diff --git a/Dockerfile b/Dockerfile index b26aea4..dda14c2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,7 +9,7 @@ # ============================================================================= # Stage 1: Go builder # ============================================================================= -FROM golang:1.26-bookworm@sha256:5d2b868674b57c9e48cdd39e891acce4196b6926ca6d11e9c270a8f85106203d AS builder +FROM golang:1.26.4-bookworm@sha256:5f68ec6805843bd3981a951ffada82a26a0bd2631045c8f7dba483fa868f5ec5 AS builder RUN apt-get update && apt-get install -y --no-install-recommends \ git ca-certificates && \ @@ -50,7 +50,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build \ # ============================================================================= # Stage 2: Runtime # ============================================================================= -FROM debian:bookworm-slim@sha256:0104b334637a5f19aa9c983a91b54c89887c0984081f2068983107a6f6c21eeb +FROM debian:bookworm-slim@sha256:96e378d7e6531ac9a15ad505478fcc2e69f371b10f5cdf87857c4b8188404716 # Install runtime dependencies for Docker access and health checks RUN apt-get update && apt-get install -y --no-install-recommends \ diff --git a/Dockerfile.mcp b/Dockerfile.mcp index c137124..867fa6f 100644 --- a/Dockerfile.mcp +++ b/Dockerfile.mcp @@ -2,7 +2,7 @@ # Build: docker build -f Dockerfile.mcp -t ethpandaops-panda-server . # Build stage -FROM golang:1.26-alpine AS builder +FROM golang:1.26.4-alpine AS builder WORKDIR /app @@ -29,7 +29,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build \ -o /ethpandaops-panda-server ./cmd/server # Runtime stage -FROM alpine:3.20 +FROM alpine:3.24.1 WORKDIR /app diff --git a/Dockerfile.proxy b/Dockerfile.proxy index 0fdb899..0262c5f 100644 --- a/Dockerfile.proxy +++ b/Dockerfile.proxy @@ -2,7 +2,7 @@ # Build: docker build -f Dockerfile.proxy -t ethpandaops-panda-proxy . # Build stage -FROM golang:1.26-alpine AS builder +FROM golang:1.26.4-alpine AS builder WORKDIR /app @@ -29,7 +29,7 @@ RUN CGO_ENABLED=0 GOOS=linux go build \ -o /ethpandaops-panda-proxy ./cmd/proxy # Runtime stage -FROM alpine:3.20 +FROM alpine:3.24.1 WORKDIR /app diff --git a/goreleaser.panda.Dockerfile b/goreleaser.panda.Dockerfile index 5d5a615..72355e2 100644 --- a/goreleaser.panda.Dockerfile +++ b/goreleaser.panda.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.24@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 +FROM alpine:3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b RUN apk add --no-cache ca-certificates tzdata diff --git a/goreleaser.proxy.Dockerfile b/goreleaser.proxy.Dockerfile index ad2bf61..b540929 100644 --- a/goreleaser.proxy.Dockerfile +++ b/goreleaser.proxy.Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.24@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 +FROM alpine:3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b RUN apk add --no-cache ca-certificates tzdata diff --git a/goreleaser.server.Dockerfile b/goreleaser.server.Dockerfile index 9d99057..9caf5dc 100644 --- a/goreleaser.server.Dockerfile +++ b/goreleaser.server.Dockerfile @@ -1,7 +1,7 @@ # ============================================================================= # Runtime # ============================================================================= -FROM alpine:3.24@sha256:a2d49ea686c2adfe3c992e47dc3b5e7fa6e6b5055609400dc2acaeb241c829f4 +FROM alpine:3.24.1@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b RUN apk add --no-cache ca-certificates tzdata docker-cli su-exec diff --git a/sandbox/Dockerfile b/sandbox/Dockerfile index 11963b0..79f1bc6 100644 --- a/sandbox/Dockerfile +++ b/sandbox/Dockerfile @@ -9,7 +9,7 @@ # hard error rather than an unlocked source compile, and no C toolchain is # needed in either stage. -FROM python:3.11-slim@sha256:a3ab0b966bc4e91546a033e22093cb840908979487a9fc0e6e38295747e49ac0 AS builder +FROM python:3.11.15-slim@sha256:ae52c5bef62a6bdd42cd1e8dffef86b9cd284bde9427da79839de7a4b983e7ca AS builder # uv (build-time only; never copied into the final image) COPY --from=ghcr.io/astral-sh/uv:0.11.17@sha256:03bdc89bb9798628846e60c3a9ad19006c8c3c724ccd2985a33145c039a0577b /uv /uvx /bin/ @@ -42,7 +42,7 @@ COPY modules/tracoor/python/tracoor.py /opt/ethpandaops-pkg/ethpandaops/tracoor. # so no toolchain is required to build it. RUN uv pip install --python /usr/local/bin/python3 --prefix /install --no-cache --no-deps /opt/ethpandaops-pkg -FROM python:3.11-slim@sha256:a3ab0b966bc4e91546a033e22093cb840908979487a9fc0e6e38295747e49ac0 +FROM python:3.11.15-slim@sha256:ae52c5bef62a6bdd42cd1e8dffef86b9cd284bde9427da79839de7a4b983e7ca # Create non-root user and runtime directories. RUN useradd -m -s /bin/bash sandbox && \