Skip to content

fix: Don't fail on Alpine checksums for Security releases#2421

Merged
nschonni merged 1 commit intonodejs:mainfrom
nschonni:skip-alpine-security-failure
Mar 26, 2026
Merged

fix: Don't fail on Alpine checksums for Security releases#2421
nschonni merged 1 commit intonodejs:mainfrom
nschonni:skip-alpine-security-failure

Conversation

@nschonni
Copy link
Member

@nschonni nschonni commented Mar 16, 2026

Description

Added back the recent "skip" concept for the Apline checksums falling over, but still allow Alpine to try and update itself if the checksum is available.

Motivation and Context

Testing Details

Example Output(if appropriate)

Types of changes

  • Documentation
  • Version change (Update, remove or add more Node.js versions)
  • Variant change (Update, remove or add more variants, or versions of variants)
  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Other (none of the above)

Checklist

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING.md document.
  • All new and existing tests passed.

@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Mar 16, 2026
edited
Loading

@nschonni

We've overlapped again! So I'll put my help text PR #2420 into draft state.

@nschonni nschonni force-pushed the skip-alpine-security-failure branch from b302c67 to 678ef04 Compare March 16, 2026 14:45
@nschonni
Copy link
Member Author

nschonni commented Mar 16, 2026

I've updated the help text after seeing yours

@MikeMcC399 MikeMcC399 mentioned this pull request Mar 16, 2026
Closed
12 tasks
@nschonni
Copy link
Member Author

nschonni commented Mar 16, 2026

I didn't check what happens to the automation after a partial version update without the Alpine builds lands here? Will it still pick up the partial/continue with a new PR (with a colliding PR name)

@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Mar 17, 2026
edited
Loading

It seems this would be related to issue #2363 and to the attempts to decouple security releases from musl builds submitted by:

both of the PRs have stalled.

Also #2424 from @RafaelGSS says there's a security release planned on 2026-03-24, in one week, so it looks like there is an urgent need to get some of this sorted out in case there is a delay in musl builds on Tuesday next week.

MikeMcC399
MikeMcC399 reviewed Mar 18, 2026
View reviewed changes
MikeMcC399
MikeMcC399 reviewed Mar 18, 2026
View reviewed changes
@MikeMcC399

This comment was marked as resolved.

Sign in to view
@MikeMcC399

This comment was marked as resolved.

Sign in to view
MikeMcC399
MikeMcC399 suggested changes Mar 18, 2026
View reviewed changes
Copy link
Contributor

@MikeMcC399 MikeMcC399 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some code change suggestions and comments.

@nschonni nschonni force-pushed the skip-alpine-security-failure branch from 3eb4bbb to 70bcff2 Compare March 18, 2026 20:17
@nschonni
Copy link
Member Author

nschonni commented Mar 18, 2026

There is a related issue with checking the availability of the musl releases, as it only checks for

"node-v${nodeVersion}-linux-x64-musl.tar.xz"

In the last security update, there were different timestamps

* `node-v24.13.0-linux-x64-musl.tar.gz` 14-Jan-2026 16:36

* `node-v24.13.0-linux-arm64-musl.tar.gz` 14-Jan-2026 22:55

so checking only for the x64 release is not enough. It would need to check also for the arm64 release. Both would need to be present to continue for a non-security release.

For a security release (with option -s) if either musl build (x64 or arm64) is missing then Alpine updates should be skipped.

Only the x64 build is used by the image, not the ARM one, so it does slow down the build on the unofficial builds, it only blocks here because the builds are serial

MikeMcC399

This comment was marked as resolved.

Sign in to view

@MikeMcC399
Copy link
Contributor

MikeMcC399 commented Mar 19, 2026

Only the x64 build is used by the image, not the ARM one, so it does slow down the build on the unofficial builds, it only blocks here because the builds are serial

I hadn't looked into how this worked, so thanks for the explanation! This is a different topic though, so I probably shouldn't have introduced it here.

MikeMcC399
MikeMcC399 reviewed Mar 20, 2026
View reviewed changes
@MikeMcC399

This comment was marked as resolved.

Sign in to view
@nschonni nschonni force-pushed the skip-alpine-security-failure branch from 70bcff2 to b5ebba6 Compare March 26, 2026 00:07
@nschonni
Copy link
Member Author

nschonni commented Mar 26, 2026

Added a quard around the mv, and now I'm getting a zero exit

pdating version 20...
Updating version 22...
20/alpine3.22/Dockerfile updated!
20/alpine3.23/Dockerfile updated!
20/bookworm/Dockerfile updated!
20/bookworm-slim/Dockerfile updated!
20/bullseye/Dockerfile updated!
20/bullseye-slim/Dockerfile updated!
20/trixie/Dockerfile updated!
20/trixie-slim/Dockerfile updated!
Updating version 24...
22/alpine3.22/Dockerfile updated!
22/alpine3.23/Dockerfile updated!
22/bookworm/Dockerfile updated!
22/bullseye/Dockerfile updated!
22/bookworm-slim/Dockerfile updated!
22/bullseye-slim/Dockerfile updated!
22/trixie/Dockerfile updated!
22/trixie-slim/Dockerfile updated!
Updating version 25...
24/alpine3.22/Dockerfile updated!
24/alpine3.23/Dockerfile updated!
24/bookworm/Dockerfile updated!
24/bookworm-slim/Dockerfile updated!
24/bullseye/Dockerfile updated!
24/bullseye-slim/Dockerfile updated!
24/trixie/Dockerfile updated!
24/trixie-slim/Dockerfile updated!
25.8.2 is missing the musl build, but skipping for security release!
diff: 25/alpine3.22/Dockerfile-tmp: No such file or directory
25/alpine3.22/Dockerfile updated!
25.8.2 is missing the musl build, but skipping for security release!
diff: 25/alpine3.23/Dockerfile-tmp: No such file or directory
25/alpine3.23/Dockerfile updated!
25/bookworm/Dockerfile updated!
25/bookworm-slim/Dockerfile updated!
25/bullseye/Dockerfile updated!
25/bullseye-slim/Dockerfile updated!
25/trixie/Dockerfile updated!
25/trixie-slim/Dockerfile updated!
Done!

@MikeMcC399

This comment was marked as outdated.

Sign in to view
MikeMcC399

This comment was marked as resolved.

Sign in to view

@nschonni nschonni force-pushed the skip-alpine-security-failure branch from b5ebba6 to 69aa9b2 Compare March 26, 2026 13:00
MikeMcC399
MikeMcC399 approved these changes Mar 26, 2026
View reviewed changes
Copy link
Contributor

@MikeMcC399 MikeMcC399 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No more feedback from me. Looks good to go!

@nschonni nschonni merged commit bcdac65 into nodejs:main Mar 26, 2026
3 checks passed
@nschonni nschonni deleted the skip-alpine-security-failure branch March 26, 2026 13:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RafaelGSS RafaelGSS RafaelGSS approved these changes

+1 more reviewer

@MikeMcC399 MikeMcC399 MikeMcC399 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nschonni @MikeMcC399 @RafaelGSS