From 0a98219030c54b9b4e3ab869cce01ab86d343547 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Sun, 3 Aug 2025 21:25:31 +0000 Subject: [PATCH 1/3] chore: pin dependencies in Dockerfiles --- dogfood/coder/Dockerfile | 7 ++++--- scripts/Dockerfile.base | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/dogfood/coder/Dockerfile b/dogfood/coder/Dockerfile index dbafcd7add427..4e86b9e7ddf8c 100644 --- a/dogfood/coder/Dockerfile +++ b/dogfood/coder/Dockerfile @@ -29,6 +29,7 @@ RUN apt-get update && \ mkdir --parents /usr/local/go && \ tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 && \ mkdir --parents "$GOPATH" && \ + go env -w GOSUMDB=sum.golang.org && \ # moq for Go tests. go install github.com/matryer/moq@v0.2.3 && \ # swag for Swagger doc generation @@ -252,9 +253,9 @@ RUN source $NVM_DIR/nvm.sh && \ nvm install $NODE_VERSION && \ nvm use $NODE_VERSION ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION/bin:$PATH -# Allow patch updates for npm and pnpm -RUN npm install -g npm@10.8.1 --integrity=sha512-Dp1C6SvSMYQI7YHq/y2l94uvI+59Eqbu1EpuKQHQ8p16txXRuRit5gH3Lnaagk2aXDIjg/Iru9pd05bnneKgdw== -RUN npm install -g pnpm@9.15.1 --integrity=sha512-GstWXmGT7769p3JwKVBGkVDPErzHZCYudYfnHRncmKQj3/lTblfqRMSb33kP9pToPCe+X6oj1n4MAztYO+S/zw== +RUN corepack enable && \ + corepack prepare npm@10.8.1 --activate && \ + corepack prepare pnpm@9.15.1 --activate RUN pnpx playwright@1.47.0 install --with-deps chromium diff --git a/scripts/Dockerfile.base b/scripts/Dockerfile.base index 8bcb59c325b19..f5e89f8a048fa 100644 --- a/scripts/Dockerfile.base +++ b/scripts/Dockerfile.base @@ -1,7 +1,7 @@ # This is the base image used for Coder images. It's a multi-arch image that is # built in depot.dev for all supported architectures. Since it's built on real # hardware and not cross-compiled, it can have "RUN" commands. -FROM alpine:3.21.3 +FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c # We use a single RUN command to reduce the number of layers in the image. # NOTE: Keep the Terraform version in sync with minTerraformVersion and From f34d29b5171fb7bdabc52fc5114a0148cac0949d Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Sun, 3 Aug 2025 22:08:37 +0000 Subject: [PATCH 2/3] fix the rest --- .devcontainer/filebrowser/install.sh | 10 +++++++++- .devcontainer/scripts/post_create.sh | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) mode change 100644 => 100755 .devcontainer/filebrowser/install.sh diff --git a/.devcontainer/filebrowser/install.sh b/.devcontainer/filebrowser/install.sh old mode 100644 new mode 100755 index 48158a38cd782..86041a81e803e --- a/.devcontainer/filebrowser/install.sh +++ b/.devcontainer/filebrowser/install.sh @@ -8,7 +8,15 @@ printf "%sInstalling filebrowser\n\n" "${BOLD}" # Check if filebrowser is installed. if ! command -v filebrowser &>/dev/null; then - curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash + VERSION="v2.24.1" + EXPECTED_HASH="7d83c0f077df10a8ec9bfd9bf6e745da5d172c3c768a322b0e50583a6bc1d3cc" + + curl -fsSL "https://github.com/filebrowser/filebrowser/releases/download/${VERSION}/linux-amd64-filebrowser.tar.gz" -o /tmp/filebrowser.tar.gz + echo "${EXPECTED_HASH} /tmp/filebrowser.tar.gz" | sha256sum -c + tar -xzf /tmp/filebrowser.tar.gz -C /tmp + sudo mv /tmp/filebrowser /usr/local/bin/ + sudo chmod +x /usr/local/bin/filebrowser + rm /tmp/filebrowser.tar.gz fi # Create entrypoint. diff --git a/.devcontainer/scripts/post_create.sh b/.devcontainer/scripts/post_create.sh index 8799908311431..50acf3b577b57 100755 --- a/.devcontainer/scripts/post_create.sh +++ b/.devcontainer/scripts/post_create.sh @@ -1,7 +1,7 @@ #!/bin/sh install_devcontainer_cli() { - npm install -g @devcontainers/cli + npm install -g @devcontainers/cli@0.80.0 --integrity=sha512-w2EaxgjyeVGyzfA/KUEZBhyXqu/5PyWNXcnrXsZOBrt3aN2zyGiHrXoG54TF6K0b5DSCF01Rt5fnIyrCeFzFKw== } install_ssh_config() { From 2d9c5ea1b1352372e67957bcd8ae518422342828 Mon Sep 17 00:00:00 2001 From: Jon Ayers Date: Sun, 3 Aug 2025 22:14:26 +0000 Subject: [PATCH 3/3] fix filebrowser version --- .devcontainer/filebrowser/install.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.devcontainer/filebrowser/install.sh b/.devcontainer/filebrowser/install.sh index 86041a81e803e..6e8d58a14bf80 100755 --- a/.devcontainer/filebrowser/install.sh +++ b/.devcontainer/filebrowser/install.sh @@ -8,7 +8,7 @@ printf "%sInstalling filebrowser\n\n" "${BOLD}" # Check if filebrowser is installed. if ! command -v filebrowser &>/dev/null; then - VERSION="v2.24.1" + VERSION="v2.42.1" EXPECTED_HASH="7d83c0f077df10a8ec9bfd9bf6e745da5d172c3c768a322b0e50583a6bc1d3cc" curl -fsSL "https://github.com/filebrowser/filebrowser/releases/download/${VERSION}/linux-amd64-filebrowser.tar.gz" -o /tmp/filebrowser.tar.gz