + --output type=registry,oci-mediatypes=true \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done @@ -69,13 +71,13 @@ for CONTEXT in $MULTIARCH_TONONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=false \ + --output type=registry,oci-mediatypes=true \ -t yolean/$CONTEXT:root -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG-root ./$CONTEXT done for CONTEXT in $MULTIARCH_TONONROOT; do cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=false \ + --output type=registry,oci-mediatypes=true \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done From 92d6ee5b3c680dae5646653d49415261b27cb818 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 16 Mar 2024 15:04:01 +0100 Subject: [PATCH 02/22] reproducible builds with buildkit 0.13+, see Yolean/ystack#57 --- builder-base/Dockerfile | 2 +- hooks/build | 10 ++++++---- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/builder-base/Dockerfile b/builder-base/Dockerfile index c1639e1..676a497 100644 --- a/builder-base/Dockerfile +++ b/builder-base/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:1c49d6f0faa82e69d0028f53eecc2729e9517ff4@sha256:97b7645cb358198f3204516516b7e7ff19c00970c7ac00bb8f195897c10c8cac \ +FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:6e86744e00afe4bc1a51b10c14cc53c64028357d@sha256:a9d818b93c752936f841695210b6140345db564581288882bfcd3a1c1efc77e9 \ as base FROM base as nonroot diff --git a/hooks/build b/hooks/build index 10630db..e7d019a 100755 --- a/hooks/build +++ b/hooks/build @@ -54,16 +54,18 @@ XTAG="" [ -n "$NOPUSH" ] || BUILDX_PUSH="--push" +export SOURCE_DATE_EPOCH=0 + cat ./Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM \ - --output type=registry,oci-mediatypes=true \ + --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ -t yolean/docker-base -t ${PREFIX}yolean/docker-base:$SOURCE_COMMIT$XTAG - for CONTEXT in $MULTIARCH_NONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true \ + --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done @@ -71,13 +73,13 @@ for CONTEXT in $MULTIARCH_TONONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true \ + --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ -t yolean/$CONTEXT:root -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG-root ./$CONTEXT done for CONTEXT in $MULTIARCH_TONONROOT; do cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true \ + --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done From 3a774213010bd0228e2802f95d42a58067743aaf Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 16 Mar 2024 15:19:56 +0100 Subject: [PATCH 03/22] Go 1.21 has another kind of reproducibility --- builder-tooling/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-tooling/Dockerfile b/builder-tooling/Dockerfile index 8efda0a..18cae7d 100644 --- a/builder-tooling/Dockerfile +++ b/builder-tooling/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:d8c365d63879c2312e332cb796961f2695dd65124ceb3c0247d9c5426b7dde5f as golang +FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:05a9064db595ba2a6aa7c2d48d16ba5872c42583606741c750b0d895e9d0a09d as golang FROM --platform=$TARGETPLATFORM yolean/builder-base-gcc From 7d141dbfb31aaddbbc8bea1fd63e8d2c92814245 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 10:08:35 +0100 Subject: [PATCH 04/22] git-init now supports a workspace with an existing git clone --- git-init/git-init-tekton-compatible.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/git-init/git-init-tekton-compatible.sh b/git-init/git-init-tekton-compatible.sh index 90e8b82..7a07a9b 100755 --- a/git-init/git-init-tekton-compatible.sh +++ b/git-init/git-init-tekton-compatible.sh @@ -38,9 +38,10 @@ cd $CLONEPATH # https://github.com/tektoncd/pipeline/blob/v0.41.0/pkg/git/git.go#L94 git config --add --global safe.directory $CLONEPATH -git init - -git remote add origin $URL +[ -d "$CLONEPATH/.git" ] && git remote -v && git remote set-url origin $URL || { + git init + git remote add origin $URL +} # https://github.com/tektoncd/pipeline/blob/v0.41.0/pkg/git/git.go#L285 git config core.sparsecheckout true From b8923f445746219ac66f9116aa55cd0207a280c9 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 10:23:53 +0100 Subject: [PATCH 05/22] Current ystack-runner --- builder-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-base/Dockerfile b/builder-base/Dockerfile index 676a497..08fe1eb 100644 --- a/builder-base/Dockerfile +++ b/builder-base/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:6e86744e00afe4bc1a51b10c14cc53c64028357d@sha256:a9d818b93c752936f841695210b6140345db564581288882bfcd3a1c1efc77e9 \ +FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:77cfad85af86b5c0dc892c3e537cbee5e5d233d2@sha256:e4bc66d79bf3afe75a288a733fc0460b76670e971aeced6344c8e9d84603167b \ as base FROM base as nonroot From 7216b98919f4bd355c08a4d45632156b5c270724 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 10:26:25 +0100 Subject: [PATCH 06/22] current node20 distroless --- node-distroless/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node-distroless/Dockerfile b/node-distroless/Dockerfile index c4fa51e..2423cb6 100644 --- a/node-distroless/Dockerfile +++ b/node-distroless/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:269e058a0b80a1d8cf8d2586c4370c3de470034d4d22d83ae31da4451a6a3ff8 +FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:bcc0049f6ad4aaee0defae8247f14cf22b10218bbbd2724f25b165ece4248878 WORKDIR /app CMD [ "./main.js" ] From 7b664872b4ae7cfb878ded5c2aa92fe67e3d8a3a Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 16:02:04 +0100 Subject: [PATCH 07/22] Chrome 121.0.6167.184->123.0.6312.58 --- headless-chrome/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/headless-chrome/Dockerfile b/headless-chrome/Dockerfile index 0954d4d..197f9a7 100644 --- a/headless-chrome/Dockerfile +++ b/headless-chrome/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da ARG chrome_stage=stable -ARG chrome_build=121.0.6167.184-1 +ARG chrome_build=123.0.6312.58-1 ENV CHROME_VERSION="${chrome_stage}=${chrome_build}" From 8b63affa9f456e2df6163ec401de4cea86025b04 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 15:59:16 +0100 Subject: [PATCH 08/22] goes to latest from origin when reusing a git clone, like when it's fresh --- git-init/git-init-tekton-compatible.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git-init/git-init-tekton-compatible.sh b/git-init/git-init-tekton-compatible.sh index 7a07a9b..08b0137 100755 --- a/git-init/git-init-tekton-compatible.sh +++ b/git-init/git-init-tekton-compatible.sh @@ -55,4 +55,4 @@ until git fetch --depth=1 origin --update-head-ok --force $REVISION; do sleep $wait done -git checkout -f $REVISION +git checkout -f -B $REVISION origin/$REVISION From 02195902399ffec25ecd86286cf969b1db661f42 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sat, 23 Mar 2024 16:36:42 +0100 Subject: [PATCH 09/22] restores support for checkint out commit refs --- git-init/git-init-tekton-compatible.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/git-init/git-init-tekton-compatible.sh b/git-init/git-init-tekton-compatible.sh index 08b0137..8e1ec96 100755 --- a/git-init/git-init-tekton-compatible.sh +++ b/git-init/git-init-tekton-compatible.sh @@ -55,4 +55,6 @@ until git fetch --depth=1 origin --update-head-ok --force $REVISION; do sleep $wait done -git checkout -f -B $REVISION origin/$REVISION +git rev-parse --verify "$REVISION^{commit}" 2>/dev/null \ + && git checkout -f $REVISION \ + || git checkout -f -B $REVISION origin/$REVISION From b7ffe1b26d374ea79d40a85d66f819d51d75f64f Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sun, 24 Mar 2024 16:29:48 +0100 Subject: [PATCH 10/22] check instead if a ref is a remote branch, fall back to plan checkout --- git-init/git-init-tekton-compatible.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/git-init/git-init-tekton-compatible.sh b/git-init/git-init-tekton-compatible.sh index 8e1ec96..15e91b4 100755 --- a/git-init/git-init-tekton-compatible.sh +++ b/git-init/git-init-tekton-compatible.sh @@ -55,6 +55,6 @@ until git fetch --depth=1 origin --update-head-ok --force $REVISION; do sleep $wait done -git rev-parse --verify "$REVISION^{commit}" 2>/dev/null \ - && git checkout -f $REVISION \ - || git checkout -f -B $REVISION origin/$REVISION +git show-ref "origin/$REVISION" \ + && git checkout -f -B $REVISION origin/$REVISION \ + || git checkout -f $REVISION From dc23b003a94abc56987eaaa0cda08ced0e504b12 