From d5e9215a067ad921dab856ef11f3f029e30d30b4 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Thu, 29 Aug 2024 07:59:19 +0200 Subject: [PATCH 01/15] Squash commits --- .github/workflows/build-test-windows.yml | 113 +++++++++++++++++++++++ 22/windows-2019/Dockerfile | 62 +++++++++++++ 22/windows-2019/docker-entrypoint.ps1 | 16 ++++ 22/windows-2022/Dockerfile | 62 +++++++++++++ 22/windows-2022/docker-entrypoint.ps1 | 16 ++++ Dockerfile-windows.template | 51 ++++++++++ architectures | 4 +- docker-entrypoint.ps1 | 16 ++++ functions.sh | 10 ++ genMatrix.js | 13 ++- update.sh | 62 ++++++++++--- 11 files changed, 405 insertions(+), 20 deletions(-) create mode 100644 .github/workflows/build-test-windows.yml create mode 100644 22/windows-2019/Dockerfile create mode 100644 22/windows-2019/docker-entrypoint.ps1 create mode 100644 22/windows-2022/Dockerfile create mode 100644 22/windows-2022/docker-entrypoint.ps1 create mode 100644 Dockerfile-windows.template create mode 100644 docker-entrypoint.ps1 diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml new file mode 100644 index 000000000..b0d23dbbb --- /dev/null +++ b/.github/workflows/build-test-windows.yml @@ -0,0 +1,113 @@ +name: build-test-windows + +on: + push: + paths: + - "**/windows-2019/**" + - "**/windows-2022/**" + - ".github/workflows/build-test-windows.yml" + + pull_request: + paths: + - "**/windows-2019/**" + - "**/windows-2022/**" + - ".github/workflows/build-test-windows.yml" + +jobs: + build-windows-2019: + name: build-windows-2019 + runs-on: windows-2019 + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + version: [ 22.7.0 ] + variant: [ "windows-2019" ] + + steps: + - name: Get short node version + uses: actions/github-script@v7 + id: short-version + with: + result-encoding: string + script: return "${{ matrix.version }}".split('.')[0] + + - name: Checkout + uses: actions/checkout@v4 + + # We cannot use docker/build-push-action here because it requires buildx, which is not available on Windows + - name: Build image + run: | + docker build --tag node:${{ matrix.version }}-${{ matrix.variant }} ./${{ steps.short-version.outputs.result }}/${{ matrix.variant }} + + - name: Test for node version + shell: pwsh + run: | + $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() + Write-Host "Expected: '${{ matrix.version }}', Got: '$image_node_version'" + if ($image_node_version -ne "${{ matrix.version }}") { + exit 1 + } + + - name: Verify entrypoint runs regular, non-executable files with node + shell: pwsh + run: | + $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" + $tmp_file = Join-Path $tempDir "index.js" + "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 + $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) + if ($output -ne 'success') { + Write-Host "Invalid" + } + + - name: Test for npm + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + + build-windows-2022: + name: build-windows-2022 + runs-on: windows-2022 + timeout-minutes: 60 + strategy: + fail-fast: false + matrix: + version: [ "22.7.0" ] + variant: [ "windows-2022" ] + + steps: + - name: Get short node version + uses: actions/github-script@v7 + id: short-version + with: + result-encoding: string + script: return "${{ matrix.version }}".split('.')[0] + + - name: Checkout + uses: actions/checkout@v4 + + # We cannot use docker/build-push-action here because it requires buildx, which is not available on Windows + - name: Build image + run: | + docker build --tag node:${{ matrix.version }}-${{ matrix.variant }} ./${{ steps.short-version.outputs.result }}/${{ matrix.variant }} + + - name: Test for node version + shell: pwsh + run: | + $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() + Write-Host "Expected: '${{ matrix.version }}', Got: '$image_node_version'" + if ($image_node_version -ne "${{ matrix.version }}") { + exit 1 + } + + - name: Verify entrypoint runs regular, non-executable files with node + shell: pwsh + run: | + $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" + $tmp_file = Join-Path $tempDir "index.js" + "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 + $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) + if ($output -ne 'success') { + Write-Host "Invalid" + } + + - name: Test for npm + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version \ No newline at end of file diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile new file mode 100644 index 000000000..ac88ae888 --- /dev/null +++ b/22/windows-2019/Dockerfile @@ -0,0 +1,62 @@ +FROM mcr.microsoft.com/windows/servercore:ltsc2019 as installer + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +# PATH isn't actually set in the Docker image, so we have to set it from within the container +RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) +# doing this first to share cache across versions more aggressively + +ENV NODE_VERSION 22.7.0 +ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7 + +ENV GPG_VERSION 2.4.5_20240307 + +RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; + +RUN @( \ + '4ED778F539E3634C779C87C6D7062848A1AB005C', \ + '141F07595B7B3FFE74309A937405533BE57C7D57', \ + '74F12602B6F1C4E913FAA37AD3A89613643B6201', \ + 'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \ + '61FC681DFB92A079F1685E77973F295594EC4689', \ + '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \ + 'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \ + '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \ + 'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \ + '108F52B48DB57BB0CC439B2997B01419BD92F80A', \ + 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ + 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ + ) | foreach { \ + gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + } ; \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ + gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ + $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + Expand-Archive node.zip -DestinationPath C:\ ; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' + +FROM mcr.microsoft.com/windows/servercore:ltsc2019 as runner + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + +COPY --from=installer C:/nodejs C:/nodejs + +COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + +# Smoke test +RUN node --version; \ + npm --version; + +CMD [ "node.exe" ] \ No newline at end of file diff --git a/22/windows-2019/docker-entrypoint.ps1 b/22/windows-2019/docker-entrypoint.ps1 new file mode 100644 index 000000000..87cbc8b77 --- /dev/null +++ b/22/windows-2019/docker-entrypoint.ps1 @@ -0,0 +1,16 @@ +# Ensure script stops on any error +$ErrorActionPreference = 'Stop' + +# Check if the first argument: +# 1. Contains a "-" +# 2. Is NOT a recognized command +# 3. Is a file that's NOT executable +if (($args[0] -like '*-') -or + (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + # Prepend 'node' to the argument list + $args = @('node') + $args +} + +# Execute the (potentially modified) command +& $args[0] $args[1..($args.Length-1)] \ No newline at end of file diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile new file mode 100644 index 000000000..380f332b2 --- /dev/null +++ b/22/windows-2022/Dockerfile @@ -0,0 +1,62 @@ +FROM mcr.microsoft.com/windows/servercore:ltsc2022 as installer + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +# PATH isn't actually set in the Docker image, so we have to set it from within the container +RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) +# doing this first to share cache across versions more aggressively + +ENV NODE_VERSION 22.7.0 +ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7 + +ENV GPG_VERSION 2.4.5_20240307 + +RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; + +RUN @( \ + '4ED778F539E3634C779C87C6D7062848A1AB005C', \ + '141F07595B7B3FFE74309A937405533BE57C7D57', \ + '74F12602B6F1C4E913FAA37AD3A89613643B6201', \ + 'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \ + '61FC681DFB92A079F1685E77973F295594EC4689', \ + '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \ + 'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \ + '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \ + 'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \ + '108F52B48DB57BB0CC439B2997B01419BD92F80A', \ + 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ + 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ + ) | foreach { \ + gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + } ; \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ + gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ + $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + Expand-Archive node.zip -DestinationPath C:\ ; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' + +FROM mcr.microsoft.com/windows/servercore:ltsc2022 as runner + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + +COPY --from=installer C:/nodejs C:/nodejs + +COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + +# Smoke test +RUN node --version; \ + npm --version; + +CMD [ "node.exe" ] \ No newline at end of file diff --git a/22/windows-2022/docker-entrypoint.ps1 b/22/windows-2022/docker-entrypoint.ps1 new file mode 100644 index 000000000..87cbc8b77 --- /dev/null +++ b/22/windows-2022/docker-entrypoint.ps1 @@ -0,0 +1,16 @@ +# Ensure script stops on any error +$ErrorActionPreference = 'Stop' + +# Check if the first argument: +# 1. Contains a "-" +# 2. Is NOT a recognized command +# 3. Is a file that's NOT executable +if (($args[0] -like '*-') -or + (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + # Prepend 'node' to the argument list + $args = @('node') + $args +} + +# Execute the (potentially modified) command +& $args[0] $args[1..($args.Length-1)] \ No newline at end of file diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template new file mode 100644 index 000000000..1dc92248b --- /dev/null +++ b/Dockerfile-windows.template @@ -0,0 +1,51 @@ +FROM mcr.microsoft.com/windows/servercore:version as installer + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +# PATH isn't actually set in the Docker image, so we have to set it from within the container +RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) +# doing this first to share cache across versions more aggressively + +ENV NODE_VERSION 0.0.0 +ENV NODE_CHECKSUM CHECKSUM_x64 + +ENV GPG_VERSION 2.4.5_20240307 + +RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; + +RUN @( \ + "${NODE_KEYS[@]}" + ) | foreach { \ + gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + } ; \ + [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ + gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ + Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ + $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + Expand-Archive node.zip -DestinationPath C:\ ; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' + +FROM mcr.microsoft.com/windows/servercore:version as runner + +SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] + +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + +COPY --from=installer C:/nodejs C:/nodejs + +COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + +# Smoke test +RUN node --version; \ + npm --version; + +CMD [ "node.exe" ] \ No newline at end of file diff --git a/architectures b/architectures index 1cb4bf352..ad889beb8 100644 --- a/architectures +++ b/architectures @@ -1,8 +1,8 @@ bashbrew-arch variants -amd64 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim +amd64 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim,windows-2019,windows-2022 arm32v6 alpine3.19,alpine3.20 arm32v7 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim arm64v8 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim i386 alpine3.19,alpine3.20 ppc64le alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim -s390x alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim +s390x alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim \ No newline at end of file diff --git a/docker-entrypoint.ps1 b/docker-entrypoint.ps1 new file mode 100644 index 000000000..87cbc8b77 --- /dev/null +++ b/docker-entrypoint.ps1 @@ -0,0 +1,16 @@ +# Ensure script stops on any error +$ErrorActionPreference = 'Stop' + +# Check if the first argument: +# 1. Contains a "-" +# 2. Is NOT a recognized command +# 3. Is a file that's NOT executable +if (($args[0] -like '*-') -or + (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + # Prepend 'node' to the argument list + $args = @('node') + $args +} + +# Execute the (potentially modified) command +& $args[0] $args[1..($args.Length-1)] \ No newline at end of file diff --git a/functions.sh b/functions.sh index bee3dafe0..c2e861b20 100755 --- a/functions.sh +++ b/functions.sh @@ -193,6 +193,16 @@ function is_debian_slim() { return 1 } +function is_windows() { + local variant + variant=$1 + shift + + if [ "${variant}" = "${variant#windows}" ]; then + return 1 + fi +} + function get_fork_name() { local version version=$1 diff --git a/genMatrix.js b/genMatrix.js index 9f57ea509..fd90954ac 100644 --- a/genMatrix.js +++ b/genMatrix.js @@ -8,23 +8,25 @@ const testFiles = [ ]; const nodeDirRegex = /^\d+$/; +// Directories starting with 'windows-' are excluded from the matrix windows-2019 are excluded for example +const windowsDirRegex = /^windows-/; const areTestFilesChanged = (changedFiles) => changedFiles .some((file) => testFiles.includes(file)); -// Returns a list of the child directories in the given path +// Returns a list of the child directories in the given path, excluding those starting with 'windows-' const getChildDirectories = (parent) => fs.readdirSync(parent, { withFileTypes: true }) - .filter((dirent) => dirent.isDirectory()) + .filter((directory) => directory.isDirectory()) .map(({ name }) => path.resolve(parent, name)); -const getNodeVerionDirs = (base) => getChildDirectories(base) +const getNodeVersionDirs = (base) => getChildDirectories(base) .filter((childPath) => nodeDirRegex.test(path.basename(childPath))); // Returns the paths of Dockerfiles that are at: base/*/Dockerfile const getDockerfilesInChildDirs = (base) => getChildDirectories(base) .map((childDir) => path.resolve(childDir, 'Dockerfile')); -const getAllDockerfiles = (base) => getNodeVerionDirs(base).flatMap(getDockerfilesInChildDirs); +const getAllDockerfiles = (base) => getNodeVersionDirs(base).flatMap(getDockerfilesInChildDirs); const getAffectedDockerfiles = (filesAdded, filesModified, filesRenamed) => { const files = [ @@ -69,7 +71,8 @@ const getDockerfileMatrixEntry = (file) => { const generateBuildMatrix = (filesAdded, filesModified, filesRenamed) => { const dockerfiles = [...new Set(getAffectedDockerfiles(filesAdded, filesModified, filesRenamed))]; - const entries = dockerfiles.map(getDockerfileMatrixEntry); + let entries = dockerfiles.map(getDockerfileMatrixEntry); + entries = entries.filter((entry) => !windowsDirRegex.test(entry.variant)); // Return null if there are no entries so we can skip the matrix step return entries.length diff --git a/update.sh b/update.sh index 0b6aaf69d..aba1caa73 100755 --- a/update.sh +++ b/update.sh @@ -5,22 +5,24 @@ set -ue function usage() { cat << EOF - Update the node docker images. + Update the node Docker images. Usage: - $0 [-s] [MAJOR_VERSION(S)] [VARIANT(S)] + $0 [-s] [-w] [MAJOR_VERSION(S)] [VARIANT(S)] Examples: - - update.sh # Update all images - - update.sh -s # Update all images, skip updating Alpine and Yarn - - update.sh 8,10 # Update all variants of version 8 and 10 - - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn - - update.sh 8 alpine # Update only alpine's variants for version 8 - - update.sh -s 8 bullseye # Update only bullseye variant for version 8, skip updating Alpine and Yarn - - update.sh . alpine # Update the alpine variant for all versions + - update.sh # Update all images + - update.sh -s # Update all images, skip updating Alpine and Yarn + - update.sh -w # Update only Windows images + - update.sh 8,10 # Update all variants of version 8 and 10 + - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn + - update.sh 8 alpine # Update only Alpine variants for version 8 + - update.sh -w 8 windows-2022 # Update only Windows 2022 variant for version 8 + - update.sh . alpine # Update the Alpine variant for all versions OPTIONS: - -s Security update; skip updating the yarn and alpine versions. + -s Security update; skip updating the Yarn and Alpine versions. + -w Windows images update only -b CI config update only -h