feat: replace dfx-based images with icp-cli Motoko, Rust, and All images#31
Merged
Conversation
Adds two new language-specific Docker images replacing dfx with icp-cli: - motoko/Dockerfile: icp-cli, ic-wasm, moc 1.5.1, mops, Node.js, pnpm - rust/Dockerfile: icp-cli, ic-wasm, Rust toolchain, wasm32 target, Node.js, pnpm Updates CI to trigger on workflow_dispatch and pushes to feat/icp-cli-images in addition to releases. New motoko and rust jobs publish multi-platform (amd64 + arm64) images tagged :dev from this branch, semver from releases. This is a pilot for advertising GitHub Codespaces instead of ICP Ninja / short-lived mainnet deployments. See dfinity/examples#1345. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…jobs - Pin all tool versions: icp-cli 0.2.7, ic-wasm 0.9.11, ic-mops 2.13.2, moc 1.8.1 - Switch base image from debian:bookworm-slim to ubuntu:24.04 (fewer unfixed CVEs) - Drop libunwind-dev (not required by icp-cli, mops, or moc) - Add apt-get upgrade to apply all available security patches at build time - Install Rust via rustup instead of using the rust: base image - Remove legacy base/slim/azle CI jobs from fork (dfx-based, irrelevant to pilot) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…okworm) ubuntu:24.04 is larger than the slim variants and offers no meaningful CVE reduction over debian:bookworm-slim after apt-get upgrade. Remaining CVEs post-upgrade are unfixed upstream and present in any standard base image. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Removes the three dfx-based images that are no longer needed: - Dockerfile (root): base image, amd64-only, dfx 0.27 + PocketIC Python - slim/Dockerfile: slim multi-platform image, dfx 0.29 (referenced by examples) - azle/Dockerfile: Azle (JS/TS) image, dfx 0.27 The repo now contains only the two new icp-cli-based images: - motoko/Dockerfile - rust/Dockerfile Updates README to document the new images, their tool versions, a devcontainer.json usage example, and the release process. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
mops install (run in postCreateCommand) handles the [toolchain] section of each example's mops.toml and installs the correct moc version automatically. Pre-installing moc in the image is not needed. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…rsions - Node.js 22.10.0 → 24.15.0 in both Dockerfiles and README - actions/checkout v4 → v6.0.2 - docker/login-action v3 → v4.1.0 - docker/metadata-action v5 → v6.0.0 - docker/setup-qemu-action v3 → v4.0.0 - docker/setup-buildx-action v3 → v4.0.0 - docker/build-push-action v6 → v7.1.0 All actions previously ran on Node.js 20 which is deprecated on GitHub Actions runners from June 2026. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
icp-cli links against libdbus-1.so.3 at runtime; missing from debian:bookworm-slim and rust:slim-bookworm base images. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds all/Dockerfile based on rust:slim-bookworm with mops layered on top. Intended as the default devcontainer image when opening the examples repo root — lets developers work across both Motoko and Rust examples without switching environments. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
CI workflows run `make test` after deploying — make was missing from the apt packages in all three images. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ispatch Publishing images to the dfinity org on every push to the branch is unacceptable. Images should only be published on an explicit release or manual dispatch. Also removes the :dev raw tag which was only meaningful in the now-removed branch-push context. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace :latest tag references with semver (1.0.0) — :latest is not produced by the CI workflow - Add icp-dev-env-all image section (was missing entirely) - Fix Releasing section: "both images" → "all images", list all three Dockerfiles, note release must be non-draft - Update CODEOWNERS: replace @dfinity/ninja-devs @dfinity/sdk with @dfinity/dx Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add PNPM_VERSION=11.4.0 ARG to all three Dockerfiles; pnpm has no LTS channel so we pin to current stable like all other tools - CI now publishes :latest alongside the semver tag on GitHub Release - README: replace "pnpm latest" with pinned version in tool tables, show both :latest and pinned pull commands per image Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
raymondk
approved these changes
May 30, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR replaces the legacy dfx-based
icp-dev-env-slimimage with three new icp-cli-based images purpose-built for Codespaces and CI:icp-dev-env-motoko— Motoko development environment (debian:bookworm-slimbase) with icp-cli, ic-wasm, and mops; moc installed per-project viamops installicp-dev-env-rust— Rust development environment (rust:1.95.0-slim-bookwormbase) with icp-cli, ic-wasm, and thewasm32-unknown-unknowntargeticp-dev-env-all— Combined Motoko + Rust environment for mixed-language projectsAll three images are built for
linux/amd64andlinux/arm64.Key changes
build-and-push-image,build-and-push-image-azle,build-and-push-image-slim)ARGin Dockerfiles (icp-cli 0.2.7, ic-wasm 0.9.11, ic-mops 2.13.2, Node.js 24.15.0, Rust 1.95.0)mops install, allowing per-project compiler selectionworkflow_dispatchor a GitHub Release (non-draft) — no auto-publish on branch push@dfinity/dx:latesttag references, addedicp-dev-env-allsection, corrected Releasing instructionsPublishing
Images are published to GHCR when a GitHub Release is created. Create a release tagged
v1.0.0(semver, clean break from the old integer scheme) to trigger:ghcr.io/dfinity/icp-dev-env-motoko:1.0.0ghcr.io/dfinity/icp-dev-env-rust:1.0.0ghcr.io/dfinity/icp-dev-env-all:1.0.0Backward compatibility
The old
icp-dev-env-slim:22image is not deleted — it remains available on GHCR and all existing references to it (e.g. indfinity/examplesdevcontainers andninja_pr_checks.yml) continue to work unchanged.🤖 Generated with Claude Code