Commit Graph

134 Commits (d7d3466b9ace2f74e796d5f2d5bb2518ca5132b4)

Author SHA1 Message Date
Nick Schonning c4f2b1e86a Fix minor typos in comments and spec names (#21831) 2023-05-19 17:13:29 +02:00
Tim Campbell ceaf8f2fa5 Fixed mastodon version injection into containers via github actions (#24858) 2023-05-04 21:33:32 +02:00
Renaud Chaput 5569c64150 Add version suffixes to nightly & edge image builds (#24823) 2023-05-04 13:45:39 +02:00
Nick Schonning 0135b7c5cb Update Node.js to 16.20.0 (#24316) 2023-04-07 14:26:11 +02:00
Nick Schonning 4b95940968 Remove duplicate ca-certificates Docker install (#24231) 2023-04-07 14:10:12 +02:00
Sai fbe173fe35 Bump ruby to 3.2.2 due to ReDoS vulnerabilities (#24320) 2023-03-31 18:28:40 +02:00
Nick Schonning 313feca996 Use Yarn production install for asset compile (#24232) 2023-03-23 22:49:47 +01:00
Aaron Patterson edc6f486bf Upgrade to Ruby 3.2 (#22928)
Co-authored-by: Matthew Ford <matt@bitzesty.com>
2023-02-15 08:30:27 +01:00
Nick Schonning 17e3cdb81b Update Ruby to 3.0.5 (#23544) 2023-02-13 14:39:24 +01:00
Nick Schonning 5bf8be8122 Sync Node.js to 16.19 patch release (#23554) 2023-02-13 04:58:37 +01:00
Nick Schonning 97db92d368 Yarn cache cleanup right after install in Docker (#23557) 2023-02-13 04:57:51 +01:00
Moritz Heiber c16cab7c3c Add hadolint as Dockerfile linter (#20993)
* Added hadolint as Dockerfile linter in pipeline and resolved remaining hadolint issues in Dockerfile

* Use more specific version of hadolint Action

* Bumpt hadolint Action version to latest version to avoid deprecation notice

* Being _really_ specific now
2022-12-15 15:57:17 +01:00
Nick Schonning fc9f6cbc19 Update Node 16.18.1 for latest security release (#22019)
* Update Node 16.18.1 for latest security release

* Increase Yarn network timeout for build error
2022-12-11 07:37:00 +01:00
BtbN 04d83f15a7 Add missing procps package to Dockerfile (#21028)
The new Debian-Base does not come with this by default, making the ps based health-check in the compose file fail
2022-11-22 05:52:18 +01:00
Effy Elden 443183e930 Remove blank line from start of Dockerfile breaking syntax declaration (#20948) 2022-11-17 10:25:07 -05:00
Moritz Heiber a1fe971bf2 Split off Dockerfile components for faster build times (#20933) 2022-11-17 12:56:14 +01:00
Kohei Ota (inductor) 5a5fd023d1 Use buildx functions for faster build (#20692)
* Use buildx functions for faster build

* move link

* cannot use --link with --chown
2022-11-17 11:01:16 +01:00
Yamagishi Kazutoshi 97ba5e41ef Install python3 when building with Docker (#18072) 2022-09-29 16:36:14 +02:00
Daniel Jakots 0c1d4f48fd Update Node to 16.17.1 (#19224)
See
https://nodejs.org/en/blog/vulnerability/september-2022-security-releases/
for the details.
2022-09-24 00:11:34 +02:00
zunda 9a500b21b5 Bump Ruby version from 3.0.3 to 3.0.4 (#18028)
https://www.ruby-lang.org/en/news/2022/04/12/ruby-3-0-4-released/
2022-08-15 04:39:58 +02:00
Daniel Jakots af32bdc7b2 Update node to 16.16.0 (#18790)
See https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/
2022-08-15 02:47:33 +02:00
Shlee c9ad24c75e Update Dockerfile (#18717) 2022-06-27 09:02:48 +02:00
Daniel Jakots 117f949fda Bump NODE_VER to 16.14.2 (#17825)
See the announcement
https://nodejs.org/en/blog/vulnerability/mar-2022-security-releases/
2022-03-19 09:24:26 +01:00
Yamagishi Kazutoshi a40e6f5d97 Remove protobuf dependencies (#17539) 2022-02-14 16:08:02 +01:00
Daniel Jakots 646789f51e Bump NODE_VER to 16.13.2, to solve security issues (#17399)
Fixes CVE-2021-44532, CVE-2021-44533, and CVE-2022-21824.
See: https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/
2022-01-31 00:32:03 +01:00
Jeong Arm 63859eed66 Save bundle config as local (#17188)
Some bundle options are saved as global user config and not project local.
Specially, `deployment` must be saved as local config to be run on copied environment
2021-12-25 22:52:24 +01:00
zunda 56abe9b4d7 Upgrade Ruby to 3.0.3 (#17038)
https://www.ruby-lang.org/en/news/2021/11/24/ruby-3-0-3-released/
2021-11-24 20:29:05 +01:00
Shlee 1b575f8aed Update Dockerfile (#16939) 2021-11-18 22:00:38 +01:00
Shlee 0e747afd34 Ruby 3.0.2 Upgrade (#16982)
* Update .ruby-version

