B 20119 update build image

.node-version

@@ -1 +1 @@
-18.13.0
+18.20.2

Dockerfile

@@ -1,11 +1,11 @@
 # CircleCI docker image to run within
-FROM cimg/python:3.10.7-node
+FROM cimg/python:3.12.1-node
 # Base image uses "circleci", to avoid using `sudo` run as root user
 USER root
 
 # install shellcheck
-ARG SHELLCHECK_VERSION=0.7.1
-ARG SHELLCHECK_SHA256SUM=64f17152d96d7ec261ad3086ed42d18232fcb65148b44571b564d688269d36c8
+ARG SHELLCHECK_VERSION=0.10.0
+ARG SHELLCHECK_SHA256SUM=6c881ab0698e4e6ea235245f22832860544f17ba386442fe7e9d629f8cbedf87
 RUN set -ex && cd ~ \
   && curl -sSLO https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz \
   && [ $(sha256sum shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz | cut -f1 -d' ') = ${SHELLCHECK_SHA256SUM} ] \
@@ -14,9 +14,9 @@ RUN set -ex && cd ~ \
   && chown root:root /usr/local/bin/shellcheck \
   && rm -vrf shellcheck-v${SHELLCHECK_VERSION} shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz
 
-# install circleci cli
-ARG CIRCLECI_CLI_VERSION=0.1.15195
-ARG CIRCLECI_CLI_SHA256SUM=c3f4830767aa14b02bac2dbc188cada7ef2f00055b43210337806033a1ded4f4
+# install circleci cli https://github.com/CircleCI-Public/circleci-cli/releases/download/v0.1.30549/circleci-cli_0.1.30549_linux_amd64.tar.gz
+ARG CIRCLECI_CLI_VERSION=0.1.28811
+ARG CIRCLECI_CLI_SHA256SUM=a4d249a75179a8a2624629c8c8274c067f28a6d64babfe11435d768f8ea64b8c
 RUN set -ex && cd ~ \
   && curl -sSLO https://github.com/CircleCI-Public/circleci-cli/releases/download/v${CIRCLECI_CLI_VERSION}/circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz \
   && [ $(sha256sum circleci-cli_${CIRCLECI_CLI_VERSION}_linux_amd64.tar.gz | cut -f1 -d' ') = ${CIRCLECI_CLI_SHA256SUM} ] \
@@ -28,7 +28,7 @@ RUN set -ex && cd ~ \
 
 # install awscliv2, disable default pager (less)
 ENV AWS_PAGER=""
-ARG AWSCLI_VERSION=2.1.38
+ARG AWSCLI_VERSION=2.15.43
 COPY sigs/awscliv2_pgp.key /tmp/awscliv2_pgp.key
 RUN gpg --import /tmp/awscliv2_pgp.key
 RUN set -ex && cd ~ \
@@ -40,8 +40,8 @@ RUN set -ex && cd ~ \
   && aws --version \
   && rm -r awscliv2.zip awscliv2.sig aws
 
-ARG CHAMBER_VERSION=2.9.1
-ARG CHAMBER_SHA256SUM=947a997374dacf6a2133688a5a6e459dd1603c63c8c92cd10b1274eaa8e4cb66
+ARG CHAMBER_VERSION=2.14.1
+ARG CHAMBER_SHA256SUM=4b19a0ef87567626527e8927900b2e7c300015c5942c1e20d6446aed087489ee
 RUN set -ex && cd ~ \
   && curl -sSLO https://github.com/segmentio/chamber/releases/download/v${CHAMBER_VERSION}/chamber-v${CHAMBER_VERSION}-linux-amd64 \
   && [ $(sha256sum chamber-v${CHAMBER_VERSION}-linux-amd64 | cut -f1 -d' ') = ${CHAMBER_SHA256SUM} ] \

milmove-app/Dockerfile

@@ -11,8 +11,8 @@ USER root
 ENV GOFLAGS=-p=4
 
 # install go
-ARG GO_VERSION=1.20.6
-ARG GO_SHA256SUM=b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb
+ARG GO_VERSION=1.22.2
+ARG GO_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17
 RUN set -ex && cd ~ \
   && curl -sSLO https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz \
   && [ $(sha256sum go${GO_VERSION}.linux-amd64.tar.gz | cut -f1 -d' ') = ${GO_SHA256SUM} ] \
@@ -32,23 +32,31 @@ RUN set -ex && cd ~ \
 # apt-get project dependencies
 # Notes:
 # - When adding apt sources do it before 'apt-get update'
+ARG SETUP_18_X_SHA256SUM="86a3bed32e7505046b574238810a2978b1d50be740ad13f18dc674b6e46af9a5"
+
 ARG CACHE_APT
 RUN set -ex && cd ~ \
   && : Remove existing node \
   && rm -rf /usr/local/bin/node /usr/local/bin/nodejs \
-  && : Add Node 18.13.0 \
-  # This is so we can pin to specific Node versions
-  # See https://github.com/nodesource/distributions/issues/33#issuecomment-337767815
-  # See https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/ for list of packages
-  && curl -o nodejs.deb https://deb.nodesource.com/node_18.x/pool/main/n/nodejs/nodejs_18.13.0-deb-1nodesource1_amd64.deb \
-  && dpkg -i ./nodejs.deb \
-  && rm nodejs.deb \
+  && : Add Node 18.20.2 \
+  && curl -sSLO https://deb.nodesource.com/setup_18.x \
+  && echo "${SETUP_18_X_SHA256SUM} setup_18.x" | sha256sum -c - \
+  && bash setup_18.x \
+  && rm setup_18.x \
   && : Add Yarn \
-  && curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
+  && curl -sSLf https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
   && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
-  && apt-get -qq update \
-  && : Install apt packages \
-  && apt-get -qq -y install --no-install-recommends nodejs yarn entr postgresql-client \
+  #&& : Install postgresql repo \
+  #&& sh -c 'echo "deb http://apt-archive.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg-archive main" > /etc/apt/sources.list.d/pgdg.list' \
+  #&& curl -sSLf -o - https://www.postgresql.org/media/keys/ACCC4CF8.asc | apt-key add - \  
+  #&& apt-get -qq update \
+  #&& : Install pinned postgresql packages \
+  #&& apt-get -y install --no-install-recommends \
+  #  postgresql-client-12=12.13-1.pgdg20.04+1 \
+  #  libpq5=12.15-1.pgdg20.04+1 \
+  #  libpq-dev=12.15-1.pgdg20.04+1 \  
+  #&& : Install apt packages \
+  && apt-get -qq -y install --no-install-recommends nodejs yarn entr postgresql-client\
   && : Cleanup \
   && apt-get clean \
   && rm -vrf /var/lib/apt/lists/*

test

@@ -35,7 +35,7 @@ function test_milmove_app() {
 function test_milmove_cypress() {
   tag=milmove-cypress
   echo "Testing ${tag} Dockerfile"
-
+  
   docker run -it "milmove/circleci-docker:${tag}" yarn cypress version
 
   echo "Passed ${tag}"
@@ -44,7 +44,7 @@ function test_milmove_cypress() {
 function test_milmove_infra_tf132() {
   tag=milmove-infra-tf132
   echo "Testing ${tag} Dockerfile"
-
+  
   docker run -it "milmove/circleci-docker:${tag}" find-guardduty-user version
   docker run -it "milmove/circleci-docker:${tag}" terraform --version
   docker run -it "milmove/circleci-docker:${tag}" terraform-docs --version