diff --git a/packages/fileimport-service/Dockerfile b/packages/fileimport-service/Dockerfile index 9547d240ba..6609b76d01 100644 --- a/packages/fileimport-service/Dockerfile +++ b/packages/fileimport-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as build-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -47,7 +47,7 @@ RUN apt-get update && \ COPY packages/fileimport-service/requirements.txt /speckle-server/ RUN /venv/bin/pip install --disable-pip-version-check --no-cache-dir --requirement /speckle-server/requirements.txt -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as dependency-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage # installing just the production dependencies # separate stage to avoid including development dependencies ARG NODE_ENV @@ -65,9 +65,9 @@ COPY packages/fileimport-service/package.json ./packages/fileimport-service/ WORKDIR /speckle-server/packages/fileimport-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:02c3a74bee78c927ab39dd739f0e56e36675e6adc9032208abb7ed8b83067c74 as python-image +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as python-image -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:bcb984dfce67d301d391168ac0d35f5befe2c54cc93c730ed54a94c11f8bf30e as distributable-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as distributable-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend-2/Dockerfile b/packages/frontend-2/Dockerfile index 43da52086e..c2540acd24 100644 --- a/packages/frontend-2/Dockerfile +++ b/packages/frontend-2/Dockerfile @@ -1,4 +1,4 @@ -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as build-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom @@ -34,7 +34,7 @@ ENV TINI_VERSION v0.19.0 ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini RUN chmod +x /tini -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:bcb984dfce67d301d391168ac0d35f5befe2c54cc93c730ed54a94c11f8bf30e as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as production-stage ARG NODE_ENV=production ENV NODE_ENV=${NODE_ENV} diff --git a/packages/frontend/Dockerfile b/packages/frontend/Dockerfile index db6dac0c3b..11d8090440 100644 --- a/packages/frontend/Dockerfile +++ b/packages/frontend/Dockerfile @@ -2,7 +2,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom # build stage -FROM node:18-bullseye-slim@sha256:a5dfe4109a0169a9753d41a4591a5d6ce2146f1ef1107fc3da46c834b8453d01 as build-stage +FROM node:18-bullseye-slim@sha256:a4edd54dcfdcacc8a4100fee71498e8671d99556a1acf5614539214a70092426 as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION diff --git a/packages/preview-service/Dockerfile b/packages/preview-service/Dockerfile index c3fbd71f74..1d20fb8a71 100644 --- a/packages/preview-service/Dockerfile +++ b/packages/preview-service/Dockerfile @@ -1,7 +1,7 @@ # NOTE: Docker context should be set to git root directory, to include the viewer ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as build-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -36,7 +36,7 @@ COPY packages/preview-service ./packages/preview-service/ # This way the foreach only builds the frontend and its deps RUN yarn workspaces foreach run build -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as node +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as node RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install -y \ diff --git a/packages/server/Dockerfile b/packages/server/Dockerfile index ecfc270059..5798caf5be 100644 --- a/packages/server/Dockerfile +++ b/packages/server/Dockerfile @@ -1,7 +1,7 @@ ARG NODE_ENV=production ARG SPECKLE_SERVER_VERSION=custom -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as build-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION WORKDIR /speckle-server @@ -39,7 +39,7 @@ RUN yarn workspaces foreach run build # install only production dependencies # we need a clean environment, free of build dependencies -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as dependency-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION @@ -56,7 +56,7 @@ COPY packages/objectloader/package.json ./packages/objectloader/ WORKDIR /speckle-server/packages/server RUN yarn workspaces focus --production -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as production-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as production-stage ARG NODE_ENV ARG SPECKLE_SERVER_VERSION ARG FILE_SIZE_LIMIT_MB=100 diff --git a/packages/webhook-service/Dockerfile b/packages/webhook-service/Dockerfile index 73d2ca19c6..dfd7fbdcde 100644 --- a/packages/webhook-service/Dockerfile +++ b/packages/webhook-service/Dockerfile @@ -1,6 +1,6 @@ ARG NODE_ENV=production -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as build-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as build-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -32,7 +32,7 @@ ENV TINI_VERSION=${TINI_VERSION} ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini ./tini RUN chmod +x ./tini -FROM node:18-bookworm-slim@sha256:27c468a7089b35374ec79b2a49ae9911818e37665caffe4d4d531b74c78cfbe3 as dependency-stage +FROM node:18-bookworm-slim@sha256:246bf34b0c7cf8d9ff7cbe0c1ff44b178051f06c432c8e7df1645f1bd20b0352 as dependency-stage # yarn install ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} @@ -50,7 +50,7 @@ COPY packages/shared/package.json ./packages/shared/ WORKDIR /speckle-server/packages/webhook-service RUN yarn workspaces focus --production -FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:bcb984dfce67d301d391168ac0d35f5befe2c54cc93c730ed54a94c11f8bf30e as production-stage +FROM gcr.io/distroless/nodejs18-debian12:nonroot@sha256:00c21305bf7dacba81dbe9ae503ddfe34703a986a61246dacb198e425311cd84 as production-stage ARG NODE_ENV ENV NODE_ENV=${NODE_ENV} diff --git a/utils/docker-compose-ingress/Dockerfile b/utils/docker-compose-ingress/Dockerfile index e41377c734..4db671d571 100644 --- a/utils/docker-compose-ingress/Dockerfile +++ b/utils/docker-compose-ingress/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.25-bookworm@sha256:84c52dfd55c467e12ef85cad6a252c0990564f03c4850799bf41dd738738691f +FROM nginx:1.25-bookworm@sha256:6db391d1c0cfb30588ba0bf72ea999404f2764febf0f1f196acd5867ac7efa7e ENV FILE_SIZE_LIMIT_MB=100 RUN mkdir -p /var/nginx diff --git a/utils/monitor-deployment/Dockerfile b/utils/monitor-deployment/Dockerfile index f915f282dd..ab7336d014 100644 --- a/utils/monitor-deployment/Dockerfile +++ b/utils/monitor-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:7802002798b0e351323ed2357ae6dc5a8c4d0a05a57e7f4d8f97136151d3d603 AS build-stage +FROM debian:12-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS build-stage WORKDIR /build @@ -19,7 +19,7 @@ RUN apt-get update && \ COPY utils/monitor-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:02c3a74bee78c927ab39dd739f0e56e36675e6adc9032208abb7ed8b83067c74 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as production-stage ARG PG_CONNECTION_STRING ARG NODE_EXTRA_CA_CERTS ENV PG_CONNECTION_STRING=${PG_CONNECTION_STRING} \ diff --git a/utils/test-deployment/Dockerfile b/utils/test-deployment/Dockerfile index ab2333fbc3..b004b7e36e 100644 --- a/utils/test-deployment/Dockerfile +++ b/utils/test-deployment/Dockerfile @@ -1,4 +1,4 @@ -FROM debian:12-slim@sha256:7802002798b0e351323ed2357ae6dc5a8c4d0a05a57e7f4d8f97136151d3d603 AS build-stage +FROM debian:12-slim@sha256:ccb33c3ac5b02588fc1d9e4fc09b952e433d0c54d8618d0ee1afadf1f3cf2455 AS build-stage WORKDIR /venv RUN apt-get update && \ DEBIAN_FRONTEND=noninteractive apt-get install \ @@ -9,7 +9,7 @@ RUN apt-get update && \ COPY utils/test-deployment/requirements.txt /requirements.txt RUN /venv/bin/pip install --disable-pip-version-check --requirement /requirements.txt -FROM gcr.io/distroless/python3-debian12:nonroot@sha256:02c3a74bee78c927ab39dd739f0e56e36675e6adc9032208abb7ed8b83067c74 as production-stage +FROM gcr.io/distroless/python3-debian12:nonroot@sha256:95f5fa82f7cc7da0e133a8a895900447337ef0830870ad8387eb4c696be17057 as production-stage ARG SPECKLE_SERVER ARG SPECKLE_VERSION ENV SPECKLE_SERVER=${SPECKLE_SERVER} \