diff --git a/feature-versions/state.json b/feature-versions/state.json index 6bf9e1126..85c66592d 100644 --- a/feature-versions/state.json +++ b/feature-versions/state.json @@ -53,5 +53,35 @@ "tag": "latest", "installed": "sha256:ec12ff37df1749def9d181e5fdc027c9f94f34a7dd5977e8af4e543660a9c766", "filter": ".*\\/Dockerfile" + }, + "ghcr.io/rocker-org/devcontainer/tidyverse": { + "tag": "4", + "installed": "sha256:289c5d02d8115aa209f4a8a49ee9378dccbf623897eed9cc46c87dfbbca9015b", + "filter": ".*\\/(docker-compose\\.yaml|Dockerfile)" + }, + "lscr.io/linuxserver/code-server": { + "tag": "latest", + "installed": "sha256:629232bdd99640dd3d514a40c740a9d42dcb808a844005821b2f4be6e6a8b66e", + "filter": ".*\\/Dockerfile" + }, + "golang": { + "tag": "1.23-bookworm", + "installed": "sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db", + "filter": ".*\\/Dockerfile" + }, + "nvcr.io/nvidia/nemo": { + "tag": "25.07.nemotron-nano-v2", + "installed": "sha256:f96daf8b2f07a4f8fb20e754f91b507e507ceb9119943027a4d43d7ca15e3896", + "filter": ".*\\/Dockerfile" + }, + "nvcr.io/nvidia/clara/clara-parabricks": { + "tag": "4.6.0-1", + "installed": "sha256:d0761eb4b9921bc046c53520287316d545eb79feaeb8f22387e9bb5734650447", + "filter": ".*\\/Dockerfile" + }, + "sosedoff/pgweb": { + "tag": "latest", + "installed": "sha256:a5256d416e2e8b92d69a4459058e3eca33a9f075d8325491644411d0bc3bd70b", + "filter": ".*\\/Dockerfile" } } diff --git a/feature-versions/update.sh b/feature-versions/update.sh index 295bb3f3a..417a1db33 100755 --- a/feature-versions/update.sh +++ b/feature-versions/update.sh @@ -16,18 +16,20 @@ for IMAGE in $(echo "$STATE" | jq -r 'keys | .[]'); do echo "Processing image: $IMAGE" TAG="$(jq -r --arg feat "$IMAGE" '.[$feat].tag' <<< "$STATE")" FILTER="$(jq -r --arg feat "$IMAGE" '.[$feat].filter' <<< "$STATE")" - INSTALLED="$IMAGE@$(jq -r --arg feat "$IMAGE" '.[$feat].installed' <<< "$STATE")" - LATEST="$IMAGE@$(docker buildx imagetools inspect "$IMAGE:$TAG" | grep "Digest:" | awk '{print $2}')" + INSTALLED_DIGEST="$(jq -r --arg feat "$IMAGE" '.[$feat].installed' <<< "$STATE")" + LATEST_DIGEST="$(docker buildx imagetools inspect "$IMAGE:$TAG" | grep "Digest:" | awk '{print $2}')" + + INSTALLED="$IMAGE@$INSTALLED_DIGEST" + LATEST="$IMAGE@$LATEST_DIGEST" if [ "$INSTALLED" != "$LATEST" ]; then echo "Updating $IMAGE from $INSTALLED to $LATEST" pushd "$SRC_DIR" - find . -regex "$FILTER" -print0 | xargs -0L1 sed -i "s|$INSTALLED|$LATEST|g" + find . -regextype posix-extended -regex "$FILTER" -print0 | xargs -0L1 sed -i "s|$INSTALLED|$LATEST|g" popd - LATEST_TAG="$(echo "$LATEST" | cut -d'@' -f2)" - NEW_STATE="$(jq --arg feat "$IMAGE" --arg latest "$LATEST_TAG" '.[$feat].installed = $latest' "$STATE_FILE")" + NEW_STATE="$(jq --arg feat "$IMAGE" --arg latest "$LATEST_DIGEST" '.