From c2dbd608b74da3641425e106f7328a004eca4a11 Mon Sep 17 00:00:00 2001 From: clawbot Date: Sun, 22 Feb 2026 16:50:14 +0000 Subject: [PATCH] Replace curl|bash nodesource with pinned Node.js tarball, add python3, remove netlify CLI - Pin Node.js 20.18.3 by sha256 checksum (no more curl|bash) - Add python3 for downstream make test YAML validation - Remove netlify CLI (unused by downstream repos) - Keep all existing ruby/jekyll/imagemagick/yarn functionality --- Dockerfile | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/Dockerfile b/Dockerfile index 94e4392..280b0e9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,5 @@ -FROM ruby:3.1-buster as builder +FROM ruby:3.1-bullseye AS builder -# I sort of hate that this is duped in .drone.yml and here. -# note that if you update one, you probably have to update the other. RUN apt update && apt install -y \ bsdmainutils \ build-essential \ @@ -11,20 +9,22 @@ RUN apt update && apt install -y \ imagemagick \ libxml2-dev \ libxslt-dev \ - pkg-config + pkg-config \ + python3 \ + xz-utils -RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \ - apt-get install -y nodejs +# Node.js 20.18.3 LTS, pinned by sha256 +RUN cd /tmp && \ + curl -fsSLO https://nodejs.org/dist/v20.18.3/node-v20.18.3-linux-x64.tar.xz && \ + echo "595bcc9a28e6d1ee5fc7277b5c3cb029275b98ec0524e162a0c566c992a7ee5c node-v20.18.3-linux-x64.tar.xz" | sha256sum -c - && \ + tar -xJf node-v20.18.3-linux-x64.tar.xz -C /usr/local --strip-components=1 && \ + rm node-v20.18.3-linux-x64.tar.xz + +RUN npm install -g yarn ADD ./Gemfile* ./ -RUN npm install -g npm && \ - npm install -g yarn && \ - echo "gem: --no-ri --no-rdoc" > ~/.gemrc && \ +RUN echo "gem: --no-ri --no-rdoc" > ~/.gemrc && \ yes | gem update --system && \ gem install bundler && \ - bundle install && \ - yarn global add \ - https://github.com/netlify/cli#a3528d2a679807722de40b1dd87200176b121dbd && \ - netlify --telemetry-disable && \ - bundle install + bundle install