From a75494c3785c629ab2c50c7512abe77794b19486 Mon Sep 17 00:00:00 2001
From: Bastian Birke <bastian.birke@vidispine.com>
Date: Wed, 25 Feb 2026 14:41:03 +0100
Subject: [PATCH 1/2] Merge statements in dockerfiles, to shrink image size.

---
 images/hull-integration/Dockerfile        | 25 ++++++++--------
 images/hull-integration/Dockerfile-noroot | 36 +++++++++++------------
 2 files changed, 30 insertions(+), 31 deletions(-)

diff --git a/images/hull-integration/Dockerfile b/images/hull-integration/Dockerfile
index 614adec..43cdd2e 100644
--- a/images/hull-integration/Dockerfile
+++ b/images/hull-integration/Dockerfile
@@ -1,15 +1,16 @@
 FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
-RUN pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml
-RUN apt-get update
-RUN apt-get -y upgrade
-RUN apt-get -y install curl
+RUN apt-get update \
+ && apt-get -y upgrade \
+ && apt-get -y install curl \
+ && pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml \
+ && rm -rf /var/lib/apt/lists/*
 ENV VERSION="1.3.0"
-RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" 
-RUN ls
-RUN mkdir -p oras-install/
-RUN tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
-RUN mv oras-install/oras /usr/local/bin/
-RUN rm -rf oras_${VERSION}_*.tar.gz oras-install/
+RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" \
+ && ls \
+ && mkdir -p oras-install/ \
+ && tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ \
+ && mv oras-install/oras /usr/local/bin/ \
+ && rm -rf oras_${VERSION}_*.tar.gz oras-install/ \
+ && oras --help
 COPY ./Installer.ps1 /script/Installer.ps1
-COPY ./get-custom-scripts /get-custom-scripts
-RUN oras --help
\ No newline at end of file
+COPY ./get-custom-scripts /get-custom-scripts
\ No newline at end of file
diff --git a/images/hull-integration/Dockerfile-noroot b/images/hull-integration/Dockerfile-noroot
index 3ffaec4..c5e7bcd 100644
--- a/images/hull-integration/Dockerfile-noroot
+++ b/images/hull-integration/Dockerfile-noroot
@@ -1,21 +1,19 @@
 FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
-RUN pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml
-RUN apt-get update
-RUN apt-get -y upgrade
-RUN apt-get -y install curl
+RUN apt-get update \
+ && apt-get -y upgrade \
+ && apt-get -y install curl \
+ && pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml \
+ && rm -rf /var/lib/apt/lists/*
 ENV VERSION="1.3.0"
-RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" 
-RUN ls
-RUN mkdir -p oras-install/
-RUN tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/
-RUN mv oras-install/oras /usr/local/bin/
-RUN rm -rf oras_${VERSION}_*.tar.gz oras-install/
-# Create a user group 'noroot'
-RUN groupadd noroot
-# Add a user noroot to group 'noroot'
-RUN useradd --create-home --shell /bin/bash -u 1001 -g noroot noroot
-COPY ./Installer.ps1 /script/Installer.ps1
-RUN chown -R noroot /script
-COPY ./get-custom-scripts /get-custom-scripts
-RUN chown -R noroot /get-custom-scripts
-RUN oras --help
\ No newline at end of file
+RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" \
+ && ls \
+ && mkdir -p oras-install/ \
+ && tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ \
+ && mv oras-install/oras /usr/local/bin/ \
+ && rm -rf oras_${VERSION}_*.tar.gz oras-install/ \
+ && oras --help
+# Create a user group 'noroot' and add a user noroot to group 'noroot'
+RUN groupadd noroot \
+ && useradd --create-home --shell /bin/bash -u 1001 -g noroot noroot
+COPY --chown=noroot:noroot ./Installer.ps1 /script/Installer.ps1
+COPY --chown=noroot:noroot ./get-custom-scripts /get-custom-scripts
\ No newline at end of file

From 9ca94c3f1afdce96cb7aa4ecbd5976a415a874fc Mon Sep 17 00:00:00 2001
From: Bastian Birke <bastian.birke@vidispine.com>
Date: Tue, 31 Mar 2026 17:39:31 +0200
Subject: [PATCH 2/2] Custom PowerShell images based on Ubuntu 24.04 and
 PowerShell 7.6 LTS. ORAS 1.3.1 with checksum verification.

