diff --git a/github-actions-staging.Dockerfile b/github-actions-staging.Dockerfile index 49d11746..ad4ac2a9 100644 --- a/github-actions-staging.Dockerfile +++ b/github-actions-staging.Dockerfile @@ -2,7 +2,7 @@ # difference is that it consumes ./bin/github-actions (built by welder) instead # of dist/github-actions (built by CI). Keep the two files in sync. -FROM alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 AS builder +FROM alpine:3.24@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b AS builder RUN apk update && apk upgrade --no-cache \ && apk add --no-cache curl bash binutils upx ca-certificates tar python3 \ @@ -73,7 +73,7 @@ RUN rm -rf \ && rm -rf /tmp/* /var/tmp/* # ── runtime ───────────────────────────────────────────────────────────────── -FROM alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 +FROM alpine:3.24@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b # aws-cli needed by Pulumi local.Command shell-outs (e.g. `aws s3 sync` in the # static-website template at pkg/clouds/pulumi/aws/static_website.go). diff --git a/github-actions.Dockerfile b/github-actions.Dockerfile index 2863e9b6..be698d66 100644 --- a/github-actions.Dockerfile +++ b/github-actions.Dockerfile @@ -5,7 +5,7 @@ # git ops. HEALTHCHECK omitted: one-shot action, never long-running. # Refresh: docker buildx imagetools inspect alpine:3.21 -FROM alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 AS builder +FROM alpine:3.24@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b AS builder # python3 needed so `gcloud components install` doesn't fall back to (and recreate) the bundled Python we want to delete. RUN apk update && apk upgrade --no-cache \ @@ -84,7 +84,7 @@ RUN rm -rf \ && rm -rf /tmp/* /var/tmp/* # ── runtime ───────────────────────────────────────────────────────────────── -FROM alpine:3.23@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11 +FROM alpine:3.24@sha256:28bd5fe8b56d1bd048e5babf5b10710ebe0bae67db86916198a6eec434943f8b # python3 stays — gcloud invokes it. py3-pip / binutils / upx confined to builder. # aws-cli needed by Pulumi local.Command shell-outs (e.g. `aws s3 sync` in the