Merge pull request #6232 from nextcloud/enh/noid/install-watchtower-from-github

watchtower: install from github repo to fix some security issues
2025-12-19 22:16:49 +00:00 · 2025-03-31 11:04:18 +02:00 · 2025-03-31 11:04:18 +02:00 · 2516938702
commit 2516938702
parent 203d196e9e 631253ef71
3 changed files with 12 additions and 5 deletions
--- a/Containers/imaginary/Dockerfile
+++ b/Containers/imaginary/Dockerfile
@ -1,9 +1,10 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.24.1-alpine3.21 AS go

-ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3
+ENV IMAGINARY_HASH=1d4e251cfcd58ea66f8361f8721d7b8cc85002a3

 RUN set -ex; \
+    apk upgrade --no-cache -a; \
    apk add --no-cache \
        vips-dev \
        vips-magick \
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@ -7,6 +7,7 @@ FROM alpine:3.21.3 AS janus
 ARG JANUS_VERSION=v1.3.1
 WORKDIR /src
 RUN set -ex; \
+    apk upgrade --no-cache -a; \
    apk add --no-cache \
        ca-certificates \
        git \
--- a/Containers/watchtower/Dockerfile
+++ b/Containers/watchtower/Dockerfile
@ -1,14 +1,19 @@
 # syntax=docker/dockerfile:latest
-# From https://github.com/containrrr/watchtower/blob/main/dockerfiles/Dockerfile.self-contained
-FROM containrrr/watchtower:1.7.1 AS watchtower
+FROM golang:1.24.1-alpine3.21 AS go
+
+RUN set -ex; \
+    apk upgrade --no-cache -a; \
+    apk add --no-cache \
+        build-base; \
+    go install github.com/containrrr/watchtower@76f9cea516593fabb8ca91ff13de55caa6aa0a8b;

 FROM alpine:3.21.3

 RUN set -ex; \
    apk upgrade --no-cache -a; \
-    apk add --no-cache bash
+    apk add --no-cache bash ca-certificates tzdata

-COPY --from=watchtower /watchtower /watchtower
+COPY --from=go /go/bin/watchtower /watchtower

 COPY --chmod=775 start.sh /start.sh