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Mon, 25 Mar 2024 16:37:24 +0100 Subject: [PATCH 11/22] timestamp-rewrite=true is now opt-in in y-build --- builder-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-base/Dockerfile b/builder-base/Dockerfile index 08fe1eb..be95421 100644 --- a/builder-base/Dockerfile +++ b/builder-base/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:77cfad85af86b5c0dc892c3e537cbee5e5d233d2@sha256:e4bc66d79bf3afe75a288a733fc0460b76670e971aeced6344c8e9d84603167b \ +FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:6aa2e2badb3ac3ce29adcaa28a67532bcba49e48@sha256:4ac4a43e79538baa7913a1e9b0d61b47f57b392be3dfa0913dc37d236897c5ea \ as base FROM base as nonroot From 8af248df0ffef7f271d3f188274a9a85086fc26f Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sun, 21 Apr 2024 09:02:36 +0200 Subject: [PATCH 12/22] watchexec on node 20.12 --- node-watchexec/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node-watchexec/Dockerfile b/node-watchexec/Dockerfile index 9067378..5ac40dd 100644 --- a/node-watchexec/Dockerfile +++ b/node-watchexec/Dockerfile @@ -1,3 +1,3 @@ # syntax=docker/dockerfile:1.4 -FROM --platform=$TARGETPLATFORM ghcr.io/turbokube/nodejs-watch:38f064020d1bafedf0e785bbadacdc78320b28c1@sha256:a57ed5b3331135c4b4e534d74b6d4ec959a6129a0c29c82eabee4bac6272dee7 +FROM --platform=$TARGETPLATFORM ghcr.io/turbokube/nodejs-watch:0d4a599ce05cb323db29ee2ee0e0fafa6d30b132@sha256:88b94fb1f71af1b6d1704d37cb04c7f522ea032bc9331cf4b0eb1f65842b7ee7 From 79640cbce0b1fe1b699493a11ad56db13a010bc0 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Sun, 21 Apr 2024 09:11:07 +0200 Subject: [PATCH 13/22] Current node distroless and chrome --- headless-chrome/Dockerfile | 2 +- node-distroless/Dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/headless-chrome/Dockerfile b/headless-chrome/Dockerfile index 197f9a7..f00624a 100644 --- a/headless-chrome/Dockerfile +++ b/headless-chrome/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da ARG chrome_stage=stable -ARG chrome_build=123.0.6312.58-1 +ARG chrome_build=124.0.6367.60-1 ENV CHROME_VERSION="${chrome_stage}=${chrome_build}" diff --git a/node-distroless/Dockerfile b/node-distroless/Dockerfile index 2423cb6..6192840 100644 --- a/node-distroless/Dockerfile +++ b/node-distroless/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:bcc0049f6ad4aaee0defae8247f14cf22b10218bbbd2724f25b165ece4248878 +FROM --platform=$TARGETPLATFORM gcr.io/distroless/nodejs20-debian12:nonroot@sha256:370f5779aa7dbe05b46741f2b1e5ff4bc760734b74c7df1c93eaf790d8bd51d4 WORKDIR /app CMD [ "./main.js" ] From 1bb9cafb3961f3573ba132fcb4c6395c089ce84f Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 26 Apr 2024 07:27:42 +0200 Subject: [PATCH 14/22] current ystack-runner upgrades ubuntu from 22.04 to 24.04 --- Dockerfile | 2 +- builder-base/Dockerfile | 2 +- git/Dockerfile | 2 +- headless-chrome/Dockerfile | 2 +- node/Dockerfile | 2 +- runtime-quarkus-ubuntu/Dockerfile | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 685e0eb..5883e20 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1 @@ -FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da +FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 diff --git a/builder-base/Dockerfile b/builder-base/Dockerfile index be95421..c3e7dcf 100644 --- a/builder-base/Dockerfile +++ b/builder-base/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:6aa2e2badb3ac3ce29adcaa28a67532bcba49e48@sha256:4ac4a43e79538baa7913a1e9b0d61b47f57b392be3dfa0913dc37d236897c5ea \ +FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:4fc0c6080b0caedec089420a6bc84fe163338857@sha256:b6885a0dc9c9dd9d8c99b55fca9193c8fa2016697e8b2c980bb36979141536d9 \ as base FROM base as nonroot diff --git a/git/Dockerfile b/git/Dockerfile index 3798329..7cc57b3 100644 --- a/git/Dockerfile +++ b/git/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da +FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 RUN groupadd --gid 1000 git \ && useradd --uid 1000 --gid git --shell /bin/bash --create-home git diff --git a/headless-chrome/Dockerfile b/headless-chrome/Dockerfile index f00624a..ac3ac67 100644 --- a/headless-chrome/Dockerfile +++ b/headless-chrome/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da +FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 ARG chrome_stage=stable ARG chrome_build=124.0.6367.60-1 diff --git a/node/Dockerfile b/node/Dockerfile index bb77221..31cd27e 100644 --- a/node/Dockerfile +++ b/node/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM node:20.11.1-bookworm-slim@sha256:474988d2fa8ad6321db19dc941af70202b163fca06a6b4e7f56067eda0c72eb9 +FROM --platform=$TARGETPLATFORM node:20.12.2-bookworm-slim@sha256:72f2f046a5f8468db28730b990b37de63ce93fd1a72a40f531d6aa82afdf0d46 RUN runtimeDeps='procps git curl ca-certificates' \ && set -ex \ diff --git a/runtime-quarkus-ubuntu/Dockerfile b/runtime-quarkus-ubuntu/Dockerfile index b775bbe..e3318d2 100644 --- a/runtime-quarkus-ubuntu/Dockerfile +++ b/runtime-quarkus-ubuntu/Dockerfile @@ -1,5 +1,5 @@ # ystack/runner -FROM --platform=$TARGETPLATFORM ubuntu:22.04@sha256:f9d633ff6640178c2d0525017174a688e2c1aef28f0a0130b26bd5554491f0da +FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 RUN set -ex; \ export DEBIAN_FRONTEND=noninteractive; \ From fc8c65b9f6c1455a968aa29153d238928aa7b320 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 26 Apr 2024 07:28:46 +0200 Subject: [PATCH 15/22] current golang --- builder-tooling/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-tooling/Dockerfile b/builder-tooling/Dockerfile index 18cae7d..5b4c279 100644 --- a/builder-tooling/Dockerfile +++ b/builder-tooling/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:05a9064db595ba2a6aa7c2d48d16ba5872c42583606741c750b0d895e9d0a09d as golang +FROM --platform=$TARGETPLATFORM golang:1.21-bookworm@sha256:9070cb6a424004bb46987bfee510666a362d6a332a6949b33b2b644a0e21d196 as golang FROM --platform=$TARGETPLATFORM yolean/builder-base-gcc From 4ce386ee90918c26ba07f100db9ca7a39f2076fb Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 15 May 2024 16:50:28 +0200 Subject: [PATCH 16/22] Mandrel JDK 21 23.1.2.0->23.1.3.1 --- builder-quarkus/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-quarkus/Dockerfile b/builder-quarkus/Dockerfile index 2d1bdbe..32ef159 100644 --- a/builder-quarkus/Dockerfile +++ b/builder-quarkus/Dockerfile @@ -3,7 +3,7 @@ FROM --platform=$TARGETPLATFORM maven:3.9.6-eclipse-temurin-21@sha256:a7fc7af5e9 FROM --platform=$TARGETPLATFORM yolean/builder-base as mandrel ARG TARGETARCH ARG JAVA_VERSION=java21 -ARG MANDREL_VERSION=23.1.2.0-Final +ARG MANDREL_VERSION=23.1.3.1-Final RUN set -ex; \ ARCH=$TARGETARCH; \ From f0449b620f30933b6523d6d1f216e7fc2872d7bc Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 15 May 2024 17:16:47 +0200 Subject: [PATCH 17/22] current ystack runner, nodejs 20.12.2->20.13.1 --- Dockerfile | 2 +- builder-base/Dockerfile | 2 +- node/Dockerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5883e20..3c63a27 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1 +1 @@ -FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 +FROM --platform=$TARGETPLATFORM ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 diff --git a/builder-base/Dockerfile b/builder-base/Dockerfile index c3e7dcf..a50467b 100644 --- a/builder-base/Dockerfile +++ b/builder-base/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:4fc0c6080b0caedec089420a6bc84fe163338857@sha256:b6885a0dc9c9dd9d8c99b55fca9193c8fa2016697e8b2c980bb36979141536d9 \ +FROM --platform=$TARGETPLATFORM docker.io/yolean/ystack-runner:46632661e365442a1188f726a72d6843ef5b4ba8@sha256:c4905ec3bff2dc6dac80b592494821d962fe1e48e0dfba8ef48005c20664dd04 \ as base FROM base as nonroot diff --git a/node/Dockerfile b/node/Dockerfile index 31cd27e..a98af57 100644 --- a/node/Dockerfile +++ b/node/Dockerfile @@ -1,4 +1,4 @@ -FROM --platform=$TARGETPLATFORM node:20.12.2-bookworm-slim@sha256:72f2f046a5f8468db28730b990b37de63ce93fd1a72a40f531d6aa82afdf0d46 +FROM --platform=$TARGETPLATFORM node:20.13.1-bookworm-slim@sha256:cffed8cd39d6a380434e6d08116d188c53e70611175cd5ec7700f93f32a935a6 RUN runtimeDeps='procps git curl ca-certificates' \ && set -ex \ From 58127094bf11f48d7b5b079af79f1917a4b4b6b0 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 15 May 2024 17:18:58 +0200 Subject: [PATCH 18/22] current chrome headless, 124.0.6367.207-1 --- headless-chrome/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/headless-chrome/Dockerfile