From 304bba89551fadfbbc854003a7765d4b3762e4a1 Mon Sep 17 00:00:00 2001 From: John Trammell Date: Tue, 23 Jun 2026 12:38:06 -0500 Subject: [PATCH 1/2] fix(Dockerfile): pin base image correctly for dependabot --- Dockerfile | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7d338b1..cae7324 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # ============================================================ # Stage 1: compile OpenSSL 1.1.1, jemalloc, Ruby # ============================================================ -FROM debian:bookworm-slim AS builder +FROM debian:stable-20260610-slim@sha256:34363c20bd149e41365fc77b086da067ed13ab2dff4cd0612788e12e6d52c44c AS build ARG OPENSSL_VERSION=1.1.1w ARG JEMALLOC_VERSION=5.3.1 @@ -107,12 +107,13 @@ LABEL org.opencontainers.image.title="ruby2.6-jemalloc-docker" \ ENV RUBY_VERSION=${RUBY_VERSION} # Copy compiled Ruby, OpenSSL, and CA certificates from builder. -COPY --from=builder /usr/local /usr/local -COPY --from=builder /opt/openssl /opt/openssl -COPY --from=builder /etc/ssl/certs /etc/ssl/certs +COPY --from=build /usr/local /usr/local +COPY --from=build /opt/openssl /opt/openssl +COPY --from=build /etc/ssl/certs /etc/ssl/certs # Install runtime library dependencies and register compiled library paths. -# Remove unnecessary build artifacts (headers, static libs, pkgconfig) to minimize image size. +# Remove unnecessary build artifacts (headers, static libs, pkgconfig) to +# minimize image size. RUN <<'EOF' set -eux From 0f1bc9f62a46c2919612fa06712ed434f34a5387 Mon Sep 17 00:00:00 2001 From: John Trammell Date: Tue, 23 Jun 2026 13:48:02 -0500 Subject: [PATCH 2/2] build: single stage build per arch --- Dockerfile | 92 +++++++++++++++--------------------------------------- Makefile | 20 +++++------- 2 files changed, 32 insertions(+), 80 deletions(-) diff --git a/Dockerfile b/Dockerfile index cae7324..c5b0a38 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,40 +1,50 @@ # syntax=docker/dockerfile:1 -# ============================================================ -# Stage 1: compile OpenSSL 1.1.1, jemalloc, Ruby -# ============================================================ -FROM debian:stable-20260610-slim@sha256:34363c20bd149e41365fc77b086da067ed13ab2dff4cd0612788e12e6d52c44c AS build +FROM debian:stable-20260610-slim@sha256:34363c20bd149e41365fc77b086da067ed13ab2dff4cd0612788e12e6d52c44c ARG OPENSSL_VERSION=1.1.1w ARG JEMALLOC_VERSION=5.3.1 ARG RUBY_VERSION=2.6.10 +LABEL \ + org.opencontainers.image.title="ruby2.6-jemalloc" \ + org.opencontainers.image.description="Ruby ${RUBY_VERSION} image with jemalloc ${JEMALLOC_VERSION}" \ + org.opencontainers.image.source="https://github.com/UMNLibraries/ruby2.6-jemalloc-docker" + ENV DEBIAN_FRONTEND=noninteractive -RUN <<'EOF' +RUN <<__install__ set -eux # Step: install builder dependencies apt-get update +apt-get -y upgrade apt-get install -y --no-install-recommends \ autoconf \ bison \ build-essential \ bzip2 \ ca-certificates \ + libdb-dev \ libffi-dev \ + libffi8 \ libgdbm-dev \ + libgdbm6 \ libncurses5-dev \ + libncurses6 \ libreadline-dev \ + libreadline8 \ + libyaml-0-2 \ libyaml-dev \ pkg-config \ wget \ + zlib1g \ zlib1g-dev rm -rf /var/lib/apt/lists/* -EOF +__install__ # Build OpenSSL 1.1.1 (required by Ruby 2.6; Debian ships OpenSSL 3 which is incompatible) WORKDIR /tmp/build -RUN <