Show this message @@ -28,12 +30,17 @@ EOF } SKIP=false -while getopts "sh" opt; do +WINDOWS_ONLY=false +while getopts "swh" opt; do case "${opt}" in s) SKIP=true shift ;; + w) + WINDOWS_ONLY=true + shift + ;; h) usage exit @@ -144,9 +151,18 @@ function update_node_version() { # Add GPG keys for key_type in "node" "yarn"; do + last_line=$(tail -n 1 "keys/${key_type}.keys") while read -r line; do pattern='"\$\{'$(echo "${key_type}" | tr '[:lower:]' '[:upper:]')'_KEYS\[@\]\}"' - sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp" + if is_windows "${variant}"; then + if [ "$line" = "$last_line" ]; then # Check if it's the last key + sed -Ei -e "s/([ \\t]*)(${pattern})/\\1'${line}'${new_line}\\1\\2/" "${dockerfile}-tmp" + else + sed -Ei -e "s/([ \\t]*)(${pattern})/\\1'${line}',${new_line}\\1\\2/" "${dockerfile}-tmp" + fi + else + sed -Ei -e "s/([ \\t]*)(${pattern})/\\1${line}${new_line}\\1\\2/" "${dockerfile}-tmp" + fi done < "keys/${key_type}.keys" sed -Ei -e "/${pattern}/d" "${dockerfile}-tmp" done @@ -167,6 +183,18 @@ function update_node_version() { sed -Ei -e "s/(buildpack-deps:)name/\\1${variant}/" "${dockerfile}-tmp" elif is_debian_slim "${variant}"; then sed -Ei -e "s/(debian:)name-slim/\\1${variant}/" "${dockerfile}-tmp" + elif is_windows "${variant}"; then + windows_version="${variant#*windows-}" + checksum=$( + curl -sSL --compressed "https://nodejs.org/dist/v${nodeVersion}/SHASUMS256.txt" | grep "node-v${nodeVersion}-win-x64.zip" | cut -d' ' -f1 + ) + if [ -z "$checksum" ]; then + rm -f "${dockerfile}-tmp" + fatal "Failed to fetch checksum for version ${nodeVersion}" + fi + sed -Ei -e "s/mcr\.microsoft\.com\/windows\/servercore:version/mcr\.microsoft\.com\/windows\/servercore:ltsc${windows_version}/" "${dockerfile}-tmp" + sed -Ei -e "s/mcr\.microsoft\.com\/windows\/nanoserver:version/mcr\.microsoft\.com\/windows\/nanoserver:ltsc${windows_version}/" "${dockerfile}-tmp" + sed -Ei -e 's/^(ENV NODE_CHECKSUM ).*/\1'"${checksum}"'/' "${dockerfile}-tmp" fi if diff -q "${dockerfile}-tmp" "${dockerfile}" > /dev/null; then @@ -223,9 +251,17 @@ for version in "${versions[@]}"; do template_file="${parentpath}/Dockerfile-slim.template" elif is_alpine "${variant}"; then template_file="${parentpath}/Dockerfile-alpine.template" + elif is_windows "${variant}"; then + template_file="${parentpath}/Dockerfile-windows.template" + fi + + # Copy .sh only if not is_windows + if ! is_windows "${variant}"; then + cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" + elif is_windows "${variant}"; then + cp "${parentpath}/docker-entrypoint.ps1" "${version}/${variant}/docker-entrypoint.ps1" fi - cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" if [ "${update_version}" -eq 0 ] && [ "${update_variant}" -eq 0 ]; then update_node_version "${baseuri}" "${versionnum}" "${template_file}" "${version}/${variant}/Dockerfile" "${variant}" & pids+=($!) From c77f154b152d2eaaa57a83cd77fe5da952015c60 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Wed, 4 Sep 2024 10:54:10 +0200 Subject: [PATCH 02/15] Add Official Support for Windows Docker Images --- 22/windows-2019/Dockerfile | 13 ++++++++----- 22/windows-2022/Dockerfile | 13 ++++++++----- Dockerfile-windows.template | 9 ++++++--- 3 files changed, 22 insertions(+), 13 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index ac88ae888..c8abd53b9 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -8,12 +8,15 @@ RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively -ENV NODE_VERSION 22.7.0 -ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7 +ENV NODE_VERSION 22.8.0 +ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 -ENV GPG_VERSION 2.4.5_20240307 +# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +ENV GPG_VERSION 2.5.0_20240705 +ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; @@ -58,5 +61,5 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ npm --version; - -CMD [ "node.exe" ] \ No newline at end of file + +CMD [ "node.exe" ] diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index 380f332b2..6c3c5864f 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -8,12 +8,15 @@ RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively -ENV NODE_VERSION 22.7.0 -ENV NODE_CHECKSUM 3fc638727974262b4f65a6b1b43c22fb2d80671cdcb50e1237e0b05d1330aaf7 +ENV NODE_VERSION 22.8.0 +ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 -ENV GPG_VERSION 2.4.5_20240307 +# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +ENV GPG_VERSION 2.5.0_20240705 +ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; @@ -58,5 +61,5 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ npm --version; - -CMD [ "node.exe" ] \ No newline at end of file + +CMD [ "node.exe" ] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 1dc92248b..7dda39526 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -11,9 +11,12 @@ RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ ENV NODE_VERSION 0.0.0 ENV NODE_CHECKSUM CHECKSUM_x64 -ENV GPG_VERSION 2.4.5_20240307 +# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +ENV GPG_VERSION 2.5.0_20240705 +ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; @@ -47,5 +50,5 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ npm --version; - -CMD [ "node.exe" ] \ No newline at end of file + +CMD [ "node.exe" ] From 880fca831dd4c99f43192270b5c9b131855dc427 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Wed, 4 Sep 2024 13:51:20 +0200 Subject: [PATCH 03/15] Add fallback to gpg --- .github/workflows/build-test-windows.yml | 28 ++++++++++++------------ 22/windows-2019/Dockerfile | 5 ++++- 22/windows-2022/Dockerfile | 5 ++++- Dockerfile-windows.template | 5 ++++- 4 files changed, 26 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index b0d23dbbb..8d691d1c6 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -20,8 +20,8 @@ jobs: timeout-minutes: 60 strategy: fail-fast: false - matrix: - version: [ 22.7.0 ] + matrix: + version: [ "22.8.0" ] variant: [ "windows-2019" ] steps: @@ -43,23 +43,23 @@ jobs: - name: Test for node version shell: pwsh run: | - $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() + $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() Write-Host "Expected: '${{ matrix.version }}', Got: '$image_node_version'" if ($image_node_version -ne "${{ matrix.version }}") { - exit 1 + exit 1 } - + - name: Verify entrypoint runs regular, non-executable files with node shell: pwsh run: | - $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" + $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" $tmp_file = Join-Path $tempDir "index.js" "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) if ($output -ne 'success') { Write-Host "Invalid" } - + - name: Test for npm run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version @@ -69,8 +69,8 @@ jobs: timeout-minutes: 60 strategy: fail-fast: false - matrix: - version: [ "22.7.0" ] + matrix: + version: [ "22.8.0" ] variant: [ "windows-2022" ] steps: @@ -92,22 +92,22 @@ jobs: - name: Test for node version shell: pwsh run: | - $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() + $image_node_version = (docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} node --print "process.versions.node").Trim() Write-Host "Expected: '${{ matrix.version }}', Got: '$image_node_version'" if ($image_node_version -ne "${{ matrix.version }}") { exit 1 } - + - name: Verify entrypoint runs regular, non-executable files with node shell: pwsh run: | - $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" + $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" $tmp_file = Join-Path $tempDir "index.js" "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) if ($output -ne 'success') { Write-Host "Invalid" } - + - name: Test for npm - run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version \ No newline at end of file + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index c8abd53b9..4126cbb4c 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -34,7 +34,10 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + if (-not $?) { \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index 6c3c5864f..a59d039e0 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -34,7 +34,10 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + if (-not $?) { \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 7dda39526..c061a1839 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -23,7 +23,10 @@ RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.e RUN @( \ "${NODE_KEYS[@]}" ) | foreach { \ - gpg --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + if (-not $?) { \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ From 788df2f9049b24fc6b70fece1fe5c236e1799d53 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Thu, 5 Sep 2024 07:03:40 +0200 Subject: [PATCH 04/15] Added verbose logging and sha256 checksum for gpg --- 22/windows-2019/Dockerfile | 10 +++++----- 22/windows-2022/Dockerfile | 10 +++++----- Dockerfile-windows.template | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index 4126cbb4c..b43cd8e6e 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -12,11 +12,11 @@ ENV NODE_VERSION 22.8.0 ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 # Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) -ENV GPG_VERSION 2.5.0_20240705 -ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 +ENV GPG_VERSION 2.4.5_20240307 +ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; @@ -34,9 +34,9 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index a59d039e0..58e3564af 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -12,11 +12,11 @@ ENV NODE_VERSION 22.8.0 ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 # Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) -ENV GPG_VERSION 2.5.0_20240705 -ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 +ENV GPG_VERSION 2.4.5_20240307 +ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; @@ -34,9 +34,9 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index c061a1839..ba6a9f390 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -12,20 +12,20 @@ ENV NODE_VERSION 0.0.0 ENV NODE_CHECKSUM CHECKSUM_x64 # Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) -ENV GPG_VERSION 2.5.0_20240705 -ENV GPG_CHECKSUM 35caef9965b10eed53b8d09b48fba5d1479f3512 +ENV GPG_VERSION 2.4.5_20240307 +ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha1).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ gpg --version; RUN @( \ "${NODE_KEYS[@]}" ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ From 47843c9f07e4c350f86d73a0edf7afaf7d273992 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Thu, 5 Sep 2024 09:15:06 +0200 Subject: [PATCH 05/15] Added link to gpg key and remove verbose logging --- 22/windows-2019/Dockerfile | 16 ++++++++-------- 22/windows-2022/Dockerfile | 16 ++++++++-------- Dockerfile-windows.template | 16 ++++++++-------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index b43cd8e6e..8548bcb5a 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -4,14 +4,14 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 22.8.0 ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 -# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 @@ -34,9 +34,9 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ @@ -53,8 +53,8 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2019 as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) COPY --from=installer C:/nodejs C:/nodejs @@ -63,6 +63,6 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ - npm --version; + npm --version; CMD [ "node.exe" ] diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index 58e3564af..923e8bea6 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -4,14 +4,14 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 22.8.0 ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 -# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 @@ -34,9 +34,9 @@ RUN @( \ 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ @@ -53,8 +53,8 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) COPY --from=installer C:/nodejs C:/nodejs @@ -63,6 +63,6 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ - npm --version; + npm --version; CMD [ "node.exe" ] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index ba6a9f390..4ba865d82 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -4,14 +4,14 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 0.0.0 ENV NODE_CHECKSUM CHECKSUM_x64 -# Version and checksum of the GPG installer (Source: https://lists.gnupg.org/pipermail/gnupg-announce/2024q3/000484.html) +# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 @@ -23,9 +23,9 @@ RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.e RUN @( \ "${NODE_KEYS[@]}" ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --verbose --recv-keys $_ ; \ + gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --verbose --recv-keys $_ ; \ + gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ } \ } ; \ [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ @@ -42,8 +42,8 @@ FROM mcr.microsoft.com/windows/servercore:version as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) COPY --from=installer C:/nodejs C:/nodejs @@ -52,6 +52,6 @@ ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] # Smoke test RUN node --version; \ - npm --version; + npm --version; CMD [ "node.exe" ] From 537bc56b1dc6d9a429e91fe323df5de3f8373684 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Thu, 5 Sep 2024 09:33:12 +0200 Subject: [PATCH 06/15] Updated update.sh to allow skiping everything besides windows --- update.sh | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/update.sh b/update.sh index aba1caa73..7361a4250 100755 --- a/update.sh +++ b/update.sh @@ -77,6 +77,10 @@ if [ "${SKIP}" != true ]; then yarnVersion="$(curl -sSL --compressed https://yarnpkg.com/latest-version)" fi +if [ "${WINDOWS_ONLY}" = true ]; then + echo "Updating Windows images only..." +fi + function in_versions_to_update() { local version=$1 @@ -129,6 +133,10 @@ function update_node_version() { shift fi + if [ "${WINDOWS_ONLY}" = true ] && ! is_windows "${variant}"; then + return + fi + fullVersion="$(curl -sSL --compressed "${baseuri}" | grep ' Date: Fri, 6 Sep 2024 06:58:10 +0200 Subject: [PATCH 07/15] Remove empty smoke test layer --- 22/windows-2019/Dockerfile | 16 ++++++++-------- 22/windows-2022/Dockerfile | 16 ++++++++-------- Dockerfile-windows.template | 16 ++++++++-------- 3 files changed, 24 insertions(+), 24 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index 8548bcb5a..fcbd7f2fd 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -52,17 +52,17 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2019 as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) - COPY --from=installer C:/nodejs C:/nodejs - COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] -# Smoke test -RUN node --version; \ +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ npm --version; +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + CMD [ "node.exe" ] diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index 923e8bea6..f185f46f9 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -52,17 +52,17 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) - COPY --from=installer C:/nodejs C:/nodejs - COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] -# Smoke test -RUN node --version; \ +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ npm --version; +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + CMD [ "node.exe" ] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 4ba865d82..ddeafee47 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -41,17 +41,17 @@ FROM mcr.microsoft.com/windows/servercore:version as runner SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) - COPY --from=installer C:/nodejs C:/nodejs - COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] -# Smoke test -RUN node --version; \ +RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ npm --version; +ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] + CMD [ "node.exe" ] From b98f85960e490a9c6828a2ef1ec02df3a778920e Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Fri, 6 Sep 2024 06:58:35 +0200 Subject: [PATCH 08/15] Remove empty smoke test layer --- 22/windows-2019/Dockerfile | 2 +- 22/windows-2022/Dockerfile | 2 +- Dockerfile-windows.