microsoft · compulim · May 27, 2022 · May 26, 2022 · May 26, 2022 · May 26, 2022
@@ -22,6 +22,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [Unreleased]
 
+### Changed
+
+-  Resolves [#4301](https://github.com/microsoft/BotFramework-WebChat/issues/4301). Updated `Dockerfile` to support secure container supply chain, by [@compulim](https://github.com/compulim) in PR [#4303](https://github.com/microsoft/BotFramework-WebChat/pull/4303)
+
 ## [4.15.2] - 2022-05-09
 
 ### Breaking changes

@@ -1,5 +1,8 @@
-# NPM@7 is buggy with its "postinstall" script, going back to Node.js 14 with NPM@6 for now.
-FROM node:14-alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \

@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \

@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # Aggregates all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222

@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # The first builder image will build HTML and JavaScript code out of the create-react-app project
-FROM node:12 AS builder-react
+FROM $BASE_IMAGE AS builder-react
 WORKDIR /var/build/react/
 
 # Copy the web app code to /var/build/react/
@@ -15,7 +19,7 @@ RUN npm ci
 RUN npm run build
 
 # The second builder image will aggregate all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12 AS builder-web
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222

@@ -1,7 +1,11 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This container is for simplifying CI when using Azure Pipelines
 
 # The first builder image will build HTML and JavaScript code out of the create-react-app project
-FROM node:12 AS builder-react
+FROM $BASE_IMAGE AS builder-react
 WORKDIR /var/build/react/
 
 # Copy the web app code to /var/build/react/
@@ -15,7 +19,7 @@ RUN npm ci
 RUN npm run build
 
 # The second builder image will aggregate all code into a single Docker image for export
-FROM node:12
+FROM $BASE_IMAGE
 
 # Copy the bot code to /var/bot/
 ADD bot/ /var/build/bot/

@@ -1,5 +1,9 @@
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18
+
 # This is the container for running the demo under Azure Web App
-FROM node:12 AS builder-web
+FROM $BASE_IMAGE
 
 # Expose both port 80 and 2222 (SSH for Azure Web App)
 EXPOSE 80 2222

@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \

@@ -1,4 +1,8 @@
-FROM node:alpine
+# Setting to a different base image to secure your container supply chain.
+ARG REGISTRY=docker.io
+ARG BASE_IMAGE=$REGISTRY/node:18-alpine
+
+FROM $BASE_IMAGE
 
 RUN apk update && \
     apk upgrade && \