chore: update docker images (#2091)

staaldraad · samrose · web-flow · commit 76cd0d8cb8ae · 2026-03-22T16:20:06.000Z
* chore: update docker images

* chore: bump to release

---------

Co-authored-by: Sam Rose &lt;samuel@supabase.io&gt;
diff --git a/Dockerfile-15 b/Dockerfile-15
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -48,27 +48,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -154,7 +155,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/15/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/15/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/Dockerfile-17 b/Dockerfile-17
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -49,27 +49,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -160,7 +161,7 @@ COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/17/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/17/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/Dockerfile-kubernetes b/Dockerfile-kubernetes
@@ -1,4 +1,4 @@
-FROM alpine:3.22
+FROM alpine:3.23
 
 ADD ./output-cloudimg/packer-cloudimg /disk/image.qcow2
 
diff --git a/Dockerfile-multigres b/Dockerfile-multigres
@@ -8,7 +8,7 @@
 ####################
 # Stage 0: Nix base — shared Alpine + Nix setup for all builders
 ####################
-FROM alpine:3.21 AS nix-base
+FROM alpine:3.23 AS nix-base
 
 RUN apk add --no-cache \
     bash \
@@ -68,27 +68,29 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
 
-RUN apk add --no-cache gnupg curl
+RUN apk add --no-cache curl git
 
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Shared base — runtime Alpine + config + migrations
 # Both variants inherit from this stage. No /nix dependency here.
 ####################
-FROM alpine:3.21 AS base
+FROM alpine:3.23 AS base
 
 RUN apk add --no-cache \
     bash \
diff --git a/Dockerfile-orioledb-17 b/Dockerfile-orioledb-17
@@ -4,7 +4,7 @@
 ####################
 # Stage 1: Nix builder
 ####################
-FROM alpine:3.21 AS nix-builder
+FROM alpine:3.23 AS nix-builder
 
 # Install dependencies for nix installer (coreutils for GNU cp, sudo for installer)
 RUN apk add --no-cache \
@@ -49,27 +49,28 @@ RUN nix store gc
 ####################
 # Stage 2: Gosu builder
 ####################
-FROM alpine:3.21 AS gosu-builder
+FROM alpine:3.23 AS gosu-builder
 
 ARG TARGETARCH
-ARG GOSU_VERSION=1.16
-
-RUN apk add --no-cache gnupg curl
-
-# Download and verify gosu
-RUN curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}" -o /usr/local/bin/gosu && \
-    curl -fsSL "https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-${TARGETARCH}.asc" -o /usr/local/bin/gosu.asc && \
-    GNUPGHOME="$(mktemp -d)" && \
-    export GNUPGHOME && \
-    gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4 && \
-    gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \
-    rm -rf "$GNUPGHOME" /usr/local/bin/gosu.asc && \
+ARG GOSU_VERSION=1.19
+ARG GO_VERSION=1.26.1
+
+RUN apk add --no-cache curl git
+
+# Install Go
+RUN curl -fsSL "https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | tar -C /usr/local -xz
+ENV PATH="/usr/local/go/bin:${PATH}"
+
+# Build gosu from source
+RUN git clone --depth 1 --branch "${GOSU_VERSION}" https://github.com/tianon/gosu.git /gosu && \
+    cd /gosu && \
+    CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/local/bin/gosu . && \
     chmod +x /usr/local/bin/gosu
 
 ####################
 # Stage 3: Final production image
 ####################
-FROM alpine:3.21 AS production
+FROM alpine:3.23 AS production
 
 # Install minimal runtime dependencies
 RUN apk add --no-cache \
@@ -168,7 +169,7 @@ RUN echo "CREATE EXTENSION orioledb;" > /docker-entrypoint-initdb.d/init-scripts
 
 # Add entrypoint script
 ADD --chmod=0755 \
-    https://github.com/docker-library/postgres/raw/889f9447cd2dfe21cccfbe9bb7945e3b037e02d8/17/bullseye/docker-entrypoint.sh \
+    https://raw.githubusercontent.com/docker-library/postgres/6edb0a8c4def40c371514b34aef9037ec82d9110/17/alpine3.23/docker-entrypoint.sh \
     /usr/local/bin/docker-entrypoint.sh
 
 # Setup pgsodium key script
diff --git a/ansible/vars.yml b/ansible/vars.yml
@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.6.0.057-orioledb"
-  postgres17: "17.6.1.100"
-  postgres15: "15.14.1.100"
+  postgresorioledb-17: "17.6.0.058-orioledb"
+  postgres17: "17.6.1.101"
+  postgres15: "15.14.1.101"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.25.1

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-FROM alpine:3.22`
	`1`	`+FROM alpine:3.23`
`2`	`2`
`3`	`3`	`ADD ./output-cloudimg/packer-cloudimg /disk/image.qcow2`
`4`	`4`