b/headless-chrome/Dockerfile index ac3ac67..d1c715b 100644 --- a/headless-chrome/Dockerfile +++ b/headless-chrome/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:24.04@sha256:562456a05a0dbd62a671c1854868862a4687bf979a96d48ae8e766642cd911e8 ARG chrome_stage=stable -ARG chrome_build=124.0.6367.60-1 +ARG chrome_build=124.0.6367.207-1 ENV CHROME_VERSION="${chrome_stage}=${chrome_build}" From 90eb927ac2b7d2572e4b4c5797bb29667dfa8592 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Wed, 15 May 2024 17:28:53 +0200 Subject: [PATCH 19/22] fixes a strange untar error with man subdir missing --- builder-quarkus/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder-quarkus/Dockerfile b/builder-quarkus/Dockerfile index 32ef159..76b3123 100644 --- a/builder-quarkus/Dockerfile +++ b/builder-quarkus/Dockerfile @@ -16,7 +16,7 @@ RUN set -ex; \ curl -o $MANDREL_DIST -sLSf $MANDREL_DIST_URL; \ echo "$MANDREL_DIST_SHA256" | sha256sum -c -; \ mkdir ./mandrel; \ - cat $MANDREL_DIST | tar xzf - --strip-components=1 -C ./mandrel + tar xzf $MANDREL_DIST --strip-components=1 -C ./mandrel RUN rm -v /home/nonroot/mandrel/lib/src.zip From 0598216fa32a5903b9ace9c6db98776cfb64a735 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 23 May 2024 14:23:24 +0200 Subject: [PATCH 20/22] reuses a single outputs string --- hooks/build | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/hooks/build b/hooks/build index e7d019a..ee3a8a9 100755 --- a/hooks/build +++ b/hooks/build @@ -55,31 +55,28 @@ XTAG="" [ -n "$NOPUSH" ] || BUILDX_PUSH="--push" export SOURCE_DATE_EPOCH=0 +OUTPUT="type=registry,oci-mediatypes=true,rewrite-timestamp=true" cat ./Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM \ - --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ + docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM --output "$OUTPUT" \ -t yolean/docker-base -t ${PREFIX}yolean/docker-base:$SOURCE_COMMIT$XTAG - for CONTEXT in $MULTIARCH_NONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ + docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done for CONTEXT in $MULTIARCH_TONONROOT; do ! (grep -r FROM ./$CONTEXT | grep -v 'FROM --platform=') cat ./$CONTEXT/Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ + docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ -t yolean/$CONTEXT:root -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG-root ./$CONTEXT done for CONTEXT in $MULTIARCH_TONONROOT; do cat ./$CONTEXT/Dockerfile ./nonroot-footer.Dockerfile | \ - docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - \ - --output type=registry,oci-mediatypes=true,rewrite-timestamp=true \ + docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM -f - --output "$OUTPUT" \ -t yolean/$CONTEXT -t ${PREFIX}yolean/$CONTEXT:$SOURCE_COMMIT$XTAG ./$CONTEXT done From 596dea6bcc43cc77c5bf8ba3ed700bd86411977b Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 23 May 2024 14:24:34 +0200 Subject: [PATCH 21/22] Still getting: exporter option "rewrite-timestamp" conflicts with "unpack" --- hooks/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/build b/hooks/build index ee3a8a9..f269008 100755 --- a/hooks/build +++ b/hooks/build @@ -55,7 +55,7 @@ XTAG="" [ -n "$NOPUSH" ] || BUILDX_PUSH="--push" export SOURCE_DATE_EPOCH=0 -OUTPUT="type=registry,oci-mediatypes=true,rewrite-timestamp=true" +OUTPUT="type=registry,oci-mediatypes=true,rewrite-timestamp=true,unpack=false" cat ./Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM --output "$OUTPUT" \ From c0f9f9008b3abaac942df7bbb66571c76a6ba605 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Thu, 23 May 2024 14:25:42 +0200 Subject: [PATCH 22/22] verdict: rewrite-timestamp=true is still too undocumented for us --- hooks/build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hooks/build b/hooks/build index f269008..f354c0e 100755 --- a/hooks/build +++ b/hooks/build @@ -55,7 +55,7 @@ XTAG="" [ -n "$NOPUSH" ] || BUILDX_PUSH="--push" export SOURCE_DATE_EPOCH=0 -OUTPUT="type=registry,oci-mediatypes=true,rewrite-timestamp=true,unpack=false" +OUTPUT="type=registry,oci-mediatypes=true" cat ./Dockerfile | \ docker buildx build $BUILDX_PUSH --progress=plain $PLATFORM --output "$OUTPUT" \