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index fcbd7f2fd..c2ea797d6 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -58,7 +58,7 @@ COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ Write-Host ('Updating PATH: {0}' -f $newPath); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session + # Because we need to use it in the current session $env:PATH = $newPath; \ node --version; \ npm --version; diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index f185f46f9..2ed0e0f24 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -58,7 +58,7 @@ COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ Write-Host ('Updating PATH: {0}' -f $newPath); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session + # Because we need to use it in the current session $env:PATH = $newPath; \ node --version; \ npm --version; diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index ddeafee47..1f606327d 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -47,7 +47,7 @@ COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ Write-Host ('Updating PATH: {0}' -f $newPath); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session + # Because we need to use it in the current session $env:PATH = $newPath; \ node --version; \ npm --version; From 48e25c2b8571fb6b4d1183c793f4e8778a9be12b Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Mon, 9 Sep 2024 06:30:39 +0200 Subject: [PATCH 09/15] Fix linting errors --- 22/windows-2019/Dockerfile | 20 ++++++++++---------- 22/windows-2019/docker-entrypoint.ps1 | 6 +++--- 22/windows-2022/Dockerfile | 20 ++++++++++---------- 22/windows-2022/docker-entrypoint.ps1 | 6 +++--- Dockerfile-windows.template | 22 +++++++++++----------- architectures | 2 +- docker-entrypoint.ps1 | 6 +++--- 7 files changed, 41 insertions(+), 41 deletions(-) diff --git a/22/windows-2019/Dockerfile b/22/windows-2019/Dockerfile index c2ea797d6..2ca2a9edc 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windows-2019/Dockerfile @@ -4,8 +4,8 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 22.8.0 @@ -17,8 +17,8 @@ ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; RUN @( \ '4ED778F539E3634C779C87C6D7062848A1AB005C', \ @@ -56,12 +56,12 @@ COPY --from=installer C:/nodejs C:/nodejs COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ - node --version; \ - npm --version; + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ + npm --version; ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] diff --git a/22/windows-2019/docker-entrypoint.ps1 b/22/windows-2019/docker-entrypoint.ps1 index 87cbc8b77..016d737b7 100644 --- a/22/windows-2019/docker-entrypoint.ps1 +++ b/22/windows-2019/docker-entrypoint.ps1 @@ -5,12 +5,12 @@ $ErrorActionPreference = 'Stop' # 1. Contains a "-" # 2. Is NOT a recognized command # 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or +if (($args[0] -like '*-') -or (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { # Prepend 'node' to the argument list $args = @('node') + $args } # Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] \ No newline at end of file +& $args[0] $args[1..($args.Length-1)] diff --git a/22/windows-2022/Dockerfile b/22/windows-2022/Dockerfile index 2ed0e0f24..136e0baa0 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windows-2022/Dockerfile @@ -4,8 +4,8 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 22.8.0 @@ -17,8 +17,8 @@ ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; RUN @( \ '4ED778F539E3634C779C87C6D7062848A1AB005C', \ @@ -56,12 +56,12 @@ COPY --from=installer C:/nodejs C:/nodejs COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ - node --version; \ - npm --version; + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ + npm --version; ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] diff --git a/22/windows-2022/docker-entrypoint.ps1 b/22/windows-2022/docker-entrypoint.ps1 index 87cbc8b77..016d737b7 100644 --- a/22/windows-2022/docker-entrypoint.ps1 +++ b/22/windows-2022/docker-entrypoint.ps1 @@ -5,12 +5,12 @@ $ErrorActionPreference = 'Stop' # 1. Contains a "-" # 2. Is NOT a recognized command # 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or +if (($args[0] -like '*-') -or (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { # Prepend 'node' to the argument list $args = @('node') + $args } # Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] \ No newline at end of file +& $args[0] $args[1..($args.Length-1)] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 1f606327d..c99ee905c 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -4,8 +4,8 @@ SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPref # PATH isn't actually set in the Docker image, so we have to set it from within the container RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 0.0.0 @@ -16,9 +16,9 @@ ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; RUN @( \ "${NODE_KEYS[@]}" @@ -45,12 +45,12 @@ COPY --from=installer C:/nodejs C:/nodejs COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ - node --version; \ - npm --version; + Write-Host ('Updating PATH: {0}' -f $newPath); \ + [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ + # Because we need to use it in the current session + $env:PATH = $newPath; \ + node --version; \ + npm --version; ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] diff --git a/architectures b/architectures index ad889beb8..095b09e17 100644 --- a/architectures +++ b/architectures @@ -5,4 +5,4 @@ arm32v7 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-sl arm64v8 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim i386 alpine3.19,alpine3.20 ppc64le alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim -s390x alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim \ No newline at end of file +s390x alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim diff --git a/docker-entrypoint.ps1 b/docker-entrypoint.ps1 index 87cbc8b77..016d737b7 100644 --- a/docker-entrypoint.ps1 +++ b/docker-entrypoint.ps1 @@ -5,12 +5,12 @@ $ErrorActionPreference = 'Stop' # 1. Contains a "-" # 2. Is NOT a recognized command # 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or +if (($args[0] -like '*-') -or (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { + (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { # Prepend 'node' to the argument list $args = @('node') + $args } # Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] \ No newline at end of file +& $args[0] $args[1..($args.Length-1)] From d5532b8e3f4f787df8089389a162737d90ed0263 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Mon, 9 Sep 2024 17:29:18 +0200 Subject: [PATCH 10/15] Renamed windows variant to windowsservercore --- 22/{windows-2019 => windowsservercore-ltsc2019}/Dockerfile | 6 +++--- .../docker-entrypoint.ps1 | 0 22/{windows-2022 => windowsservercore-ltsc2022}/Dockerfile | 6 +++--- .../docker-entrypoint.ps1 | 0 architectures | 2 +- update.sh | 2 +- 6 files changed, 8 insertions(+), 8 deletions(-) rename 22/{windows-2019 => windowsservercore-ltsc2019}/Dockerfile (93%) rename 22/{windows-2019 => windowsservercore-ltsc2019}/docker-entrypoint.ps1 (100%) rename 22/{windows-2022 => windowsservercore-ltsc2022}/Dockerfile (93%) rename 22/{windows-2022 => windowsservercore-ltsc2022}/docker-entrypoint.ps1 (100%) diff --git a/22/windows-2019/Dockerfile b/22/windowsservercore-ltsc2019/Dockerfile similarity index 93% rename from 22/windows-2019/Dockerfile rename to 22/windowsservercore-ltsc2019/Dockerfile index 2ca2a9edc..1a0e2e037 100644 --- a/22/windows-2019/Dockerfile +++ b/22/windowsservercore-ltsc2019/Dockerfile @@ -16,9 +16,9 @@ ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; RUN @( \ '4ED778F539E3634C779C87C6D7062848A1AB005C', \ diff --git a/22/windows-2019/docker-entrypoint.ps1 b/22/windowsservercore-ltsc2019/docker-entrypoint.ps1 similarity index 100% rename from 22/windows-2019/docker-entrypoint.ps1 rename to 22/windowsservercore-ltsc2019/docker-entrypoint.ps1 diff --git a/22/windows-2022/Dockerfile b/22/windowsservercore-ltsc2022/Dockerfile similarity index 93% rename from 22/windows-2022/Dockerfile rename to 22/windowsservercore-ltsc2022/Dockerfile index 136e0baa0..f88b0c2d5 100644 --- a/22/windows-2022/Dockerfile +++ b/22/windowsservercore-ltsc2022/Dockerfile @@ -16,9 +16,9 @@ ENV GPG_VERSION 2.4.5_20240307 ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; + if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ + Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ + gpg --version; RUN @( \ '4ED778F539E3634C779C87C6D7062848A1AB005C', \ diff --git a/22/windows-2022/docker-entrypoint.ps1 b/22/windowsservercore-ltsc2022/docker-entrypoint.ps1 similarity index 100% rename from 22/windows-2022/docker-entrypoint.ps1 rename to 22/windowsservercore-ltsc2022/docker-entrypoint.ps1 diff --git a/architectures b/architectures index 095b09e17..c2b3c0213 100644 --- a/architectures +++ b/architectures @@ -1,5 +1,5 @@ bashbrew-arch variants -amd64 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim,windows-2019,windows-2022 +amd64 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim,windowsservercore-ltsc2019,windowsservercore-ltsc2022 arm32v6 alpine3.19,alpine3.20 arm32v7 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim arm64v8 alpine3.19,alpine3.20,bookworm,bookworm-slim,bullseye,bullseye-slim diff --git a/update.sh b/update.sh index 7361a4250..d66b5cec3 100755 --- a/update.sh +++ b/update.sh @@ -195,7 +195,7 @@ function update_node_version() { fi if is_windows "${variant}"; then - windows_version="${variant#*windows-}" + windows_version="${variant#*windowsservercore-ltsc}" checksum=$( curl -sSL --compressed "https://nodejs.org/dist/v${nodeVersion}/SHASUMS256.txt" | grep "node-v${nodeVersion}-win-x64.zip" | cut -d' ' -f1 ) From a8724fb53d09605eeb32ab8e00170f8481a0c5b2 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Mon, 9 Sep 2024 17:32:22 +0200 Subject: [PATCH 11/15] Fixed github action after rename --- .github/workflows/build-test-windows.yml | 12 ++++++------ genMatrix.js | 4 ++-- update.sh | 16 ++++++++-------- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index 8d691d1c6..c119d475d 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -3,14 +3,14 @@ name: build-test-windows on: push: paths: - - "**/windows-2019/**" - - "**/windows-2022/**" + - "**/windowsservercore-2019/**" + - "**/windowsservercore-2022/**" - ".github/workflows/build-test-windows.yml" pull_request: paths: - - "**/windows-2019/**" - - "**/windows-2022/**" + - "**/windowsservercore-2019/**" + - "**/windowsservercore-2022/**" - ".github/workflows/build-test-windows.yml" jobs: @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: version: [ "22.8.0" ] - variant: [ "windows-2019" ] + variant: [ "windowsservercore-2019" ] steps: - name: Get short node version @@ -71,7 +71,7 @@ jobs: fail-fast: false matrix: version: [ "22.8.0" ] - variant: [ "windows-2022" ] + variant: [ "windowsservercore-2022" ] steps: - name: Get short node version diff --git a/genMatrix.js b/genMatrix.js index fd90954ac..30f1588e5 100644 --- a/genMatrix.js +++ b/genMatrix.js @@ -8,8 +8,8 @@ const testFiles = [ ]; const nodeDirRegex = /^\d+$/; -// Directories starting with 'windows-' are excluded from the matrix windows-2019 are excluded for example -const windowsDirRegex = /^windows-/; +// Directories starting with 'windowsservercore-' are excluded from the matrix windows-2019 are excluded for example +const windowsDirRegex = /^windowsservercore-/; const areTestFilesChanged = (changedFiles) => changedFiles .some((file) => testFiles.includes(file)); diff --git a/update.sh b/update.sh index d66b5cec3..ea7698827 100755 --- a/update.sh +++ b/update.sh @@ -11,14 +11,14 @@ function usage() { $0 [-s] [-w] [MAJOR_VERSION(S)] [VARIANT(S)] Examples: - - update.sh # Update all images - - update.sh -s # Update all images, skip updating Alpine and Yarn - - update.sh -w # Update only Windows images - - update.sh 8,10 # Update all variants of version 8 and 10 - - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn - - update.sh 8 alpine # Update only Alpine variants for version 8 - - update.sh -w 8 windows-2022 # Update only Windows 2022 variant for version 8 - - update.sh . alpine # Update the Alpine variant for all versions + - update.sh # Update all images + - update.sh -s # Update all images, skip updating Alpine and Yarn + - update.sh -w # Update only Windows images + - update.sh 8,10 # Update all variants of version 8 and 10 + - update.sh -s 8 # Update version 8 and variants, skip updating Alpine and Yarn + - update.sh 8 alpine # Update only Alpine variants for version 8 + - update.sh -w 8 windowsservercore-2022 # Update only Windows Server Core 2022 variant for version 8 + - update.sh . alpine # Update the Alpine variant for all versions OPTIONS: -s Security update; skip updating the Yarn and Alpine versions. From dbe54a646800423e14f21812c7f8aa0f24815f06 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Mon, 9 Sep 2024 17:34:32 +0200 Subject: [PATCH 12/15] Fixed github action after rename --- .github/workflows/build-test-windows.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index c119d475d..4565f16bc 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -3,14 +3,14 @@ name: build-test-windows on: push: paths: - - "**/windowsservercore-2019/**" - - "**/windowsservercore-2022/**" + - "**/windowsservercore-ltsc2019/**" + - "**/windowsservercore-ltsc2022/**" - ".github/workflows/build-test-windows.yml" pull_request: paths: - - "**/windowsservercore-2019/**" - - "**/windowsservercore-2022/**" + - "**/windowsservercore-ltsc2019/**" + - "**/windowsservercore-ltsc2022/**" - ".github/workflows/build-test-windows.yml" jobs: @@ -22,7 +22,7 @@ jobs: fail-fast: false matrix: version: [ "22.8.0" ] - variant: [ "windowsservercore-2019" ] + variant: [ "windowsservercore-ltsc2019" ] steps: - name: Get short node version @@ -71,7 +71,7 @@ jobs: fail-fast: false matrix: version: [ "22.8.0" ] - variant: [ "windowsservercore-2022" ] + variant: [ "windowsservercore-ltsc2022" ] steps: - name: Get short node version From e3485a7d53fd394adc382f40a8d380a550acb266 Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Mon, 9 Sep 2024 17:43:54 +0200 Subject: [PATCH 13/15] Updated README.md to include information about windoservercore images. --- README.md | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index fc778a31e..e60d03139 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,7 @@ The official Node.js docker image, made with love by the node community. - [`node:bullseye`](#nodebullseye) - [`node:bookworm`](#nodebookworm) - [`node:slim`](#nodeslim) + - [`node:windowsservercore-ltsc<2019|2022>`](#nodewindowsservercore-ltsc20192022) - [License](#license) - [Supported Docker versions](#supported-docker-versions) - [Supported Node.js versions](#supported-nodejs-versions) @@ -189,12 +190,12 @@ One common issue that may arise is a missing shared library required for use of `process.dlopen`. To add the missing shared libraries to your image: - For Alpine v3.18 and earlier, adding the -[`libc6-compat`](https://pkgs.alpinelinux.org/package/v3.18/main/x86/libc6-compat) -package in your Dockerfile is recommended: `apk add --no-cache libc6-compat` + [`libc6-compat`](https://pkgs.alpinelinux.org/package/v3.18/main/x86/libc6-compat) + package in your Dockerfile is recommended: `apk add --no-cache libc6-compat` - Starting from Alpine v3.19, you can use the -[`gcompat`](https://pkgs.alpinelinux.org/package/v3.19/main/x86/gcompat) package -to add the missing shared libraries: `apk add --no-cache gcompat` + [`gcompat`](https://pkgs.alpinelinux.org/package/v3.19/main/x86/gcompat) package + to add the missing shared libraries: `apk add --no-cache gcompat` To minimize image size, it's uncommon for additional related tools (such as `git` or `bash`) to be included in Alpine-based images. Using this @@ -224,6 +225,16 @@ in an environment where *only* the Node.js image will be deployed and you have space constraints, we highly recommend using the default image of this repository. +### `node:windowsservercore-ltsc<2019|2022>` + +This image is based on Windows Server Core and is the recommended image +for users who require Windows-based environments. +It is available in two versions:`node:windowsservercore-ltsc2019` and `node:windowsservercore-ltsc2022`. +You can run this image on Windows Server 2019 or Windows Server 2022 or on Windows desktop versions +that support Windows containers. +Keep in mind that these images are significantly larger than the Linux-based +variants due to the Windows Server Core base. + ## License [License information](https://github.com/nodejs/node/blob/master/LICENSE) for