* Update Gemfile

* Update Gemfile.lock

* Update Dockerfile

* Update check-i18n.yml

* Update config.yml

* Update config.yml
2021-11-18 21:59:57 +01:00
Shlee 2abb53ee23 [Dockerfile] [Security] Update NodeJS to V16 (LTS) on docker. (#16856)
* [Security] Update NodeJS on docker.

https://nodejs.org/en/blog/vulnerability/oct-2021-security-releases/

* Update Dockerfile

* Upgrade npm package

* Update Dockerfile
2021-11-17 07:57:01 +01:00
David Sterry eaad3c0998 add bundle flag to suppress root warning (#16557) 2021-10-14 21:00:38 +02:00
Shlee 9fede6a285 Update Dockerfile (#16696) 2021-09-13 19:03:14 +02:00
Shlee 312ccdb126 NodeJS 14 support - circleci/docker/.nvmrc (#16163)
* Update config.yml

* Update Dockerfile

* Update .nvmrc

* Update Dockerfile

* NodeJS 10 is EOL.

* Update package.json

* Update README.md

* Update Vagrantfile

* Update Dockerfile

* Update Dockerfile
2021-08-10 22:56:13 +02:00
Daigo 3 Dango b9e9bb17d9 Use ruby-2.7.4 (#16481)
Stop using older version of resolv gem as the bug has been fixed.
https://bugs.ruby-lang.org/issues/17781
2021-07-10 01:29:27 +02:00
Claire aa38f15cf1 Revert default Ruby version to 2.7.2 (#16154)
Ruby 2.7.3 introduced a new bug with Resolv::DNS, which we heavily use within
Mastodon: https://bugs.ruby-lang.org/issues/17781

Ruby 2.7.3 also included security fixes for two CVEs, but those do not seem
to apply to Mastodon:
https://github.com/tootsuite/mastodon/pull/16004#issuecomment-815125025
2021-05-04 23:06:19 +02:00
Daigo 3 Dango acd8edcdee Upgrade Ruby to 2.7.3 (#16004)
* Upgrade Ruby to 2.7.3

https://www.ruby-lang.org/en/news/2021/04/05/ruby-2-7-3-released/
includes security fixes to
- CVE-2021-28965: XML round-trip vulnerability in REXML
- CVE-2021-28966: Path traversal in Tempfile on Windows

* Update rexml to 3.2.5

https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
2021-04-09 02:31:36 +02:00
Mashiro d6432f2cb6 build: install shared-mime-info in Dockerfile (#15978) 2021-03-30 10:10:04 +02:00
Sandro bc5683f1b4 Docker: Use precompiled jemalloc, format, apply hadolint suggestions (#10823)
* Format, apply hadolint suggestions, little nitpicks

* Use pre compiled jemalloc

* Use tini from package repository
2021-03-20 21:21:57 +01:00
Shlee 32cf85aa92 Update Dockerfile (#15869) 2021-03-12 05:33:35 +01:00
Daniel Jakots 530d435054 Update to Node.js-12.20.1 (#15558)
This is a security release. You can read the announce at
https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
2021-01-28 22:53:56 +01:00
kaiyou a765a70d6b Fix the Dockerfile in case of Kaniko build (#15510)
Kaniko does not support looking up binaries from $PATH, so we
specify the full path to the bash binary.

Co-authored-by: kaiyou <dev@kaiyou.fr>
2021-01-08 07:13:26 +01:00
Shlee 5630db1dab Update Dockerfile (#15232) 2020-11-29 09:20:02 +01:00
Daigo 3 Dango 75585748c9 Use Ruby 2.7.2 (#15150)
thwait and e2mmap are no longer needed in Gemfile.
Gems properly require those.
2020-11-19 17:46:46 +01:00
Kairui Song | 宋恺睿 4019f5233a Minor fix & improvement for the Dockerfile (#14686)
* Dockerfile: Fix building with multiarch

Tested on amd64 and arm64

* Reduce docker image size by clean up some unneeded source file
2020-08-30 16:45:49 +02:00
Shlee 31e1f4bbef Update Dockerfile (#13582) 2020-06-25 12:17:53 +02:00
Shlee 68bc5ef550 [Security] Update Dockerfile for Ruby 2.6.6 (#13393) 2020-04-05 12:52:07 +02:00
Shlee 0ca5d449ca [Security] Bump Node.js from 12.14.0 to 12.16.1 in Docker (#13235)
* Update Dockerfile

* Update Dockerfile
2020-03-10 12:00:55 +01:00
Sara Aimée Smiseth 8af34e6a64 Fix non-x64 architectures not being able to build Docker image because of hardcoded Node.js architecture (#13081)
* Use ARCH variable instead of hardcoded x64

* fix formating
2020-02-16 12:54:57 +01:00
Shlee 4f80dd3e26 Update Dockerfile (#12997) 2020-01-28 20:33:09 +01:00
Shlee 510f07e94a Upgrade Node v12 in Dockerfile (#12703) 2019-12-30 07:41:40 +01:00