Distroless patch #19788
Closed
Distroless patch #19788
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fix: not using `ln -s ` in distroless
shendongming
added a commit
to sdm2025/bun
that referenced
this pull request
Nov 27, 2025
## Problem Distroless Docker image build has been failing in CI/CD since v1.1.45 (4+ months ago). This prevented the distroless image from being published to Docker Hub. Error: `exec /bin/sh: no such file or directory` Root cause: Distroless base image does not contain shell, but Dockerfile used heredoc syntax which requires `/bin/sh` to execute. ## Solution 1. Create all symlinks in build stage (where shell is available) - ln -s /usr/local/bin/bun /usr/local/bin/bunx - ln -s /usr/local/bin/bun /usr/local/bun-node-fallback-bin/node 2. In distroless stage, only COPY symlinks (no RUN commands needed) - COPY --from=build /usr/local/bin/bunx - COPY --from=build /usr/local/bun-node-fallback-bin/ 3. Upgrade base image from debian11 to debian12 - Fixes security vulnerabilities (1 HIGH CVE → 0) - Uses gcr.io/distroless/base-debian12 ## Testing - Local build: ✅ Success (both amd64) - Verified symlinks: ✅ All working (bun, bunx, node) - Image size: ~20 MB (minimal as expected) ## Related Issues Closes oven-sh#20414 Closes oven-sh#16666 Related to oven-sh#22601, oven-sh#19788
shendongming
added a commit
to sdm2025/bun
that referenced
this pull request
Nov 27, 2025
## Problem Distroless Docker image build has been failing in CI/CD since v1.1.45 (4+ months ago). This prevented the distroless image from being published to Docker Hub. Error: `exec /bin/sh: no such file or directory` Root cause: Distroless base image does not contain shell, but Dockerfile used heredoc syntax which requires `/bin/sh` to execute. ## Solution 1. Create all symlinks in build stage (where shell is available) - ln -s /usr/local/bin/bun /usr/local/bin/bunx - ln -s /usr/local/bin/bun /usr/local/bun-node-fallback-bin/node 2. In distroless stage, only COPY symlinks (no RUN commands needed) - COPY --from=build /usr/local/bin/bunx - COPY --from=build /usr/local/bun-node-fallback-bin/ 3. Upgrade base image from debian11 to debian12 - Fixes security vulnerabilities (1 HIGH CVE → 0) - Uses gcr.io/distroless/base-debian12 ## Testing - Local build: ✅ Success (linux/amd64) - Azure-dev build: ✅ Success (linux/amd64) - Verified symlinks: ✅ All working (bun, bunx, node) - Image size: 228MB (comparable to debian variant at 221MB) ## Related Issues Closes oven-sh#20414 Closes oven-sh#16666 Related to oven-sh#22601, oven-sh#19788
Contributor
|
fixed by #24055 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does this PR do?
Fix distroless build by not using
ln -sin distroless environment. fixes #19786 and fixes #20414How did you verify your code works?