Skip to main content

33 posts tagged with "release"

View All Tags

PHP 8.5

· One min read
Skpr Platform Team
Platform Engineering

Overview

We have introduced initial support for PHP 8.5 in our latest PHP image channel, enabling development teams to test their applications with the newest version of PHP.

Below is a list of all the container images with PHP 8.5 support.

Dockerhub tags:

docker.io/skpr/php:8.5-v2-latest
docker.io/skpr/php-fpm:8.5-v2-latest
docker.io/skpr/php-fpm:8.5-dev-v2-latest
docker.io/skpr/php-cli:8.5-v2-latest
docker.io/skpr/php-cli:8.5-dev-v2-latest
docker.io/skpr/php-circleci:8.5-v2-latest
docker.io/skpr/php-circleci:8.5-node20-v2-latest
docker.io/skpr/php-circleci:8.5-node22-v2-latest

GitHub Container Registry tags:

ghcr.io/skpr/php:8.5-v2-latest
ghcr.io/skpr/php-fpm:8.5-v2-latest
ghcr.io/skpr/php-fpm:8.5-dev-v2-latest
ghcr.io/skpr/php-cli:8.5-v2-latest
ghcr.io/skpr/php-cli:8.5-dev-v2-latest
ghcr.io/skpr/php-circleci:8.5-v2-latest
ghcr.io/skpr/php-circleci:8.5-node20-v2-latest
ghcr.io/skpr/php-circleci:8.5-node22-v2-latest

PGP Key Update

· One min read
Skpr Platform Team
Platform Engineering

Overview

The PGP key for the Skpr APT repository has been rotated.

Ubuntu users who rely on this repository must update their local PGP key to continue receiving package updates.

Updating the repository key

Run the following commands to download and install the latest PGP key, then verify the update by upgrading your Skpr CLI:

# Update the key
wget -q https://packages.skpr.io/apt/packages.skpr.io.pub -O- | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/packages.skpr.io.pub > /dev/null

# Upgrade the CLI
sudo apt update
sudo apt upgrade skpr

These commands are also documented in the official installation guide:

https://docs.skpr.io/install/linux

CLI v1.0.0

· One min read
Skpr Platform Team
Platform Engineering

Overview

We’re excited to announce the v1.0.0 release of the Skpr CLI, a major milestone in the project’s journey.

Representing the culmination of years of work, this version lays the groundwork for continued improvement and collaboration in our public GitHub repository.

github.com/skpr/cli

Highlights

  • New CLI Framework: Built on Cobra for a more consistent and intuitive command experience.
  • Improved Styling: A refreshed, colourful help screen now welcomes you with clear examples and neatly grouped commands for easier navigation.
  • Open Source: Fully available and maintained on GitHub.
  • API Integration: Connected with our new open-source API definition — skpr/api.

Upgrading

Skpr CLI v1.0.0 is available through all existing upgrade paths. Follow the installation or upgrade instructions here:

docs.skpr.io/install

Node v3 Base Images

· 2 min read
Skpr Platform Team
Platform Engineering

Overview

In our last two changelogs, we announced the automatic blocking of script execution in NPM and Yarn, along with our endorsement of pnpm as the safer, long-term solution for Node package management. pnpm stands out for its built-in tooling that lets developers manage an explicit "allowed list" of dependencies permitted to run post-install scripts.

Introducing Our v3 Images

By default, pnpm respects the ignore-scripts environment variable (NPM_CONFIG_IGNORE_SCRIPTS), which disables all post-install scripts.

This created a conflict:

  • We need to enforce ignore-scripts for NPM and Yarn to maintain security.
  • But we also want pnpm to execute its curated list of safe post-install scripts.

To resolve this, we have released v3 of our Node base images, which make the following changes:

  • Renames npm to npm-unsafe
  • Renames yarn to yarn-unsafe
  • Introduces wrapper scripts for both tools:
    • npm → wraps npm-unsafe and automatically sets NPM_CONFIG_IGNORE_SCRIPTS=true
    • yarn → wraps yarn-unsafe and automatically sets YARN_ENABLE_SCRIPTS=false
  • Removes the ignore-scripts environment variables from the Dockerfile, allowing pnpm to execute its managed, "allowed" list of post-install scripts.

The following disclaimer is automatically added to the top of the output when the npm command is run:

============================================================
⚠️ DISCLAIMER: Package lifecycle scripts are disabled ⚠️
============================================================

Environment variable enforced:
NPM_CONFIG_IGNORE_SCRIPTS=true

Scripts will NOT run during npm install.

If you need to bypass this restriction (not recommended),
you must explicitly invoke:

npm-unsafe <command>

⚠️ WARNING: Running with npm-unsafe allows untrusted scripts
to execute and may compromise your system.

------------------------------------------------------------
From the Skpr Platform Team
============================================================
  • Adopt pnpm for your development projects as the preferred package manager.
  • Upgrade to v3 of the Node base images, which enable pnpm to safely execute its managed list of post-install scripts.

But I Really Want to Use NPM and/or Yarn

If absolutely necessary (though not recommended), development teams can opt out by explicitly using:

  • npm-unsafe
  • yarn-unsafe

Resources