[$feat].installed = $latest' "$STATE_FILE")" cat <<< "$NEW_STATE" > "$STATE_FILE" else echo "$IMAGE is already up to date." diff --git a/src/aou-common/load-envs/Dockerfile b/src/aou-common/load-envs/Dockerfile index 09d60208e..81ee384e0 100644 --- a/src/aou-common/load-envs/Dockerfile +++ b/src/aou-common/load-envs/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23-bookworm +FROM golang@sha256:167053a2bb901972bf2c1611f8f52c44d5fe7e762e5cab213708d82c421614db WORKDIR /source RUN --mount=type=bind,source=.,target=/source,rw \ mkdir -p /dist && \ diff --git a/src/nemo_jupyter/Dockerfile b/src/nemo_jupyter/Dockerfile index 446b68ae1..8ba884239 100644 --- a/src/nemo_jupyter/Dockerfile +++ b/src/nemo_jupyter/Dockerfile @@ -1,4 +1,4 @@ -FROM nvcr.io/nvidia/nemo:25.07.nemotron-nano-v2 AS base +FROM nvcr.io/nvidia/nemo@sha256:f96daf8b2f07a4f8fb20e754f91b507e507ceb9119943027a4d43d7ca15e3896 AS base ARG NB_USER=jupyter ARG NB_UID=1010 diff --git a/src/pgweb/Dockerfile b/src/pgweb/Dockerfile index c5492e448..4f794a9cc 100644 --- a/src/pgweb/Dockerfile +++ b/src/pgweb/Dockerfile @@ -1,4 +1,4 @@ -FROM sosedoff/pgweb +FROM sosedoff/pgweb@sha256:a5256d416e2e8b92d69a4459058e3eca33a9f075d8325491644411d0bc3bd70b USER root diff --git a/src/r-analysis-aou/Dockerfile b/src/r-analysis-aou/Dockerfile index 856f7ac46..2731bfcde 100644 --- a/src/r-analysis-aou/Dockerfile +++ b/src/r-analysis-aou/Dockerfile @@ -1,4 +1,4 @@ -FROM ghcr.io/rocker-org/devcontainer/tidyverse:4.5 +FROM ghcr.io/rocker-org/devcontainer/tidyverse@sha256:289c5d02d8115aa209f4a8a49ee9378dccbf623897eed9cc46c87dfbbca9015b ARG USER=rstudio ARG HOME=/home/$USER diff --git a/src/r-analysis/docker-compose.yaml b/src/r-analysis/docker-compose.yaml index 1b30d985c..16b84d2c4 100644 --- a/src/r-analysis/docker-compose.yaml +++ b/src/r-analysis/docker-compose.yaml @@ -1,7 +1,7 @@ services: app: container_name: "application-server" - image: "ghcr.io/rocker-org/devcontainer/tidyverse:4.5" + image: "ghcr.io/rocker-org/devcontainer/tidyverse@sha256:289c5d02d8115aa209f4a8a49ee9378dccbf623897eed9cc46c87dfbbca9015b" restart: always volumes: - .:/workspace:cached diff --git a/src/vscode-docker/Dockerfile b/src/vscode-docker/Dockerfile index bd09abbbb..d427443e6 100644 --- a/src/vscode-docker/Dockerfile +++ b/src/vscode-docker/Dockerfile @@ -1,7 +1,7 @@ # VS Code Docker Development Container # Based on lscr.io/linuxserver/code-server with Docker, kubectl, minikube, skaffold, helm, and Go pre-installed -FROM lscr.io/linuxserver/code-server:4.100.3 +FROM lscr.io/linuxserver/code-server@sha256:629232bdd99640dd3d514a40c740a9d42dcb808a844005821b2f4be6e6a8b66e # Install system dependencies RUN apt-get update && apt-get install -y \ diff --git a/src/vscode/Dockerfile b/src/vscode/Dockerfile index edcf42a98..b834d0cb8 100644 --- a/src/vscode/Dockerfile +++ b/src/vscode/Dockerfile @@ -1,4 +1,4 @@ -FROM lscr.io/linuxserver/code-server:4.100.3 +FROM lscr.io/linuxserver/code-server@sha256:629232bdd99640dd3d514a40c740a9d42dcb808a844005821b2f4be6e6a8b66e # Gemini: https://open-vsx.org/extension/Google/geminicodeassist # Claude: https://open-vsx.org/extension/Anthropic/claude-code diff --git a/src/workbench-jupyter-parabricks/Dockerfile b/src/workbench-jupyter-parabricks/Dockerfile index 9d3718604..b6e104928 100644 --- a/src/workbench-jupyter-parabricks/Dockerfile +++ b/src/workbench-jupyter-parabricks/Dockerfile @@ -1,5 +1,5 @@ # Use the official NVIDIA Clara Parabricks container as the base image -FROM nvcr.io/nvidia/clara/clara-parabricks:4.6.0-1 AS base +FROM nvcr.io/nvidia/clara/clara-parabricks@sha256:d0761eb4b9921bc046c53520287316d545eb79feaeb8f22387e9bb5734650447 AS base # Set the default shell for subsequent commands to bash. SHELL ["/bin/bash", "-o", "pipefail", "-c"]