chore(deps): update debian:trixie-slim docker digest to c288011

.gitea/workflows/build.yml

@@ -2,9 +2,11 @@ name: Build Docker Image
 
 on:
   push:
-    # Only build on tags (like v1.0.0)
+    branches:
-    tags:
+      - master
-      - "v*"
+    # Renovate will push updates as commits
+    paths:
+      - "Dockerfile"
 
 jobs:
   build-docker:
@@ -13,7 +15,7 @@ jobs:
       image: catthehacker/ubuntu:act-latest
 
     steps:
-      # 1. Checkout the repo
+      # 1. Checkout repository
       - name: Checkout repository
         uses: actions/checkout@v5
         with:
@@ -31,12 +33,18 @@ jobs:
           username: ${{ secrets.REGISTRY_USERNAME }}
           password: ${{ secrets.REGISTRY_TOKEN }}
 
-      # 4. Build and push Docker image
+      # 4. Define timestamp tag
+      - name: Set Docker image tags
+        id: docker_tags
+        run: |
+          TIMESTAMP=$(date +'%Y.%m.%d-%H%M%S')
+          echo "tags=git.comprofix.com/mmckinnon/debian-latest:latest,git.comprofix.com/mmckinnon/debian-latest:$TIMESTAMP" >> $GITHUB_ENV
+
+      # 5. Build & push Docker image
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
+          context: .
           file: ./Dockerfile
           push: true
-          tags: |
+          tags: ${{ env.tags }}
-            git.comprofix.com/mmckinnon/debian-runner:latest
-            git.comprofix.com/mmckinnon/debian-runner:${{ github.ref_name }}

Dockerfile

@@ -1,48 +1,69 @@
-##############################
+# =========================
 # Stage 1: Builder
-##############################
+# =========================
-FROM debian:trixie-slim AS builder
+FROM debian:trixie-slim@sha256:c2880112cc5c61e1200c26f106e4123627b49726375eb5846313da9cca117337 AS builder
 
-ENV DEBIAN_FRONTEND=noninteractive
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8
 
 # Install build dependencies
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    build-essential \
     curl \
+    git \
+    bash \
+    openssh-client \
     ca-certificates \
+    procps \
+    iproute2 \
+    netcat-traditional \
+    unzip \
+    iputils-ping \
     python3 \
     python3-venv \
-    python3-pip \
+    build-essential \
+    zlib1g-dev \
+    libffi-dev \
+    libssl-dev \
     ruby-full \
-    nodejs \
-    git \
     && rm -rf /var/lib/apt/lists/*
 
-# Create a Python virtual environment (example usage)
+# Install Node.js 22
-RUN python3 -m venv /opt/venv
+RUN curl -fsSL https://deb.nodesource.com/setup_22.x | bash - \
+    && apt-get install -y nodejs \
+    && npm install -g npm \
+    && rm -rf /var/lib/apt/lists/*
 
-##############################
+# Create Python virtual environment for Ansible
-# Stage 2: Runtime
+RUN python3 -m venv /opt/venv \
-##############################
+    && /opt/venv/bin/pip install --no-cache-dir --upgrade pip ansible
-FROM debian:trixie-slim
 
-ENV DEBIAN_FRONTEND=noninteractive
+# =========================
+# Stage 2: Final runtime image
+# =========================
+FROM debian:trixie-slim@sha256:c2880112cc5c61e1200c26f106e4123627b49726375eb5846313da9cca117337
 
-# Install only runtime dependencies
+ENV DEBIAN_FRONTEND=noninteractive \
+    LANG=C.UTF-8 \
+    PATH=/opt/venv/bin:$PATH
+
+# Install runtime dependencies only
 RUN apt-get update && apt-get install -y --no-install-recommends \
+    bash \
+    openssh-client \
     ca-certificates \
+    iputils-ping \
     python3 \
+    python3-venv \
     ruby-full \
     nodejs \
     git \
     && rm -rf /var/lib/apt/lists/*
 
-# Copy built tools from builder
+# Copy built Python venv from builder
 COPY --from=builder /opt/venv /opt/venv
 
-# Set Python virtual environment path
+# Set working directory
-ENV PATH="/opt/venv/bin:$PATH"
-
 WORKDIR /workspace
 
-CMD ["bash"]
+# Default shell
+SHELL ["/bin/bash", "-c"]