← Back to PRs

#8362: Add Homebrew-based Docker image

by bugparty open 2026-02-03 23:11 View on GitHub →
docker stale
Notes: - Adds Homebrew-powered Dockerfile for extensibility. - Compared to the Node-based Dockerfile, total size grows ~300 MB. - Reuses debian:bookworm-slim with sandbox-browser, offsetting base size. - Gains significant extensibility from Homebrew. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates `Dockerfile.homebrew` to make the Homebrew installer reproducible by pinning it to a specific upstream commit and verifying the downloaded installer script with a SHA-256 checksum, improving supply-chain safety for the Homebrew-based image. The Dockerfile still follows the pattern of installing build tooling on `debian:bookworm-slim`, setting up a non-root `${USER}`, installing Homebrew + Node via brew, then copying the repo and running the `pnpm` install/build steps before dropping privileges for runtime. <h3>Confidence Score: 4/5</h3> - This PR is generally safe to merge; changes are narrowly scoped to making the Homebrew installer reproducible. - The only functional change is pinning and checksum-verifying the Homebrew install script, which reduces supply-chain risk. Remaining notes are mostly around Dockerfile ergonomics/ownership patterns rather than clear breakage introduced by this commit. - Dockerfile.homebrew <!-- greptile_other_comments_section --> <!-- /greptile_comment -->

Most Similar PRs