shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-03 13:08:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
release/2.29
coder/scripts/Dockerfile.base
T
Lukasz 7819c471f7 chore: bump bundled terraform to 1.14.5 for 2.29 (#22193) 
Description:
This PR updates the bundled Terraform binary and related version pins
from 1.13.4 to 1.14.5 (base image, installer fallback, and CI/test
fixtures). Terraform is statically built with an embedded Go runtime.
Moving to 1.14.5 updates the embedded toolchain and is intended to
address Go stdlib CVEs reported by security scanning.

Notes:

- Change is version-only; no functional Coder logic changes.

- Backport-friendly: intended to be cherry-picked to release branches
after merge.

---------

Co-authored-by: Jakub Domeracki <jakub@coder.com>
Co-authored-by: Dean Sheather <dean@deansheather.com>
2026-02-23 15:32:41 +01:00

39 lines
1.5 KiB
Docker
Raw Permalink Blame History

# This is the base image used for Coder images. It's a multi-arch image that is
# built in depot.dev for all supported architectures. Since it's built on real
# hardware and not cross-compiled, it can have "RUN" commands.
FROM alpine:3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
# We use a single RUN command to reduce the number of layers in the image.
# NOTE: Keep the Terraform version in sync with minTerraformVersion and
# maxTerraformVersion in provisioner/terraform/install.go.
RUN apk add --no-cache \
curl \
wget \
bash \
git \
openssl \
openssh-client \
tzdata && \
addgroup \
-g 1000 \
coder && \
adduser \
-D \
-s /bin/bash \
-h /home/coder \
-u 1000 \
-G coder \
coder
# Terraform was disabled in the edge repo due to a build issue.
# https://gitlab.alpinelinux.org/alpine/aports/-/commit/f3e263d94cfac02d594bef83790c280e045eba35
# Using wget for now. Note that busybox unzip doesn't support streaming.
RUN ARCH="$(arch)"; if [ "${ARCH}" == "x86_64" ]; then ARCH="amd64"; elif [ "${ARCH}" == "aarch64" ]; then ARCH="arm64"; elif [ "${ARCH}" == "armv7l" ]; then ARCH="arm"; fi; wget -O /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.14.5/terraform_1.14.5_linux_${ARCH}.zip" && \
busybox unzip /tmp/terraform.zip -d /usr/local/bin && \
rm -f /tmp/terraform.zip && \
chmod +x /usr/local/bin/terraform && \
terraform --version
USER 1000:1000
ENV HOME=/home/coder
ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt
WORKDIR /home/coder
Reference in New Issue View Git Blame Copy Permalink