Add alpine and distroless images

6 files changed, 153 insertions, 55 deletions

diff --git a/dockerhub/Dockerfile-alpine b/dockerhub/Dockerfile-alpine
deleted file mode 100644
index 5530f438f..000000000
--- a/dockerhub/Dockerfile-alpine
+++ /dev/null
@@ -1,29 +0,0 @@
-# bun:alpine
-# Not officially supported (yet)
-
-ARG GLIBC_RELEASE=2.35-r0
-
-FROM alpine:latest AS build
-
-WORKDIR /tmp
-RUN apk --no-cache add unzip
-
-ARG GLIBC_RELEASE
-RUN wget https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub && \
-wget https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_RELEASE}/glibc-${GLIBC_RELEASE}.apk
-
-ADD https://github.com/oven-sh/bun/releases/latest/download/bun-linux-x64.zip bun-linux-x64.zip
-RUN unzip bun-linux-x64.zip
-
-FROM alpine:latest
-
-ARG GLIBC_RELEASE
-COPY --from=build /tmp/sgerrand.rsa.pub /etc/apk/keys
-COPY --from=build /tmp/glibc-${GLIBC_RELEASE}.apk /tmp
-COPY --from=build /tmp/bun-linux-x64/bun /usr/local/bin
-
-RUN apk --no-cache --force-overwrite add /tmp/glibc-${GLIBC_RELEASE}.apk \
-&& rm /etc/apk/keys/sgerrand.rsa.pub \
-&& rm /tmp/glibc-${GLIBC_RELEASE}.apk
-
-RUN bun --version
diff --git a/dockerhub/alpine/Dockerfile b/dockerhub/alpine/Dockerfile
new file mode 100644
index 000000000..ae389cbf7
--- /dev/null
+++ b/dockerhub/alpine/Dockerfile
@@ -0,0 +1,113 @@
+FROM alpine:3.18 AS build
+
+# https://github.com/oven-sh/bun/releases
+ARG BUN_VERSION=latest
+
+# TODO: Instead of downloading glibc from a third-party source, we should
+#      build it from source. This is a temporary solution.
+#      See: https://github.com/sgerrand/alpine-pkg-glibc
+
+# https://github.com/sgerrand/alpine-pkg-glibc/releases
+# https://github.com/sgerrand/alpine-pkg-glibc/issues/176
+ARG GLIBC_VERSION=2.34-r0
+
+# https://github.com/oven-sh/bun/issues/5545#issuecomment-1722461083
+ARG GLIBC_VERSION_AARCH64=2.26-r1
+
+RUN apk --no-cache add \
+      ca-certificates \
+      curl \
+      dirmngr \
+      gpg \
+      gpg-agent \
+      unzip \
+    && arch="$(apk --print-arch)" \
+    && case "${arch##*-}" in \
+      x86_64) build="x64-baseline";; \
+      aarch64) build="aarch64";; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
+    esac \
+    && version="$BUN_VERSION" \
+    && case "$version" in \
+      latest | canary | bun-v*) tag="$version"; ;; \
+      v*)                       tag="bun-$version"; ;; \
+      *)                        tag="bun-v$version"; ;; \
+    esac \
+    && case "$tag" in \
+      latest) release="latest/download"; ;; \
+      *)      release="download/$tag"; ;; \
+    esac \
+    && curl "https://github.com/oven-sh/bun/releases/$release/bun-linux-$build.zip" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+      || (echo "error: failed to download: $tag" && exit 1) \
+    && for key in \
+      "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
+    ; do \
+      gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys "$key" \
+      || gpg --batch --keyserver keyserver.ubuntu.com --recv-keys "$key" ; \
+    done \
+    && curl "https://github.com/oven-sh/bun/releases/$release/SHASUMS256.txt.asc" \
+      -fsSLO \
+      --compressed \
+      --retry 5 \
+    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
+      || (echo "error: failed to verify: $tag" && exit 1) \
+    && unzip "bun-linux-$build.zip" \
+    && mv "bun-linux-$build/bun" /usr/local/bin/bun \
+    && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
+    && chmod +x /usr/local/bin/bun \
+    && cd /tmp \
+    && case "${arch##*-}" in \
+      x86_64) curl "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-${GLIBC_VERSION}.apk" \
