From 6fbe7f3f1ce75d0a1db8d2814b6d31ba32837fba Mon Sep 17 00:00:00 2001 From: Juergen Kunz Date: Sat, 7 Feb 2026 10:54:17 +0000 Subject: [PATCH] fix(docker): normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency --- .dockerignore | 14 ++++++++++++++ Dockerfile | 14 +++++++------- Dockerfile_alpine-bun | 4 ++-- Dockerfile_alpine-deno | 4 ++-- Dockerfile_alpine-node | 4 ++-- Dockerfile_alpine-szci | 15 +++++++++------ Dockerfile_lts | 2 +- changelog.md | 10 ++++++++++ package.json | 2 +- pnpm-lock.yaml | 18 +++++++++--------- 10 files changed, 57 insertions(+), 30 deletions(-) create mode 100644 .dockerignore diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..3491ec1 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,14 @@ +.git +.nogit +node_modules +dist +dist_* +coverage +public +pages +.yarn +.cache +.rpt2_cache +*.md +!image_support_files/** +test diff --git a/Dockerfile b/Dockerfile index 9d61830..3223722 100644 --- a/Dockerfile +++ b/Dockerfile @@ -20,10 +20,7 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio ca-certificates \ gpg-agent \ curl \ - g++ \ - gcc \ git \ - make \ openssl \ python3 \ rsync \ @@ -32,7 +29,8 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio unzip \ iputils-ping \ dnsutils \ - tini + tini \ + && apt-get clean # Layer 2: Chromium + Puppeteer/Playwright browser deps RUN apt-get install -y -q --no-install-recommends \ @@ -72,7 +70,9 @@ RUN apt-get install -y -q --no-install-recommends \ libayatana-appindicator3-1 \ libnss3 \ lsb-release \ - xdg-utils + xdg-utils \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* # Layer 3: MongoDB 8.0 RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \ @@ -85,7 +85,7 @@ RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \ && rm -rf /var/lib/apt/lists/* # Install nvm with node and npm -RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash # Make nvm available globally in all bash shells (interactive + non-interactive) # IMPORTANT: Prepend to bashrc, before the "[ -z "$PS1" ] && return" line @@ -119,7 +119,7 @@ RUN nvm install $NODE_VERSION_STABLE \ && pnpm -v \ && pnpm config set unsafe-perm true -ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_STABLE/lib/node_modules +ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/lib/node_modules ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/bin:$PATH # Install Bun diff --git a/Dockerfile_alpine-bun b/Dockerfile_alpine-bun index 1cc0bc1..c183d96 100644 --- a/Dockerfile_alpine-bun +++ b/Dockerfile_alpine-bun @@ -20,7 +20,7 @@ RUN apk add --no-cache \ tini # Install NVM (latest version for better Alpine/musl support) -RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash # Make nvm available globally in all bash shells (interactive + non-interactive) # IMPORTANT: Create /etc/bash.bashrc with nvm initialization @@ -52,7 +52,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6 && curl -fsSL https://bun.sh/install | bash ENV PATH="$BUN_INSTALL/bin:$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH" -ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules +ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules # Set entrypoint to make nvm available in all runtime contexts ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"] diff --git a/Dockerfile_alpine-deno b/Dockerfile_alpine-deno index f3309ed..cb31296 100644 --- a/Dockerfile_alpine-deno +++ b/Dockerfile_alpine-deno @@ -21,7 +21,7 @@ RUN apk add --no-cache \ deno # Install NVM (latest version for better Alpine/musl support) -RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash # Make nvm available globally in all bash shells (interactive + non-interactive) # IMPORTANT: Create /etc/bash.bashrc with nvm initialization @@ -52,7 +52,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6 && nvm use default ENV PATH="$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH" -ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules +ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules # Set entrypoint to make nvm available in all runtime contexts ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"] diff --git a/Dockerfile_alpine-node b/Dockerfile_alpine-node index fa88088..3adea5a 100644 --- a/Dockerfile_alpine-node +++ b/Dockerfile_alpine-node @@ -26,7 +26,7 @@ RUN apk add --no-cache \ tini # Install NVM (latest version for better Alpine/musl support) -RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash +RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash # Make nvm available globally in all bash shells (interactive + non-interactive) # IMPORTANT: Create /etc/bash.bashrc with nvm initialization @@ -66,7 +66,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6 && pnpm -v \ && pnpm config set unsafe-perm true -ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules +ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH # Set entrypoint to make nvm available in all runtime contexts diff --git a/Dockerfile_alpine-szci b/Dockerfile_alpine-szci index 1f3451c..75ff8af 100644 --- a/Dockerfile_alpine-szci +++ b/Dockerfile_alpine-szci @@ -1,8 +1,11 @@ FROM host.today/ht-docker-node:alpine-node -RUN apk update && apk add bash libc6-compat alpine-sdk ENV PYTHONUNBUFFERED=1 -RUN apk add --update --no-cache python3 py3-pip && ln -sf python3 /usr/bin/python -RUN apk add --update alpine-sdk && \ - apk add libffi-dev openssl-dev && \ - apk add python3-dev && \ - pnpm install -g @ship.zone/szci node-gyp \ No newline at end of file +RUN apk add --no-cache \ + libc6-compat \ + alpine-sdk \ + python3-dev \ + py3-pip \ + libffi-dev \ + openssl-dev \ + && ln -sf python3 /usr/bin/python \ + && pnpm install -g @ship.zone/szci node-gyp diff --git a/Dockerfile_lts b/Dockerfile_lts index bb1c75e..7654f92 100644 --- a/Dockerfile_lts +++ b/Dockerfile_lts @@ -4,5 +4,5 @@ LABEL author="Task Venture Capital GmbH " RUN bash -c "source $NVM_DIR/nvm.sh \ && nvm install $NODE_VERSION_LTS" -ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules +ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules ENV PATH $NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH \ No newline at end of file diff --git a/changelog.md b/changelog.md index 160cbab..c9058a8 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,15 @@ # Changelog +## 2026-02-07 - 5.5.1 - fix(docker) +normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency + +- Change NODE_PATH to $NVM_DIR/versions/node/v... across Dockerfiles to match nvm layout +- Use curl -fsSL for non-interactive installs +- Run apt-get clean and remove /var/lib/apt/lists to reduce image size and ensure clean state +- Consolidate apk add commands and ensure python3 symlink and pnpm global installs in Alpine image +- Add .dockerignore entries to exclude build artifacts and include image_support_files +- Bump devDependency @git.zone/tsdocker from ^1.15.1 to ^1.16.0 + ## 2026-02-07 - 5.5.0 - feat(docker) Rework Dockerfile into layered installs and add tooling (tini, chromium, MongoDB); simplify Alpine CI image Python/pip setup; add tsdocker devDependency; remove npmextra push flag; update README and registry links diff --git a/package.json b/package.json index f57268a..63ee6d9 100644 --- a/package.json +++ b/package.json @@ -35,6 +35,6 @@ "typescript" ], "devDependencies": { - "@git.zone/tsdocker": "^1.15.1" + "@git.zone/tsdocker": "^1.16.0" } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 4094743..e22a0b1 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: devDependencies: '@git.zone/tsdocker': - specifier: ^1.15.1 - version: 1.15.1 + specifier: ^1.16.0 + version: 1.16.0 packages: @@ -45,8 +45,8 @@ packages: '@design.estate/dees-element@2.1.6': resolution: {integrity: sha512-7zyHkUjB8UEQgT9VbB2IJtc/yuPt9CI5JGel3b6BxA1kecY64ceIjFvof1uIkc0QP8q2fMLLY45r1c+9zDTjzg==} - '@git.zone/tsdocker@1.15.1': - resolution: {integrity: sha512-oncpIyNUxE5nyPB0SqZGeknA8cd7rfOARYNtkFmiBt0yqVXHJ84uZ8VtAYRoDQQMCcRVNRNfRy72imz+YLM7qA==} + '@git.zone/tsdocker@1.16.0': + resolution: {integrity: sha512-e4rYrCS5oPG3bvbmCA6PvSuZFtDBnQYJMA9o2hr/Myq4PkO1l+uHy8APaciQV0qC9cEcJZmd6fb4QUND3fBDEw==} hasBin: true '@inquirer/checkbox@3.0.1': @@ -813,8 +813,8 @@ packages: jackspeak@3.4.3: resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==} - jackspeak@4.2.1: - resolution: {integrity: sha512-GPBXyfcZSGujjddPeA+V34bW70ZJT7jzCEbloVasSH4yjiqWqXHX8iZQtZdVbOhc5esSeAIuiSmMutRZQB/olg==} + jackspeak@4.2.3: + resolution: {integrity: sha512-ykkVRwrYvFm1nb2AJfKKYPr0emF6IiXDYUaFx4Zn9ZuIH7MrzEZ3sD5RlqGXNRpHtvUHJyOnCEFxOlNDtGo7wg==} engines: {node: 20 || >=22} js-yaml@3.14.2: @@ -1412,7 +1412,7 @@ snapshots: - supports-color - vue - '@git.zone/tsdocker@1.15.1': + '@git.zone/tsdocker@1.16.0': dependencies: '@push.rocks/lik': 6.2.2 '@push.rocks/npmextra': 5.3.3 @@ -2329,7 +2329,7 @@ snapshots: glob@11.1.0: dependencies: foreground-child: 3.3.1 - jackspeak: 4.2.1 + jackspeak: 4.2.3 minimatch: 10.1.2 minipass: 7.1.2 package-json-from-dist: 1.0.1 @@ -2437,7 +2437,7 @@ snapshots: optionalDependencies: '@pkgjs/parseargs': 0.11.0 - jackspeak@4.2.1: + jackspeak@4.2.3: dependencies: '@isaacs/cliui': 9.0.0