---
 images/hull-integration/Dockerfile        | 45 +++++++++++++++++------
 images/hull-integration/Dockerfile-noroot | 45 ++++++++++++++++-------
 2 files changed, 65 insertions(+), 25 deletions(-)

diff --git a/images/hull-integration/Dockerfile b/images/hull-integration/Dockerfile
index 43cdd2e..1c3396e 100644
--- a/images/hull-integration/Dockerfile
+++ b/images/hull-integration/Dockerfile
@@ -1,16 +1,37 @@
-FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
+FROM ubuntu:24.04
+ARG PS_VERSION=7.6.0
+ENV ORAS_VERSION="1.3.1"
+# Keep EXACTLY the same Dockerfile and Dockerfile-noroot, except USER noroot (shared layers)!
+# ORAS release checksum sources (ORAS setup or Release information, Linux amd64):
+# Store here, don't read at build time!
+# https://github.com/oras-project/oras/releases/download/v<version>/oras_<version>_checksums.txt
+# https://github.com/oras-project/setup-oras/blob/main/src/lib/data/releases.json
+# https://api.github.com/repos/oras-project/oras/releases/tags/v<version> (large Release content JSON)
+ENV ORAS_CHECKSUM="d52c4af76ce6a3ceb8579e51fb751a43ac051cca67f965f973a0b0e897a2bb86"
+# 1.3.0: ENV ORAS_CHECKSUM="6cdc692f929100feb08aa8de584d02f7bcc30ec7d88bc2adc2054d782db57c64"
 RUN apt-get update \
- && apt-get -y upgrade \
- && apt-get -y install curl \
+ && apt-get -y --no-install-recommends upgrade \
+ && apt-get -y install --no-install-recommends ca-certificates curl \
+ && echo "Setting variables from /etc/os-release..." \
+ && . /etc/os-release \
+ && echo "OS VERSION_ID: ${VERSION_ID}" \
+ && curl -fsSLO https://packages.microsoft.com/config/ubuntu/${VERSION_ID}/packages-microsoft-prod.deb \
+ && dpkg -i packages-microsoft-prod.deb \
+ && rm packages-microsoft-prod.deb \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends powershell \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
  && pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml \
- && rm -rf /var/lib/apt/lists/*
-ENV VERSION="1.3.0"
-RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" \
- && ls \
+ && echo "Downloading and installing ORAS CLI version ${ORAS_VERSION}..." \
+ && curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
+ && echo "${ORAS_CHECKSUM}  oras_${ORAS_VERSION}_linux_amd64.tar.gz" | sha256sum -c - \
  && mkdir -p oras-install/ \
- && tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ \
+ && tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ \
  && mv oras-install/oras /usr/local/bin/ \
- && rm -rf oras_${VERSION}_*.tar.gz oras-install/ \
- && oras --help
-COPY ./Installer.ps1 /script/Installer.ps1
-COPY ./get-custom-scripts /get-custom-scripts
\ No newline at end of file
+ && rm -rf oras_${ORAS_VERSION}_*.tar.gz oras-install/ \
+ && oras --help \
+ && groupadd -g 1001 noroot \
+ && useradd --create-home --shell /bin/bash -u 1001 -g noroot noroot
+COPY --chown=noroot:noroot ./Installer.ps1 /script/Installer.ps1
+COPY --chown=noroot:noroot ./get-custom-scripts /get-custom-scripts
\ No newline at end of file
