From 4fabd4cf73bcbe342ab75063ae56d0162899fe12 Mon Sep 17 00:00:00 2001 From: "n8n-cat-bot[bot]" <283985454+n8n-cat-bot[bot]@users.noreply.github.com> Date: Tue, 16 Jun 2026 11:40:27 +0100 Subject: [PATCH] ci: Bump distroless runner base from cc-debian12 to cc-debian13 (#32331) Co-authored-by: n8n-cat-bot[bot] Co-authored-by: Claude Opus 4.7 --- docker/images/runners/Dockerfile.distroless | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docker/images/runners/Dockerfile.distroless b/docker/images/runners/Dockerfile.distroless index daa2e2072fa..8aa8f5b2a92 100644 --- a/docker/images/runners/Dockerfile.distroless +++ b/docker/images/runners/Dockerfile.distroless @@ -7,7 +7,7 @@ # # Key differences: # - Uses Debian-based builders (glibc instead of musl) -# - Final image is Google's distroless/cc-debian12 +# - Final image is Google's distroless/cc-debian13 # - Extra runtime-prep stage to organize filesystem # - Uses distroless nonroot user (UID 65532) # ============================================================================== @@ -146,7 +146,10 @@ COPY --from=python-runner-builder /usr/local/lib/libpython3.13.so* /runtime/usr/ # Copy Python dependencies (architecture-specific directories) # The /* glob will match x86_64-linux-gnu or aarch64-linux-gnu -COPY --from=python-runner-builder /lib/*-linux-gnu* /runtime/lib/ +# Stage glibc into /usr/lib/ because cc-debian13 completes the usr-merge: +# /lib is a symlink to /usr/lib, so a final COPY into /lib/ would collide +# with that symlink at the runtime stage. +COPY --from=python-runner-builder /lib/*-linux-gnu* /runtime/usr/lib/ COPY --from=python-runner-builder /usr/lib/*-linux-gnu* /runtime/usr/lib/ # Copy Node.js runtime @@ -170,14 +173,14 @@ RUN mkdir -p /runtime/home/runner && \ # ============================================================================== # STAGE 6: Distroless Runtime # ============================================================================== -# Uses Google's distroless/cc-debian12 which provides: +# Uses Google's distroless/cc-debian13 which provides: # - glibc, libgcc, libstdc++ # - CA certificates # - Timezone data # - nonroot user (UID 65532) # - NO shell, NO package manager, NO system utilities # ============================================================================== -FROM gcr.io/distroless/cc-debian12:latest AS runtime +FROM gcr.io/distroless/cc-debian13:latest AS runtime ARG N8N_VERSION=snapshot ARG N8N_RELEASE_TYPE=dev