From 79bf2fe42dcf1df2dbf414341aaa2614f65900bc Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Fri, 20 Sep 2024 07:26:15 +0200 Subject: [PATCH 14/15] Remove gpg, multistage from windowservercore images and use NODE_CHECKSUM Signed-off-by: Daniel Fiala --- .github/workflows/build-test-windows.yml | 6 +- 22/windowsservercore-ltsc2019/Dockerfile | 60 +++---------------- .../docker-entrypoint.ps1 | 16 ----- 22/windowsservercore-ltsc2022/Dockerfile | 60 +++---------------- .../docker-entrypoint.ps1 | 16 ----- Dockerfile-windows.template | 45 ++------------ docker-entrypoint.ps1 | 16 ----- update.sh | 2 - 8 files changed, 22 insertions(+), 199 deletions(-) delete mode 100644 22/windowsservercore-ltsc2019/docker-entrypoint.ps1 delete mode 100644 22/windowsservercore-ltsc2022/docker-entrypoint.ps1 delete mode 100644 docker-entrypoint.ps1 diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index 4565f16bc..1a5bc0c0c 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -98,15 +98,15 @@ jobs: exit 1 } - - name: Verify entrypoint runs regular, non-executable files with node + - name: Verify node runs regular files shell: pwsh run: | $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" $tmp_file = Join-Path $tempDir "index.js" "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 - $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) + $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} node C:/app/index.js) if ($output -ne 'success') { - Write-Host "Invalid" + exit 1 } - name: Test for npm diff --git a/22/windowsservercore-ltsc2019/Dockerfile b/22/windowsservercore-ltsc2019/Dockerfile index 1a0e2e037..03aa9a01a 100644 --- a/22/windowsservercore-ltsc2019/Dockerfile +++ b/22/windowsservercore-ltsc2019/Dockerfile @@ -3,66 +3,20 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2019 as installer SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # PATH isn't actually set in the Docker image, so we have to set it from within the container -RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ +RUN $newPath = ('C:\nodejs;{0};{0}' -f $env:PATH); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively -ENV NODE_VERSION 22.8.0 -ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 +ENV NODE_VERSION 22.9.0 +ENV NODE_CHECKSUM 8af226c0aa71fefe5228e881f4b5c5d90a8b41c290b96f44f56990d8dc3fac1c -# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) -ENV GPG_VERSION 2.4.5_20240307 -ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 - -RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; - -RUN @( \ - '4ED778F539E3634C779C87C6D7062848A1AB005C', \ - '141F07595B7B3FFE74309A937405533BE57C7D57', \ - '74F12602B6F1C4E913FAA37AD3A89613643B6201', \ - 'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \ - '61FC681DFB92A079F1685E77973F295594EC4689', \ - '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \ - 'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \ - '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \ - 'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \ - '108F52B48DB57BB0CC439B2997B01419BD92F80A', \ - 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ - 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ - ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ - if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ - } \ - } ; \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ - Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ - gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ +RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ - $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ - if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { Write-Error 'SHA256 mismatch' } ; \ Expand-Archive node.zip -DestinationPath C:\ ; \ - Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' - -FROM mcr.microsoft.com/windows/servercore:ltsc2019 as runner - -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -COPY --from=installer C:/nodejs C:/nodejs -COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 - -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' ; \ + Remove-Item node.zip -Force ; \ node --version; \ npm --version; -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] - CMD [ "node.exe" ] diff --git a/22/windowsservercore-ltsc2019/docker-entrypoint.ps1 b/22/windowsservercore-ltsc2019/docker-entrypoint.ps1 deleted file mode 100644 index 016d737b7..000000000 --- a/22/windowsservercore-ltsc2019/docker-entrypoint.ps1 +++ /dev/null @@ -1,16 +0,0 @@ -# Ensure script stops on any error -$ErrorActionPreference = 'Stop' - -# Check if the first argument: -# 1. Contains a "-" -# 2. Is NOT a recognized command -# 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or - (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { - # Prepend 'node' to the argument list - $args = @('node') + $args -} - -# Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] diff --git a/22/windowsservercore-ltsc2022/Dockerfile b/22/windowsservercore-ltsc2022/Dockerfile index f88b0c2d5..eae112a63 100644 --- a/22/windowsservercore-ltsc2022/Dockerfile +++ b/22/windowsservercore-ltsc2022/Dockerfile @@ -3,66 +3,20 @@ FROM mcr.microsoft.com/windows/servercore:ltsc2022 as installer SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # PATH isn't actually set in the Docker image, so we have to set it from within the container -RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ +RUN $newPath = ('C:\nodejs;{0};{0}' -f $env:PATH); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively -ENV NODE_VERSION 22.8.0 -ENV NODE_CHECKSUM d6e1c4fca93997224cac0bec09b4201aa018f50171d38c6b85abe483012839c9 +ENV NODE_VERSION 22.9.0 +ENV NODE_CHECKSUM 8af226c0aa71fefe5228e881f4b5c5d90a8b41c290b96f44f56990d8dc3fac1c -# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) -ENV GPG_VERSION 2.4.5_20240307 -ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 - -RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; - -RUN @( \ - '4ED778F539E3634C779C87C6D7062848A1AB005C', \ - '141F07595B7B3FFE74309A937405533BE57C7D57', \ - '74F12602B6F1C4E913FAA37AD3A89613643B6201', \ - 'DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7', \ - '61FC681DFB92A079F1685E77973F295594EC4689', \ - '8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600', \ - 'C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8', \ - '890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4', \ - 'C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C', \ - '108F52B48DB57BB0CC439B2997B01419BD92F80A', \ - 'A363A499291CBBC940DD62E41F10027AF002F8B0', \ - 'CC68F5A3106FF448322E48ED27F5E38D5B0A215F' \ - ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ - if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ - } \ - } ; \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ - Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ - gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ +RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ - $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ - if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { Write-Error 'SHA256 mismatch' } ; \ Expand-Archive node.zip -DestinationPath C:\ ; \ - Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' - -FROM mcr.microsoft.com/windows/servercore:ltsc2022 as runner - -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -COPY --from=installer C:/nodejs C:/nodejs -COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 - -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' ; \ + Remove-Item node.zip -Force ; \ node --version; \ npm --version; -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] - CMD [ "node.exe" ] diff --git a/22/windowsservercore-ltsc2022/docker-entrypoint.ps1 b/22/windowsservercore-ltsc2022/docker-entrypoint.ps1 deleted file mode 100644 index 016d737b7..000000000 --- a/22/windowsservercore-ltsc2022/docker-entrypoint.ps1 +++ /dev/null @@ -1,16 +0,0 @@ -# Ensure script stops on any error -$ErrorActionPreference = 'Stop' - -# Check if the first argument: -# 1. Contains a "-" -# 2. Is NOT a recognized command -# 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or - (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { - # Prepend 'node' to the argument list - $args = @('node') + $args -} - -# Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index c99ee905c..97b174e23 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -3,55 +3,20 @@ FROM mcr.microsoft.com/windows/servercore:version as installer SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] # PATH isn't actually set in the Docker image, so we have to set it from within the container -RUN $newPath = ('C:\Program Files (x86)\GnuPG\bin;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ +RUN $newPath = ('C:\nodejs;{0};{0}' -f $env:PATH); \ [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine) # doing this first to share cache across versions more aggressively ENV NODE_VERSION 0.0.0 ENV NODE_CHECKSUM CHECKSUM_x64 -# Version and checksum of the GPG installer (Source: https://www.gnupg.org/download/integrity_check.html) -ENV GPG_VERSION 2.4.5_20240307 -ENV GPG_CHECKSUM d2ac821ceacf9409ebcdb42ae330087ada30c732981f00b356f9c2f08fac4dc1 - -RUN Invoke-WebRequest $('https://www.gnupg.org/ftp/gcrypt/binary/gnupg-w32-{0}.exe' -f $env:GPG_VERSION) -OutFile 'gpg-installer.exe'; \ - if ((Get-FileHash gpg-installer.exe -Algorithm sha256).Hash -ne $env:GPG_CHECKSUM) { Write-Error 'GPG checksum mismatch' }; \ - Start-Process -FilePath 'gpg-installer.exe' -ArgumentList '/S' -Wait; \ - gpg --version; - -RUN @( \ - "${NODE_KEYS[@]}" - ) | foreach { \ - gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $_ ; \ - if (-not $?) { \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys $_ ; \ - } \ - } ; \ - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ - Invoke-WebRequest $('https://nodejs.org/dist/v{0}/SHASUMS256.txt.asc' -f $env:NODE_VERSION) -OutFile 'SHASUMS256.txt.asc' -UseBasicParsing ; \ - gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc ; \ +RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 ; \ Invoke-WebRequest $('https://nodejs.org/dist/v{0}/node-v{0}-win-x64.zip' -f $env:NODE_VERSION) -OutFile 'node.zip' -UseBasicParsing ; \ - $sum = $(cat SHASUMS256.txt.asc | sls $(' node-v{0}-win-x64.zip' -f $env:NODE_VERSION)) -Split ' ' ; \ - if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $sum[0]) { Write-Error 'SHA256 mismatch' } ; \ + if ((Get-FileHash node.zip -Algorithm sha256).Hash -ne $env:NODE_CHECKSUM) { Write-Error 'SHA256 mismatch' } ; \ Expand-Archive node.zip -DestinationPath C:\ ; \ - Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' - -FROM mcr.microsoft.com/windows/servercore:version as runner - -SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] - -COPY --from=installer C:/nodejs C:/nodejs -COPY docker-entrypoint.ps1 C:/docker-entrypoint.ps1 - -RUN $newPath = ('C:\nodejs;{0}' -f $env:PATH); \ - Write-Host ('Updating PATH: {0}' -f $newPath); \ - [Environment]::SetEnvironmentVariable('PATH', $newPath, [EnvironmentVariableTarget]::Machine); \ - # Because we need to use it in the current session - $env:PATH = $newPath; \ + Rename-Item -Path $('C:\node-v{0}-win-x64' -f $env:NODE_VERSION) -NewName 'C:\nodejs' ; \ + Remove-Item node.zip -Force ; \ node --version; \ npm --version; -ENTRYPOINT [ "powershell.exe" , "C:/docker-entrypoint.ps1" ] - CMD [ "node.exe" ] diff --git a/docker-entrypoint.ps1 b/docker-entrypoint.ps1 deleted file mode 100644 index 016d737b7..000000000 --- a/docker-entrypoint.ps1 +++ /dev/null @@ -1,16 +0,0 @@ -# Ensure script stops on any error -$ErrorActionPreference = 'Stop' - -# Check if the first argument: -# 1. Contains a "-" -# 2. Is NOT a recognized command -# 3. Is a file that's NOT executable -if (($args[0] -like '*-') -or - (!(Get-Command $args[0] -ErrorAction SilentlyContinue)) -or - (((Test-Path $args[0] -PathType Leaf)) -and -not ((Get-Item $args[0]).Attributes -band 'ReadOnly'))) { - # Prepend 'node' to the argument list - $args = @('node') + $args -} - -# Execute the (potentially modified) command -& $args[0] $args[1..($args.Length-1)] diff --git a/update.sh b/update.sh index ea7698827..bbdd4e34e 100755 --- a/update.sh +++ b/update.sh @@ -269,8 +269,6 @@ for version in "${versions[@]}"; do # Copy .sh only if not is_windows if ! is_windows "${variant}"; then cp "${parentpath}/docker-entrypoint.sh" "${version}/${variant}/docker-entrypoint.sh" - elif is_windows "${variant}"; then - cp "${parentpath}/docker-entrypoint.ps1" "${version}/${variant}/docker-entrypoint.ps1" fi if [ "${update_version}" -eq 0 ] && [ "${update_variant}" -eq 0 ]; then From 41d4d9f459bfc322a7d7db83097b6a12ac31797e Mon Sep 17 00:00:00 2001 From: Daniel Fiala Date: Fri, 20 Sep 2024 07:28:59 +0200 Subject: [PATCH 15/15] Fixed build-test-windows.yml Signed-off-by: Daniel Fiala --- .github/workflows/build-test-windows.yml | 15 ++++++++------- 22/windowsservercore-ltsc2019/Dockerfile | 4 +--- 22/windowsservercore-ltsc2022/Dockerfile | 4 +--- Dockerfile-windows.template | 4 +--- 4 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build-test-windows.yml b/.github/workflows/build-test-windows.yml index 1a5bc0c0c..bd7daf0ee 100644 --- a/.github/workflows/build-test-windows.yml +++ b/.github/workflows/build-test-windows.yml @@ -21,7 +21,7 @@ jobs: strategy: fail-fast: false matrix: - version: [ "22.8.0" ] + version: [ "22.9.0" ] variant: [ "windowsservercore-ltsc2019" ] steps: @@ -49,19 +49,19 @@ jobs: exit 1 } - - name: Verify entrypoint runs regular, non-executable files with node + - name: Verify node runs regular files shell: pwsh run: | $tempDir = New-Item -ItemType Directory -Path $env:TEMP -Name "tempNodeApp" $tmp_file = Join-Path $tempDir "index.js" "console.log('success')" | Out-File -FilePath $tmp_file -Encoding utf8 - $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} C:/app/index.js) + $output = (docker run --rm -w /app --mount "type=bind,src=$tempDir,target=c:\app" node:${{ matrix.version }}-${{ matrix.variant }} node C:/app/index.js) if ($output -ne 'success') { - Write-Host "Invalid" + exit 1 } - name: Test for npm - run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} powershell.exe npm --version build-windows-2022: name: build-windows-2022 @@ -70,7 +70,7 @@ jobs: strategy: fail-fast: false matrix: - version: [ "22.8.0" ] + version: [ "22.9.0" ] variant: [ "windowsservercore-ltsc2022" ] steps: @@ -110,4 +110,5 @@ jobs: } - name: Test for npm - run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} npm --version + # We need to use powershell.exe to run npm because docker needs to attach to process and npm is a batch file/powershell script + run: docker run --rm node:${{ matrix.version }}-${{ matrix.variant }} powershell.exe npm --version diff --git a/22/windowsservercore-ltsc2019/Dockerfile b/22/windowsservercore-ltsc2019/Dockerfile index 03aa9a01a..642a660de 100644 --- a/22/windowsservercore-ltsc2019/Dockerfile +++ b/22/windowsservercore-ltsc2019/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/windows/servercore:ltsc2019 as installer +FROM mcr.microsoft.com/windows/servercore:ltsc2019 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] @@ -18,5 +18,3 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Remove-Item node.zip -Force ; \ node --version; \ npm --version; - -CMD [ "node.exe" ] diff --git a/22/windowsservercore-ltsc2022/Dockerfile b/22/windowsservercore-ltsc2022/Dockerfile index eae112a63..c6c5365ec 100644 --- a/22/windowsservercore-ltsc2022/Dockerfile +++ b/22/windowsservercore-ltsc2022/Dockerfile @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/windows/servercore:ltsc2022 as installer +FROM mcr.microsoft.com/windows/servercore:ltsc2022 SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] @@ -18,5 +18,3 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Remove-Item node.zip -Force ; \ node --version; \ npm --version; - -CMD [ "node.exe" ] diff --git a/Dockerfile-windows.template b/Dockerfile-windows.template index 97b174e23..05da6f405 100644 --- a/Dockerfile-windows.template +++ b/Dockerfile-windows.template @@ -1,4 +1,4 @@ -FROM mcr.microsoft.com/windows/servercore:version as installer +FROM mcr.microsoft.com/windows/servercore:version SHELL ["powershell", "-Command", "$ErrorActionPreference = 'Stop'; $ProgressPreference = 'SilentlyContinue';"] @@ -18,5 +18,3 @@ RUN [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tl Remove-Item node.zip -Force ; \ node --version; \ npm --version; - -CMD [ "node.exe" ]