diff --git a/images/hull-integration/Dockerfile-noroot b/images/hull-integration/Dockerfile-noroot
index c5e7bcd..bda7f5d 100644
--- a/images/hull-integration/Dockerfile-noroot
+++ b/images/hull-integration/Dockerfile-noroot
@@ -1,19 +1,38 @@
-FROM mcr.microsoft.com/powershell:lts-7.4-ubuntu-22.04
+FROM ubuntu:24.04
+ARG PS_VERSION=7.6.0
+ENV ORAS_VERSION="1.3.1"
+# Keep EXACTLY the same Dockerfile and Dockerfile-noroot, except USER noroot (shared layers)!
+# ORAS release checksum sources (ORAS setup or Release information, Linux amd64):
+# Store here, don't read at build time!
+# https://github.com/oras-project/oras/releases/download/v<version>/oras_<version>_checksums.txt
+# https://github.com/oras-project/setup-oras/blob/main/src/lib/data/releases.json
+# https://api.github.com/repos/oras-project/oras/releases/tags/v<version> (large Release content JSON)
+ENV ORAS_CHECKSUM="d52c4af76ce6a3ceb8579e51fb751a43ac051cca67f965f973a0b0e897a2bb86"
+# 1.3.0: ENV ORAS_CHECKSUM="6cdc692f929100feb08aa8de584d02f7bcc30ec7d88bc2adc2054d782db57c64"
 RUN apt-get update \
- && apt-get -y upgrade \
- && apt-get -y install curl \
+ && apt-get -y --no-install-recommends upgrade \
+ && apt-get -y install --no-install-recommends ca-certificates curl \
+ && echo "Setting variables from /etc/os-release..." \
+ && . /etc/os-release \
+ && echo "OS VERSION_ID: ${VERSION_ID}" \
+ && curl -fsSLO https://packages.microsoft.com/config/ubuntu/${VERSION_ID}/packages-microsoft-prod.deb \
+ && dpkg -i packages-microsoft-prod.deb \
+ && rm packages-microsoft-prod.deb \
+ && apt-get update \
+ && apt-get install -y --no-install-recommends powershell \
+ && apt-get clean \
+ && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
  && pwsh -NonInteractive -Command Install-Module -Force -Scope AllUsers powershell-yaml \
- && rm -rf /var/lib/apt/lists/*
-ENV VERSION="1.3.0"
-RUN curl -LO "https://github.com/oras-project/oras/releases/download/v${VERSION}/oras_${VERSION}_linux_amd64.tar.gz" \
- && ls \
+ && echo "Downloading and installing ORAS CLI version ${ORAS_VERSION}..." \
+ && curl -LO "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
+ && echo "${ORAS_CHECKSUM}  oras_${ORAS_VERSION}_linux_amd64.tar.gz" | sha256sum -c - \
  && mkdir -p oras-install/ \
- && tar -zxf oras_${VERSION}_*.tar.gz -C oras-install/ \
+ && tar -zxf oras_${ORAS_VERSION}_*.tar.gz -C oras-install/ \
  && mv oras-install/oras /usr/local/bin/ \
- && rm -rf oras_${VERSION}_*.tar.gz oras-install/ \
- && oras --help
-# Create a user group 'noroot' and add a user noroot to group 'noroot'
-RUN groupadd noroot \
+ && rm -rf oras_${ORAS_VERSION}_*.tar.gz oras-install/ \
+ && oras --help \
+ && groupadd -g 1001 noroot \
  && useradd --create-home --shell /bin/bash -u 1001 -g noroot noroot
 COPY --chown=noroot:noroot ./Installer.ps1 /script/Installer.ps1
-COPY --chown=noroot:noroot ./get-custom-scripts /get-custom-scripts
\ No newline at end of file
+COPY --chown=noroot:noroot ./get-custom-scripts /get-custom-scripts
+USER noroot
\ No newline at end of file