+        -fsSLO \
+        --compressed \
+        --retry 5 \
+        || (echo "error: failed to download: glibc v${GLIBC_VERSION}" && exit 1) \
+      && mv "glibc-${GLIBC_VERSION}.apk" glibc.apk \
+      && curl "https://github.com/sgerrand/alpine-pkg-glibc/releases/download/${GLIBC_VERSION}/glibc-bin-${GLIBC_VERSION}.apk" \
+        -fsSLO \
+        --compressed \
+        --retry 5 \
+        || (echo "error: failed to download: glibc-bin v${GLIBC_VERSION}" && exit 1) \
+      && mv "glibc-bin-${GLIBC_VERSION}.apk" glibc-bin.apk ;; \
+      aarch64) curl "https://raw.githubusercontent.com/squishyu/alpine-pkg-glibc-aarch64-bin/master/glibc-${GLIBC_VERSION}.apk" \
+        -fsSLO \
+        --compressed \
+        --retry 5 \
+        || (echo "error: failed to download: glibc v${GLIBC_VERSION}" && exit 1) \
+      && mv "glibc-${GLIBC_VERSION}.apk" glibc.apk \
+      && curl "https://raw.githubusercontent.com/squishyu/alpine-pkg-glibc-aarch64-bin/master/glibc-bin-${GLIBC_VERSION}.apk" \
+        -fsSLO \
+        --compressed \
+        --retry 5 \
+        || (echo "error: failed to download: glibc-bin v${GLIBC_VERSION}" && exit 1) \
+      && mv "glibc-bin-${GLIBC_VERSION}.apk" glibc-bin.apk ;; \
+      *) echo "error: unsupported architecture '$arch'"; exit 1 ;; \
+    esac
+
+FROM alpine:3.18
+
+COPY --from=build /tmp/glibc.apk /tmp/
+COPY --from=build /tmp/glibc-bin.apk /tmp/
+COPY --from=build /usr/local/bin/bun /usr/local/bin/
+COPY docker-entrypoint.sh /usr/local/bin/
+
+RUN addgroup -g 1000 bun \
+    && adduser -u 1000 -G bun -s /bin/sh -D bun \
+    && apk --no-cache --force-overwrite --allow-untrusted add \
+      /tmp/glibc.apk \
+      /tmp/glibc-bin.apk \
+    && rm /tmp/glibc.apk \
+    && rm /tmp/glibc-bin.apk \
+    && ln /usr/local/bin/bun /usr/local/bin/bunx \
+    && which bun \
+    && which bunx \
+    && bun --version
+
+WORKDIR /home/bun/app
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+CMD ["/usr/local/bin/bun"]
diff --git a/dockerhub/alpine/docker-entrypoint.sh b/dockerhub/alpine/docker-entrypoint.sh
new file mode 100755
index 000000000..a0e45cbb5
--- /dev/null
+++ b/dockerhub/alpine/docker-entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+if [ "${1#-}" != "${1}" ] || [ -z "$(command -v "${1}")" ] || { [ -f "${1}" ] && ! [ -x "${1}" ]; }; then
+  set -- /usr/local/bin/bun "$@"
+fi
+
+exec "$@"
diff --git a/dockerhub/debian-slim/Dockerfile b/dockerhub/debian-slim/Dockerfile
index 39353bdbc..1b99f80dc 100644
--- a/dockerhub/debian-slim/Dockerfile
+++ b/dockerhub/debian-slim/Dockerfile
@@ -17,7 +17,7 @@ RUN apt-get update -qq \
     && case "${arch##*-}" in \
       amd64) build="x64-baseline";; \
       arm64) build="aarch64";; \
-      *) echo "error: unsupported architecture: ($arch)"; exit 1 ;; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
     esac \
     && version="$BUN_VERSION" \
     && case "$version" in \
@@ -33,7 +33,7 @@ RUN apt-get update -qq \
       -fsSLO \
       --compressed \
       --retry 5 \
-      || (echo "error: unknown release: ($tag)" && exit 1) \
+      || (echo "error: failed to download: $tag" && exit 1) \
     && for key in \
       "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
     ; do \
@@ -45,9 +45,9 @@ RUN apt-get update -qq \
       --compressed \
       --retry 5 \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && unzip "bun-linux-$build.zip" \
     && mv "bun-linux-$build/bun" /usr/local/bin/bun \
     && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -57,17 +57,21 @@ RUN apt-get update -qq \
 
