workflow-engine (5.0.0-cve)
Published 2025-11-12 16:59:05 +00:00 by forgeci
Installation
docker pull forge.sath.com/sath/workflow-engine:5.0.0-cvesha256:298eb789e09500b44717bc3edc59d04e843e0ceb1dbfef5bf4ede6e24a956adfImage layers
| ADD alpine-minirootfs-3.21.5-x86_64.tar.gz / # buildkit |
| CMD ["/bin/sh"] |
| ENV NODE_VERSION=24.11.0 |
| RUN /bin/sh -c addgroup -g 1000 node && adduser -u 1000 -G node -s /bin/sh -D node && apk add --no-cache libstdc++ && apk add --no-cache --virtual .build-deps curl && ARCH= OPENSSL_ARCH='linux*' && alpineArch="$(apk --print-arch)" && case "${alpineArch##*-}" in x86_64) ARCH='x64' CHECKSUM="7dd9412f284aaf215d0f9b14e841a3f4c31a85dee2dc58e0e81f9fcf2b92f4e7" OPENSSL_ARCH=linux-x86_64;; x86) OPENSSL_ARCH=linux-elf;; aarch64) OPENSSL_ARCH=linux-aarch64;; arm*) OPENSSL_ARCH=linux-armv4;; ppc64le) OPENSSL_ARCH=linux-ppc64le;; s390x) OPENSSL_ARCH=linux-s390x;; *) ;; esac && if [ -n "${CHECKSUM}" ]; then set -eu; curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v$NODE_VERSION/node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz"; echo "$CHECKSUM node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" | sha256sum -c - && tar -xJf "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner && ln -s /usr/local/bin/node /usr/local/bin/nodejs; else echo "Building from source" && apk add --no-cache --virtual .build-deps-full binutils-gold g++ gcc gnupg libgcc linux-headers make python3 py-setuptools && export GNUPGHOME="$(mktemp -d)" && for key in 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 CC68F5A3106FF448322E48ED27F5E38D5B0A215F 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C 108F52B48DB57BB0CC439B2997B01419BD92F80A A363A499291CBBC940DD62E41F10027AF002F8B0 ; do { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; done && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION.tar.xz" && curl -fsSLO --compressed "https://nodejs.org/dist/v$NODE_VERSION/SHASUMS256.txt.asc" && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc && gpgconf --kill all && rm -rf "$GNUPGHOME" && grep " node-v$NODE_VERSION.tar.xz\$" SHASUMS256.txt | sha256sum -c - && tar -xf "node-v$NODE_VERSION.tar.xz" && cd "node-v$NODE_VERSION" && ./configure && make -j$(getconf _NPROCESSORS_ONLN) V= && make install && apk del .build-deps-full && cd .. && rm -Rf "node-v$NODE_VERSION" && rm "node-v$NODE_VERSION.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; fi && rm -f "node-v$NODE_VERSION-linux-$ARCH-musl.tar.xz" && find /usr/local/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; && apk del .build-deps && node --version && npm --version && rm -rf /tmp/* # buildkit |
| ENV YARN_VERSION=1.22.22 |
| RUN /bin/sh -c apk add --no-cache --virtual .build-deps-yarn curl gnupg tar && export GNUPGHOME="$(mktemp -d)" && for key in 6A010C5166006599AA17F08146C2130DFD2497F5 ; do { gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" && gpg --batch --fingerprint "$key"; } || { gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" && gpg --batch --fingerprint "$key"; } ; done && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz" && curl -fsSLO --compressed "https://yarnpkg.com/downloads/$YARN_VERSION/yarn-v$YARN_VERSION.tar.gz.asc" && gpg --batch --verify yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && gpgconf --kill all && rm -rf "$GNUPGHOME" && mkdir -p /opt && tar -xzf yarn-v$YARN_VERSION.tar.gz -C /opt/ && ln -s /opt/yarn-v$YARN_VERSION/bin/yarn /usr/local/bin/yarn && ln -s /opt/yarn-v$YARN_VERSION/bin/yarnpkg /usr/local/bin/yarnpkg && rm yarn-v$YARN_VERSION.tar.gz.asc yarn-v$YARN_VERSION.tar.gz && apk del .build-deps-yarn && yarn --version && rm -rf /tmp/* # buildkit |
| COPY docker-entrypoint.sh /usr/local/bin/ # buildkit |
| ENTRYPOINT ["docker-entrypoint.sh"] |
| CMD ["node"] |
| LABEL maintainer=Sath <support@sath.com> |
| LABEL description=IDHub Workflow Engine. |
| COPY dir:c07994ed1ca05f5d70a97588d51b69b6f2b1f447b9b8db230448659d0b8636ce in /apps/idhub/workflow-engine/dist/ |
| COPY file:950e93422292bc008612d58453c1604def5445b6b24917c4eb098a59f5f5f23c in /apps/idhub/workflow-engine/package.json |
| COPY file:a3e353a2f2a2c9f507edd2c62040577424303ff5fa7a4209fb3ad7a0e73ea61e in /apps/idhub/workflow-engine/package-lock.json |
| COPY file:c5b5ddaf12973751dfeeea03a368dd077414c5826367ec1935a1bde105e8ab81 in /apps/idhub/workflow-engine/tsconfig.json |
| COPY file:bbc6fc684dc3484cfb560e9d8b45bdb6e8272aa8a3e5ca29aa9b4cbaa97170e6 in /apps/idhub/workflow-engine/.npmrc |
| WORKDIR /apps/idhub/workflow-engine |
| /bin/sh -c addgroup --system idhub && adduser -S -s /bin/false -G idhub idhub && chown -R idhub:idhub /apps && chmod -R 755 /apps && apk add --no-cache curl |
| USER idhub |
| /bin/sh -c npm ci && rm -rf /var/cache/apk/* |
| EXPOSE 8001 |
| ENTRYPOINT ["node" "/apps/idhub/workflow-engine/dist/src/main.js" "--experimental-vm-modules"] |
Labels
| Key | Value |
|---|---|
| description | IDHub Workflow Engine. |
| maintainer | Sath <support@sath.com> |
Details
2025-11-12 16:59:05 +00:00
Versions (16)
View all
Container
1
OCI / Docker
linux/amd64
218 MiB
5.0.0-26b0f67680
2025-11-20
5.0.0-main
2025-11-20
5.0.0-edd7363717
2025-11-12
5.0.0-cve
2025-11-12
5.0.0-build-change
2025-11-10