feat(core): add Node 26, drop Node 20, bump to Alpine 3.24

.github/workflows/build-pr.yml

@@ -13,17 +13,17 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [ '20', '22', '24' ]
+        node: [ '22', '24', '26' ]
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v7
 
       - name: 🐋 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
-      - name: 🏗️ Build  Docker image
-        uses: docker/bake-action@v6
+      - name: 🏗️ Build Docker image
+        uses: docker/bake-action@v7
         env:
           NODE_VERSION: ${{ matrix.node }}
           STREAM: ${{ env.stream }}

.github/workflows/build-push-stable.yml

@@ -15,4 +15,6 @@ jobs:
       stream: stable
       push: true
       branch: releases
+      node_versions: '["22","24"]'
+      alpine_version: '3.21'
     secrets: inherit

.github/workflows/build-push.yml

@@ -19,6 +19,14 @@ on:
         type: string
         default: main
         description: Branch name to build from.
+      node_versions:
+        type: string
+        default: '["22","24","26"]'
+        description: JSON array of Node.js versions to build.
+      alpine_version:
+        type: string
+        default: '3.24'
+        description: Alpine Linux version to build against.
 
     secrets:
       DOCKERHUB_USERNAME:
@@ -38,34 +46,35 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        node: [ '20', '22', '24' ]
+        node: ${{ fromJson(inputs.node_versions) }}
 
     steps:
       - name: 📥 Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@v7
         with:
           ref: ${{ inputs.branch }}
 
       - name: 🔑 Login to Docker Hub
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: 🔑 Log in to the GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: 🐋 Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@v4
 
       - name: 🏗️ Build and push Docker image
-        uses: docker/bake-action@v6
+        uses: docker/bake-action@v7
         env:
           NODE_VERSION: ${{ matrix.node }}
+          ALPINE_VERSION: ${{ inputs.alpine_version }}
           STREAM: ${{ inputs.stream }}
         with:
           source: .

.github/workflows/security-scan.yml

@@ -18,16 +18,16 @@ jobs:
       fail-fast: false
       matrix:
         image_ref:
+          - ghcr.io/skpr/node:26-v3-latest
+          - ghcr.io/skpr/node:dev-26-v3-latest
           - ghcr.io/skpr/node:24-v3-latest
           - ghcr.io/skpr/node:dev-24-v3-latest
           - ghcr.io/skpr/node:22-v3-latest
           - ghcr.io/skpr/node:dev-22-v3-latest
-          - ghcr.io/skpr/node:20-v3-latest
-          - ghcr.io/skpr/node:dev-20-v3-latest
 
     steps:
       - name: 🔑 Log in to the GitHub Container Registry
-        uses: docker/login-action@v3
+        uses: docker/login-action@v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}

Dockerfile

@@ -41,6 +41,9 @@ RUN mkdir /data && chown skpr:skpr /data
 
 WORKDIR /data
 
+# Ensure yarn is available before wrapping (Node 26+ no longer ships yarn).
+RUN npm install -g yarn --force
+
 # Replace npm with a wrapper script to enforce security.
 RUN mv /usr/local/bin/npm /usr/local/bin/npm-unsafe
 ADD --chown=skpr:skpr bin/npm-wrapper /usr/local/bin/npm

docker-bake.hcl

@@ -3,7 +3,7 @@ variable "NODE_VERSION" {
 }
 
 variable "ALPINE_VERSION" {
-  default = "3.21"
+  default = "3.24"
 }
 
 variable "STREAM" {