From 2f8510fea4d4031a0d754a3c3178c5e7fbd39314 Mon Sep 17 00:00:00 2001
From: Ivor Thibodo <ithibodo@articulate.com>
Date: Tue, 10 Mar 2026 11:01:32 -0500
Subject: [PATCH] feat: add 4.0 images

Updates base image to Debian 13 (trixie) and Node to 24 (current lts)
---
 4.0/base/Dockerfile | 35 +++++++++++++++++++++++++++++++++++
 4.0/node/Dockerfile | 42 ++++++++++++++++++++++++++++++++++++++++++
 README.md           |  2 ++
 3 files changed, 79 insertions(+)
 create mode 100644 4.0/base/Dockerfile
 create mode 100644 4.0/node/Dockerfile

diff --git a/4.0/base/Dockerfile b/4.0/base/Dockerfile
new file mode 100644
index 0000000..78fc281
--- /dev/null
+++ b/4.0/base/Dockerfile
@@ -0,0 +1,35 @@
+# tags=articulate/ruby:4.0
+# syntax=docker/dockerfile:1
+FROM ruby:4.0-slim-trixie
+
+ENV SERVICE_ROOT=/service SERVICE_USER=service SERVICE_UID=1001
+
+ARG TARGETARCH
+
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/install_packages /usr/local/bin/install_packages
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/awscli.sh /tmp/awscli.sh
+# Add AWS RDS CA trusted root certificates
+ADD --chmod=644 https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/aws-rds-global-bundle.pem
+
+RUN install_packages make dumb-init && /tmp/awscli.sh && rm /tmp/awscli.sh \
+    # Create our own user and remove the node user
+    && groupadd --gid $SERVICE_UID $SERVICE_USER \
+    && useradd --create-home --shell /bin/bash --gid $SERVICE_UID --uid $SERVICE_UID $SERVICE_USER \
+    # Split PEM bundle into individual cert files for update-ca-certificates
+    && csplit -s -z -n 3 -f /usr/local/share/ca-certificates/aws-rds-ca- \
+    /usr/local/share/ca-certificates/aws-rds-global-bundle.pem  \
+    '/-----BEGIN CERTIFICATE-----/' '{*}' \
+    && for f in /usr/local/share/ca-certificates/aws-rds-ca-*; do mv "$f" "$f.crt"; done \
+    && update-ca-certificates
+
+ADD --chmod=755 https://github.com/articulate/docker-bootstrap/releases/latest/download/docker-bootstrap_linux_${TARGETARCH} /entrypoint
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/docker-secrets /usr/local/bin/secrets
+ADD --chmod=755 https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh /wait-for-it.sh
+
+USER $SERVICE_USER
+WORKDIR $SERVICE_ROOT
+
+# Our entrypoint will pull in our environment variables from Consul and Vault,
+# and execute whatever command we provided the container.
+# See https://github.com/articulate/docker-bootstrap
+ENTRYPOINT [ "dumb-init", "--", "/entrypoint" ]
diff --git a/4.0/node/Dockerfile b/4.0/node/Dockerfile
new file mode 100644
index 0000000..596cc7d
--- /dev/null
+++ b/4.0/node/Dockerfile
@@ -0,0 +1,42 @@
+# tags=articulate/ruby:4.0-node
+# syntax=docker/dockerfile:1
+FROM ruby:4.0-slim-trixie
+
+ENV SERVICE_ROOT=/service SERVICE_USER=service SERVICE_UID=1001 NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/aws-rds-global-bundle.pem
+
+ARG TARGETARCH
+
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/install_packages /usr/local/bin/install_packages
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/awscli.sh /tmp/awscli.sh
+# Add AWS RDS CA trusted root certificates
+ADD --chmod=644 https://truststore.pki.rds.amazonaws.com/global/global-bundle.pem /usr/local/share/ca-certificates/aws-rds-global-bundle.pem
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+RUN install_packages make dumb-init && /tmp/awscli.sh && rm /tmp/awscli.sh \
+    # Install Node.js
+    && install_packages curl gnupg \
+    && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \
+    && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_24.x nodistro main" > /etc/apt/sources.list.d/nodesource.list \
+    && install_packages nodejs \
+    && apt-get remove -y curl gnupg \
+    # Create our own user and remove the node user
+    && groupadd --gid $SERVICE_UID $SERVICE_USER \
+    && useradd --create-home --shell /bin/bash --gid $SERVICE_UID --uid $SERVICE_UID $SERVICE_USER \
+    # Split PEM bundle into individual cert files for update-ca-certificates
+    && csplit -s -z -n 3 -f /usr/local/share/ca-certificates/aws-rds-ca- \
+    /usr/local/share/ca-certificates/aws-rds-global-bundle.pem  \
+    '/-----BEGIN CERTIFICATE-----/' '{*}' \
+    && for f in /usr/local/share/ca-certificates/aws-rds-ca-*; do mv "$f" "$f.crt"; done \
+    && update-ca-certificates
+
+ADD --chmod=755 https://github.com/articulate/docker-bootstrap/releases/latest/download/docker-bootstrap_linux_${TARGETARCH} /entrypoint
+ADD --chmod=755 https://raw.githubusercontent.com/articulate/docker-bootstrap/main/scripts/docker-secrets /usr/local/bin/secrets
+ADD --chmod=755 https://raw.githubusercontent.com/vishnubob/wait-for-it/81b1373f17855a4dc21156cfe1694c31d7d1792e/wait-for-it.sh /wait-for-it.sh
+
+USER $SERVICE_USER
+WORKDIR $SERVICE_ROOT
+
+# Our entrypoint will pull in our environment variables from Consul and Vault,
+# and execute whatever command we provided the container.
+# See https://github.com/articulate/docker-bootstrap
+ENTRYPOINT [ "dumb-init", "--", "/entrypoint" ]
diff --git a/README.md b/README.md
index 9a421cd..85e7980 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,8 @@ Base Ruby images for Articulate services.
 
 > 🌟 recommended image
 
+* __articulate/ruby:4.0__ 🌟
+* __articulate/ruby:4.0-node__ 🌟
 * __articulate/ruby:3.4__ 🌟
 * __articulate/ruby:3.4-node__ 🌟
 * articulate/ruby:3.3