 FROM debian:bullseye-slim
 
+COPY docker-entrypoint.sh /usr/local/bin
+COPY --from=build /usr/local/bin/bun /usr/local/bin/bun
+
 RUN groupadd bun \
       --gid 1000 \
     && useradd bun \
       --uid 1000 \
       --gid bun \
       --shell /bin/sh \
-      --create-home
-
-COPY docker-entrypoint.sh /usr/local/bin
-COPY --from=build /usr/local/bin/bun /usr/local/bin/bun
-RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
+      --create-home \
+    && ln /usr/local/bin/bun /usr/local/bin/bunx \
+    && which bun \
+    && which bunx \
+    && bun --version
 
+WORKDIR /home/bun/app
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["/usr/local/bin/bun"]
diff --git a/dockerhub/debian/Dockerfile b/dockerhub/debian/Dockerfile
index 3514edbca..759fb4210 100644
--- a/dockerhub/debian/Dockerfile
+++ b/dockerhub/debian/Dockerfile
@@ -17,7 +17,7 @@ RUN apt-get update -qq \
     && case "${arch##*-}" in \
       amd64) build="x64-baseline";; \
       arm64) build="aarch64";; \
-      *) echo "error: unsupported architecture: ($arch)"; exit 1 ;; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
     esac \
     && version="$BUN_VERSION" \
     && case "$version" in \
@@ -33,7 +33,7 @@ RUN apt-get update -qq \
       -fsSLO \
       --compressed \
       --retry 5 \
-      || (echo "error: unknown release: ($tag)" && exit 1) \
+      || (echo "error: failed to download: $tag" && exit 1) \
     && for key in \
       "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
     ; do \
@@ -45,29 +45,31 @@ RUN apt-get update -qq \
       --compressed \
       --retry 5 \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && unzip "bun-linux-$build.zip" \
     && mv "bun-linux-$build/bun" /usr/local/bin/bun \
     && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
-    && chmod +x /usr/local/bin/bun \
-    && which bun \
-    && bun --version
+    && chmod +x /usr/local/bin/bun
 
 FROM debian:bullseye
 
+COPY docker-entrypoint.sh /usr/local/bin
+COPY --from=build /usr/local/bin/bun /usr/local/bin/bun
+
 RUN groupadd bun \
       --gid 1000 \
     && useradd bun \
       --uid 1000 \
       --gid bun \
       --shell /bin/sh \
-      --create-home
-
-COPY docker-entrypoint.sh /usr/local/bin
-COPY --from=build /usr/local/bin/bun /usr/local/bin/bun
-RUN ln -s /usr/local/bin/bun /usr/local/bin/bunx
+      --create-home \
+    && ln /usr/local/bin/bun /usr/local/bin/bunx \
+    && which bun \
+    && which bunx \
+    && bun --version
 
+WORKDIR /home/bun/app
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD ["/usr/local/bin/bun"]
diff --git a/dockerhub/distroless/Dockerfile b/dockerhub/distroless/Dockerfile
index 7c1941ad2..9bba1ddda 100644
--- a/dockerhub/distroless/Dockerfile
+++ b/dockerhub/distroless/Dockerfile
@@ -17,7 +17,7 @@ RUN apt-get update -qq \
     && case "${arch##*-}" in \
       amd64) build="x64-baseline";; \
       arm64) build="aarch64";; \
-      *) echo "error: unsupported architecture: ($arch)"; exit 1 ;; \
+      *) echo "error: unsupported architecture: $arch"; exit 1 ;; \
     esac \
     && version="$BUN_VERSION" \
     && case "$version" in \
@@ -33,7 +33,7 @@ RUN apt-get update -qq \
       -fsSLO \
       --compressed \
       --retry 5 \
-      || (echo "error: unknown release: ($tag)" && exit 1) \
+      || (echo "error: failed to download: $tag" && exit 1) \
     && for key in \
       "F3DCC08A8572C0749B3E18888EAB4D40A7B22B59" \
     ; do \
@@ -45,9 +45,9 @@ RUN apt-get update -qq \
       --compressed \
       --retry 5 \
     && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && grep " bun-linux-$build.zip\$" SHASUMS256.txt | sha256sum -c - \
-      || (echo "error: failed to verify release: ($tag)" && exit 1) \
+      || (echo "error: failed to verify: $tag" && exit 1) \
     && unzip "bun-linux-$build.zip" \
     && mv "bun-linux-$build/bun" /usr/local/bin/bun \
     && rm -f "bun-linux-$build.zip" SHASUMS256.txt.asc SHASUMS256.txt \
@@ -61,7 +61,7 @@ COPY --from=build /usr/local/bin/bun /usr/local/bin/
 
 # Known issue: `bunx` is not available in distroless.
 #
-# If `ln -s` is used in the build image, the size of the final
+# If `ln` is used in the build image, the size of the final
 # image will be double, because of: https://github.com/oven-sh/bun/issues/5269
 
 ENTRYPOINT ["/usr/local/bin/bun"]