diff --git a/packages/fileimport-service/Dockerfile b/packages/fileimport-service/Dockerfile index 6609b76d01..1be1b216c5 100644 --- a/packages/fileimport-service/Dockerfile +++ b/packages/fileimport-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -47,7 +47,7 @@ RUN apt-get update && \ COPY packages/fileimport-service/requirements.txt /speckle-server/ RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir --requirement /speckle-server/requirements.txt -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as dependency-stage # installing just the production dependencies # separate stage to avoid including development dependencies ARG NODE_ENV @@ -65,9 +65,9 @@ COPY packages/fileimport-service/package.json ./packages/fileimport-service/ WORKDIR /speckle-server/packages/fileimport-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as python-image +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:538f54b8d704c29137d337aeac1bfc874afd7db813b163b585366d57ec113e13 as python-image -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as distributable-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:6efe9d5ab80f3ee76b21c4e03488f25b7cf4990b2b74373bafefc19a2c897c11 as distributable-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend-2/Dockerfile b/packages/frontend-2/Dockerfile index c2540acd24..97afbbcb56 100644 --- a/packages/frontend-2/Dockerfile +++ b/packages/frontend-2/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as build-stage ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom @@ -34,7 +34,7 @@ ENV TINI_VERSION v0.19.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini RUN chmod +x /tini -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:6efe9d5ab80f3ee76b21c4e03488f25b7cf4990b2b74373bafefc19a2c897c11 as production-stage ARG NODE_ENV=production ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend/Dockerfile b/packages/frontend/Dockerfile index 11d8090440..94a059ee16 100644 --- a/packages/frontend/Dockerfile +++ b/packages/frontend/Dockerfile @@ -2,7 +2,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom # build stage -FROM node:18-bullseye-slim@sha256:a4edd54dcfdcacc8a4100fee71498e8671d99556a1acf5614539214a70092426 as build-stage +FROM node:18-bullseye-slim@sha256:e8c4596670fdb4f4b0ad11e2cdb58f9885d101436f1a8335a28fa223b7c5ed4a as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION diff --git a/packages/preview-service/Dockerfile b/packages/preview-service/Dockerfile index 1d20fb8a71..0783cb636a 100644 --- a/packages/preview-service/Dockerfile +++ b/packages/preview-service/Dockerfile @@ -1,7 +1,7 @@ # NOTE: Docker context should be set to git root directory, to include the viewer ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -36,7 +36,7 @@ COPY packages/preview-service ./packages/preview-service/ # This way the foreach only builds the frontend and its deps RUN yarn workspaces foreach run build -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as node +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as node RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ diff --git a/packages/server/Dockerfile b/packages/server/Dockerfile index 5798caf5be..47fc1a6bbd 100644 --- a/packages/server/Dockerfile +++ b/packages/server/Dockerfile @@ -1,7 +1,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION WORKDIR /speckle-server @@ -39,7 +39,7 @@ RUN yarn workspaces foreach run build # install only production dependencies # we need a clean environment, free of build dependencies -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as dependency-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION @@ -56,7 +56,7 @@ COPY packages/objectloader/package.json ./packages/objectloader/ WORKDIR /speckle-server/packages/server RUN yarn workspaces focus --production -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as production-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as production-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION ARG FILE_SIZE_LIMIT_MB=100 diff --git a/packages/webhook-service/Dockerfile b/packages/webhook-service/Dockerfile index dfd7fbdcde..5d85201ac2 100644 --- a/packages/webhook-service/Dockerfile +++ b/packages/webhook-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -32,7 +32,7 @@ ENV TINI_VERSION=${TINI_VERSION} ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini ./tini RUN chmod +x ./tini -FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage +FROM node:18-bookworm-slim@sha256:8b104331f4378f54127afffb8f872664e76addbad16cae4c40b13eeee90c03c3 as dependency-stage # yarn install ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -50,7 +50,7 @@ COPY packages/shared/package.json ./packages/shared/ WORKDIR /speckle-server/packages/webhook-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:6efe9d5ab80f3ee76b21c4e03488f25b7cf4990b2b74373bafefc19a2c897c11 as production-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/utils/docker-compose-ingress/Dockerfile b/utils/docker-compose-ingress/Dockerfile index 4db671d571..0ef068e7e8 100644 --- a/utils/docker-compose-ingress/Dockerfile +++ b/utils/docker-compose-ingress/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.25-bookworm@sha256:6db391d1c0cfb30588ba0bf72ea999404f2764febf0f1f196acd5867ac7efa7e +FROM nginx:1.25-bookworm@sha256:d2cb0992f098fb075674730da5e1c6cccdd4890516e448a1db96e0245c1b7fca ENV FILE_SIZE_LIMIT_MB=100 RUN mkdir -p /var/nginx diff --git a/utils/monitor-deployment/Dockerfile b/utils/monitor-deployment/Dockerfile index ab7336d014..3050beb58b 100644 --- a/utils/monitor-deployment/Dockerfile +++ b/utils/monitor-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS build-stage +FROM debian:12-slim@sha256:3d5df92588469a4c503adbead0e4129ef3f88e223954011c2169073897547cac AS build-stage WORKDIR /build @@ -19,7 +19,7 @@ RUN apt-get update && \ COPY utils/monitor-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:538f54b8d704c29137d337aeac1bfc874afd7db813b163b585366d57ec113e13 as production-stage ARG PG_CONNECTION_STRING ARG NODE_EXTRA_CA_CERTS ENV PG_CONNECTION_STRING=${PG_CONNECTION_STRING} \ diff --git a/utils/test-deployment/Dockerfile b/utils/test-deployment/Dockerfile index b004b7e36e..5afd060bf0 100644 --- a/utils/test-deployment/Dockerfile +++ b/utils/test-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS build-stage +FROM debian:12-slim@sha256:3d5df92588469a4c503adbead0e4129ef3f88e223954011c2169073897547cac AS build-stage WORKDIR /venv RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install \ @@ -9,7 +9,7 @@ RUN apt-get update && \ COPY utils/test-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:538f54b8d704c29137d337aeac1bfc874afd7db813b163b585366d57ec113e13 as production-stage ARG SPECKLE_SERVER ARG SPECKLE_VERSION ENV SPECKLE_SERVER=${SPECKLE_SERVER} \