fix(docker): normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency

2026-02-07 10:54:17 +00:00
parent 9b84e0b72c
commit c4f2c3b9c5
10 changed files with 57 additions and 30 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,14 @@
+.git
+.nogit
+node_modules
+dist
+dist_*
+coverage
+public
+pages
+.yarn
+.cache
+.rpt2_cache
+*.md
+!image_support_files/**
+test
--- a/14
+++ b/14
@@ -20,10 +20,7 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio
        ca-certificates \
        gpg-agent \
        curl \
-        g++ \
-        gcc \
        git \
-        make \
        openssl \
        python3 \
        rsync \
@@ -32,7 +29,8 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio
        unzip \
        iputils-ping \
        dnsutils \
-        tini
+        tini \
+    && apt-get clean

 # Layer 2: Chromium + Puppeteer/Playwright browser deps
 RUN apt-get install -y -q --no-install-recommends \
@@ -72,7 +70,9 @@ RUN apt-get install -y -q --no-install-recommends \
        libayatana-appindicator3-1 \
        libnss3 \
        lsb-release \
-        xdg-utils
+        xdg-utils \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/*

 # Layer 3: MongoDB 8.0
 RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
@@ -85,7 +85,7 @@ RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
    && rm -rf /var/lib/apt/lists/*

 # Install nvm with node and npm
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Prepend to bashrc, before the "[ -z "$PS1" ] && return" line
@@ -119,7 +119,7 @@ RUN nvm install $NODE_VERSION_STABLE \
    && pnpm -v \
    && pnpm config set unsafe-perm true

-ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_STABLE/lib/node_modules
+ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/bin:$PATH

 # Install Bun
--- a/4
+++ b/4
@@ -20,7 +20,7 @@ RUN apk add --no-cache \
    tini

 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -52,7 +52,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6
    && curl -fsSL https://bun.sh/install | bash

 ENV PATH="$BUN_INSTALL/bin:$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH"
-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules

 # Set entrypoint to make nvm available in all runtime contexts
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
--- a/4
+++ b/4
@@ -21,7 +21,7 @@ RUN apk add --no-cache \
    deno

 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -52,7 +52,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6
    && nvm use default

 ENV PATH="$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH"
-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules

 # Set entrypoint to make nvm available in all runtime contexts
 ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
--- a/4
+++ b/4
@@ -26,7 +26,7 @@ RUN apk add --no-cache \
    tini

 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash

 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -66,7 +66,7 @@ RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x6
    && pnpm -v \
    && pnpm config set unsafe-perm true

-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH

 # Set entrypoint to make nvm available in all runtime contexts
--- a/15
+++ b/15
@@ -1,8 +1,11 @@
 FROM host.today/ht-docker-node:alpine-node
-RUN apk update && apk add bash libc6-compat alpine-sdk
 ENV PYTHONUNBUFFERED=1
-RUN apk add --update --no-cache python3 py3-pip && ln -sf python3 /usr/bin/python
-RUN apk add --update alpine-sdk && \
-    apk add libffi-dev openssl-dev && \
-    apk add python3-dev && \
-    pnpm install -g @ship.zone/szci node-gyp
+RUN apk add --no-cache \
+        libc6-compat \
+        alpine-sdk \
+        python3-dev \
+        py3-pip \
+        libffi-dev \
+        openssl-dev \
+    && ln -sf python3 /usr/bin/python \
+    && pnpm install -g @ship.zone/szci node-gyp
--- a/2
+++ b/2
@@ -4,5 +4,5 @@ LABEL author="Task Venture Capital GmbH <hello@task.vc>"
 RUN bash -c "source $NVM_DIR/nvm.sh \
    && nvm install $NODE_VERSION_LTS"
    
-ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,15 @@
 # Changelog

+## 2026-02-07 - 5.5.1 - fix(docker)
+normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency
+
+- Change NODE_PATH to $NVM_DIR/versions/node/v... across Dockerfiles to match nvm layout
+- Use curl -fsSL for non-interactive installs
+- Run apt-get clean and remove /var/lib/apt/lists to reduce image size and ensure clean state
+- Consolidate apk add commands and ensure python3 symlink and pnpm global installs in Alpine image
+- Add .dockerignore entries to exclude build artifacts and include image_support_files
+- Bump devDependency @git.zone/tsdocker from ^1.15.1 to ^1.16.0
+
 ## 2026-02-07 - 5.5.0 - feat(docker)
 Rework Dockerfile into layered installs and add tooling (tini, chromium, MongoDB); simplify Alpine CI image Python/pip setup; add tsdocker devDependency; remove npmextra push flag; update README and registry links

--- a/package.json
+++ b/package.json
@@ -35,6 +35,6 @@
    "typescript"
  ],
  "devDependencies": {
-    "@git.zone/tsdocker": "^1.15.1"
+    "@git.zone/tsdocker": "^1.16.0"
  }
 }
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -9,8 +9,8 @@ importers:
  .:
    devDependencies:
      '@git.zone/tsdocker':
-        specifier: ^1.15.1
-        version: 1.15.1
+        specifier: ^1.16.0
+        version: 1.16.0

 packages:

@@ -45,8 +45,8 @@ packages:
  '@design.estate/dees-element@2.1.6':
    resolution: {integrity: sha512-7zyHkUjB8UEQgT9VbB2IJtc/yuPt9CI5JGel3b6BxA1kecY64ceIjFvof1uIkc0QP8q2fMLLY45r1c+9zDTjzg==}

-  '@git.zone/tsdocker@1.15.1':
-    resolution: {integrity: sha512-oncpIyNUxE5nyPB0SqZGeknA8cd7rfOARYNtkFmiBt0yqVXHJ84uZ8VtAYRoDQQMCcRVNRNfRy72imz+YLM7qA==}
+  '@git.zone/tsdocker@1.16.0':
+    resolution: {integrity: sha512-e4rYrCS5oPG3bvbmCA6PvSuZFtDBnQYJMA9o2hr/Myq4PkO1l+uHy8APaciQV0qC9cEcJZmd6fb4QUND3fBDEw==}
    hasBin: true

  '@inquirer/checkbox@3.0.1':
@@ -813,8 +813,8 @@ packages:
  jackspeak@3.4.3:
    resolution: {integrity: sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==}

-  jackspeak@4.2.1:
-    resolution: {integrity: sha512-GPBXyfcZSGujjddPeA+V34bW70ZJT7jzCEbloVasSH4yjiqWqXHX8iZQtZdVbOhc5esSeAIuiSmMutRZQB/olg==}
+  jackspeak@4.2.3:
+    resolution: {integrity: sha512-ykkVRwrYvFm1nb2AJfKKYPr0emF6IiXDYUaFx4Zn9ZuIH7MrzEZ3sD5RlqGXNRpHtvUHJyOnCEFxOlNDtGo7wg==}
    engines: {node: 20 || >=22}

  js-yaml@3.14.2:
@@ -1412,7 +1412,7 @@ snapshots:
      - supports-color
      - vue

-  '@git.zone/tsdocker@1.15.1':
+  '@git.zone/tsdocker@1.16.0':
    dependencies:
      '@push.rocks/lik': 6.2.2
      '@push.rocks/npmextra': 5.3.3
@@ -2329,7 +2329,7 @@ snapshots:
  glob@11.1.0:
    dependencies:
      foreground-child: 3.3.1
-      jackspeak: 4.2.1
+      jackspeak: 4.2.3
      minimatch: 10.1.2
      minipass: 7.1.2
      package-json-from-dist: 1.0.1
@@ -2437,7 +2437,7 @@ snapshots:
    optionalDependencies:
      '@pkgjs/parseargs': 0.11.0

-  jackspeak@4.2.1:
+  jackspeak@4.2.3:
    dependencies:
      '@isaacs/cliui': 9.0.0