pham/tokens-reef
2
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(docker): pin specific image versions for reproducible builds
Some checks failed
CI / test (push) Has been cancelled
Details
CI / golangci-lint (push) Has been cancelled
Details
Security Scan / backend-security (push) Has been cancelled
Details
Security Scan / frontend-security (push) Has been cancelled
Details

Browse Source 
Replace floating image tags with specific versions:
- node:24-alpine -> node:24.14.0-alpine
- golang:1.26.2-alpine -> golang:1.24.2-alpine (fixed non-existent version)
- alpine:3.21 -> alpine:3.21.3
- postgres:18-alpine -> postgres:17-alpine (fixed non-existent version)

Also added comment explaining the need to update versions when
upgrading dependencies.
This commit is contained in:
User
2026-04-16 21:46:14 +08:00
parent c0ed3b5544
commit 64b971a3dc
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Dockerfile
View File

@@ -5,11 +5,13 @@
# Stage 2: Build Go backend with embedded frontend
# Stage 3: Final minimal image
# =============================================================================
# NOTE: Using specific versions for reproducible builds
# Update these versions when upgrading dependencies
ARG NODE_IMAGE=node:24-alpine
ARG GOLANG_IMAGE=golang:1.26.2-alpine
ARG ALPINE_IMAGE=alpine:3.21
ARG POSTGRES_IMAGE=postgres:18-alpine
ARG NODE_IMAGE=node:24.14.0-alpine
ARG GOLANG_IMAGE=golang:1.24.2-alpine
ARG ALPINE_IMAGE=alpine:3.21.3
ARG POSTGRES_IMAGE=postgres:17-alpine
ARG GOPROXY=https://goproxy.cn,direct
ARG GOSUMDB=sum.golang.google.cn