Replace curl|bash nodesource with pinned Node.js tarball, add python3, remove netlify CLI

- Pin Node.js 20.18.3 by sha256 checksum (no more curl|bash)
- Add python3 for downstream make test YAML validation
- Remove netlify CLI (unused by downstream repos)
- Keep all existing ruby/jekyll/imagemagick/yarn functionality

Dockerfile

@@ -1,7 +1,5 @@
-FROM ruby:3.1-buster as builder
+FROM ruby:3.1-bullseye AS builder
 
-# I sort of hate that this is duped in .drone.yml and here.
-# note that if you update one, you probably have to update the other.
 RUN apt update && apt install -y \
     bsdmainutils \
     build-essential \
@@ -11,20 +9,22 @@ RUN apt update && apt install -y \
     imagemagick \
     libxml2-dev \
     libxslt-dev \
-    pkg-config
+    pkg-config \
+    python3 \
+    xz-utils
 
-RUN curl -fsSL https://deb.nodesource.com/setup_18.x | bash - && \
+# Node.js 20.18.3 LTS, pinned by sha256
-    apt-get install -y nodejs
+RUN cd /tmp && \
+    curl -fsSLO https://nodejs.org/dist/v20.18.3/node-v20.18.3-linux-x64.tar.xz && \
+    echo "595bcc9a28e6d1ee5fc7277b5c3cb029275b98ec0524e162a0c566c992a7ee5c  node-v20.18.3-linux-x64.tar.xz" | sha256sum -c - && \
+    tar -xJf node-v20.18.3-linux-x64.tar.xz -C /usr/local --strip-components=1 && \
+    rm node-v20.18.3-linux-x64.tar.xz
+
+RUN npm install -g yarn
 
 ADD ./Gemfile* ./
 
-RUN npm install -g npm && \
+RUN echo "gem: --no-ri --no-rdoc" > ~/.gemrc && \
-    npm install -g yarn && \
-    echo "gem: --no-ri --no-rdoc" > ~/.gemrc && \
     yes | gem update --system && \
     gem install bundler && \
-    bundle install && \
+    bundle install
-    yarn global add \
-    https://github.com/netlify/cli#a3528d2a679807722de40b1dd87200176b121dbd && \
-    netlify --telemetry-disable && \
-	bundle install