# syntax=docker/dockerfile:1.12.1@sha256:93bfd3b68c109427185cd78b4779fc82b484b0b7618e36d0f104d4d801e66d25 ARG BASE_IMAGE_TYPE=slim # -------------------------------------- # slim image # -------------------------------------- FROM ghcr.io/renovatebot/base-image:9.22.4@sha256:77005817dc99d1d80179510ba4af1b6f8f7fd3e52c1f070b47f1171e8cce3e02 AS slim-base # -------------------------------------- # full image # -------------------------------------- FROM ghcr.io/renovatebot/base-image:9.22.4-full@sha256:86745a4a9c44e7967c234edc83827beaca07edab2799a4960e73ac886f4928b2 AS full-base ENV RENOVATE_BINARY_SOURCE=global # -------------------------------------- # build image # -------------------------------------- FROM --platform=$BUILDPLATFORM ghcr.io/renovatebot/base-image:9.22.4@sha256:77005817dc99d1d80179510ba4af1b6f8f7fd3e52c1f070b47f1171e8cce3e02 AS build # We want a specific node version here # renovate: datasource=node-version RUN install-tool node 22.11.0 WORKDIR /usr/local/renovate ARG TARGETPLATFORM ARG TARGETARCH ARG BUILDPLATFORM RUN set -ex; \ echo "I am running on $BUILDPLATFORM, building for $TARGETPLATFORM"; \ uname -a; \ true # replace `amd64` with `x86_64` for `node` ENV ARCH=${TARGETARCH/amd64/x86_64} ENV ARCH=${ARCH/arm64/aarch64} # fetch static node binary RUN set -ex; \ ver=$(node --version); ver=${ver:1} \ temp_dir="$(mktemp -d)"; \ curl -fsSL "https://github.com/containerbase/node-prebuild/releases/download/${ver}/node-${ver}-${ARCH}.tar.xz" -o ${temp_dir}/node.tar.xz; \ bsdtar --strip 1 -C ${temp_dir} -xf ${temp_dir}/node.tar.xz; \ cp ${temp_dir}/bin/node ./node; \ true # fetch npm packages ENV CI=1 npm_config_modules_cache_max_age=0 \ npm_config_loglevel=info # replace `amd64` with `x64` for `node` ENV ARCH=${TARGETARCH/amd64/x64} COPY --link pnpm-lock.yaml ./ # set `npm_config_arch` for `prebuild-install` # set `npm_config_platform_arch` for `install-artifact-from-github` # only fetch deps from lockfile https://pnpm.io/cli/fetch RUN set -ex; \ export npm_config_arch=${ARCH} npm_config_platform_arch=${ARCH}; \ corepack pnpm fetch --prod; \ true COPY --link . ./ # install npm packages RUN set -ex; \ corepack pnpm install --prod --offline --ignore-scripts; \ true # -------------------------------------- # final image # -------------------------------------- FROM ${BASE_IMAGE_TYPE}-base LABEL name="renovate" LABEL org.opencontainers.image.source="https://github.com/renovatebot/renovate" \ org.opencontainers.image.url="https://renovatebot.com" \ org.opencontainers.image.licenses="AGPL-3.0-only" WORKDIR /usr/src/app COPY tools/docker/bin/ /usr/local/sbin/ ENTRYPOINT ["/usr/local/sbin/renovate-entrypoint.sh"] CMD ["renovate"] ARG RENOVATE_VERSION COPY --link --from=build --chown=root:root /usr/local/renovate/ /usr/local/renovate/ # make our node binary available as last in path RUN ln -sf /usr/local/renovate/node /bin/node # ensure default base and cache directories exist. RUN mkdir -p /tmp/renovate/cache && \ chmod -R 777 /tmp/renovate # test RUN set -ex; \ renovate --version; \ pushd /usr/local/renovate/; \ node -e "new require('re2')('.*').exec('test');new require('better-sqlite3')(':memory:')"; \ true LABEL \ org.opencontainers.image.version="${RENOVATE_VERSION}" \ org.label-schema.version="${RENOVATE_VERSION}" # Numeric user ID for the ubuntu user. Used to indicate a non-root user to OpenShift USER 12021