v5.6.0

.dockerignore

@@ -0,0 +1,14 @@
+.git
+.nogit
+node_modules
+dist
+dist_*
+coverage
+public
+pages
+.yarn
+.cache
+.rpt2_cache
+*.md
+!image_support_files/**
+test

.gitea/workflows/docker_nottags.yaml

@@ -6,7 +6,7 @@ on:
       - '**'
 
 env:
-  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci
+  IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:szci
   NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
   NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
   NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
@@ -24,22 +24,22 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - name: Install pnpm and npmci
+      - name: Install pnpm and szci
         run: |
           pnpm install -g pnpm
-          pnpm install -g @ship.zone/npmci
+          pnpm install -g @ship.zone/szci
-          npmci npm prepare
+          szci npm prepare
 
       - name: Audit production dependencies
         run: |
-          npmci command npm config set registry https://registry.npmjs.org
+          szci command npm config set registry https://registry.npmjs.org
-          npmci command pnpm audit --audit-level=high --prod
+          szci command pnpm audit --audit-level=high --prod
         continue-on-error: true
 
       - name: Audit development dependencies
         run: |
-          npmci command npm config set registry https://registry.npmjs.org
+          szci command npm config set registry https://registry.npmjs.org
-          npmci command pnpm audit --audit-level=high --dev
+          szci command pnpm audit --audit-level=high --dev
         continue-on-error: true
 
   test:
@@ -54,18 +54,18 @@ jobs:
       - name: Prepare
         run: |
           pnpm install -g pnpm
-          pnpm install -g @ship.zone/npmci
+          pnpm install -g @ship.zone/szci
-          npmci npm prepare
+          szci npm prepare
 
       - name: Test stable
         run: |
-          npmci node install stable
+          szci node install stable
-          npmci npm install
+          szci npm install
-          npmci npm test
+          szci npm test
 
       - name: Test build
         run: |
-          npmci npm prepare
+          szci npm prepare
-          npmci node install stable
+          szci node install stable
-          npmci npm install
+          szci npm install
-          npmci command npm run build
+          szci command npm run build

.gitea/workflows/docker_tags.yaml

@@ -6,7 +6,7 @@ on:
       - '*'
 
 env:
-  IMAGE: code.foss.global/host.today/ht-docker-node:npmci
+  IMAGE: code.foss.global/host.today/ht-docker-node:szci
   NPMCI_COMPUTED_REPOURL: https://${{gitea.repository_owner}}:${{secrets.GITEA_TOKEN}}@gitea.lossless.digital/${{gitea.repository}}.git
   # NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}}
   # NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}}
@@ -27,19 +27,19 @@ jobs:
       - name: Prepare
         run: |
           pnpm install -g pnpm
-          pnpm install -g @ship.zone/npmci
+          pnpm install -g @ship.zone/szci
-          npmci npm prepare
+          szci npm prepare
 
       - name: Audit production dependencies
         run: |
-          npmci command npm config set registry https://registry.npmjs.org
+          szci command npm config set registry https://registry.npmjs.org
-          npmci command pnpm audit --audit-level=high --prod
+          szci command pnpm audit --audit-level=high --prod
         continue-on-error: true
 
       - name: Audit development dependencies
         run: |
-          npmci command npm config set registry https://registry.npmjs.org
+          szci command npm config set registry https://registry.npmjs.org
-          npmci command pnpm audit --audit-level=high --dev
+          szci command pnpm audit --audit-level=high --dev
         continue-on-error: true
 
   test:
@@ -54,27 +54,27 @@ jobs:
       - name: Prepare
         run: |
           pnpm install -g pnpm
-          pnpm install -g @ship.zone/npmci
+          pnpm install -g @ship.zone/szci
-          npmci npm prepare
+          szci npm prepare
 
       - name: Test stable
         run: |
-          npmci node install stable
+          szci node install stable
-          npmci npm install
+          szci npm install
-          npmci npm test
+          szci npm test
 
       - name: Test build
         run: |
-          npmci node install stable
+          szci node install stable
-          npmci npm install
+          szci npm install
-          npmci command npm run build
+          szci command npm run build
 
   release:
     needs: test
     if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
     runs-on: ubuntu-latest
     container:
-      image: code.foss.global/host.today/ht-docker-dbase:npmci
+      image: code.foss.global/host.today/ht-docker-dbase:szci
 
     steps:
       - uses: actions/checkout@v3
@@ -110,4 +110,4 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Trigger
-        run: npmci trigger
+        run: szci trigger

Dockerfile

@@ -9,29 +9,32 @@ ENV NODE_VERSION_LTS="24.13.0" NODE_VERSION_STABLE="24.13.0" NVM_DIR="/usr/local
 ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium-browser
 ENV CHROME_BIN=/usr/bin/chromium-browser
 
-# Set debconf to run non-interactively and install packages
+# Layer 1: Base system + dev tools
 RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections \
     && apt-get update \
     && apt-get upgrade --no-install-recommends -y \
     && apt-get install -y -q --no-install-recommends \
-        # base libs
         software-properties-common \
         apt-transport-https \
         build-essential \
         ca-certificates \
         gpg-agent \
         curl \
-        g++ \
-        gcc \
         git \
-        make \
         openssl \
         python3 \
         rsync \
         ssh \
         wget \
         unzip \
-        # puppeteer
+        iputils-ping \
+        dnsutils \
+        tini \
+    && apt-get clean
+
+# Layer 2: Chromium + Puppeteer/Playwright browser deps
+RUN apt-get install -y -q --no-install-recommends \
+        chromium-browser \
         libasound2t64 \
         libatk1.0-0 \
         libatk-bridge2.0-0 \
@@ -63,31 +66,26 @@ RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selectio
         libxrender1 \
         libxss1 \
         libxtst6 \
-        ca-certificates \
         fonts-liberation \
         libayatana-appindicator3-1 \
         libnss3 \
         lsb-release \
         xdg-utils \
-        # network
+    && apt-get clean \
-        iputils-ping \
+    && rm -rf /var/lib/apt/lists/*
-        dnsutils \
 
-    # chromium (multi-arch compatible - works on both amd64 and arm64)
+# Layer 3: MongoDB 8.0
-    && apt-get install -y -q --no-install-recommends chromium-browser \
+RUN curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
-    
-    # mongodb 8.0
-    && curl -fsSL https://www.mongodb.org/static/pgp/server-8.0.asc | \
         gpg --dearmor -o /usr/share/keyrings/mongodb-server-8.0.gpg \
     && echo "deb [ arch=amd64,arm64 signed-by=/usr/share/keyrings/mongodb-server-8.0.gpg ] https://repo.mongodb.org/apt/ubuntu noble/mongodb-org/8.0 multiverse" | \
         tee /etc/apt/sources.list.d/mongodb-org-8.0.list \
     && apt-get update \
     && apt-get install -y -q --no-install-recommends mongodb-org \
     && apt-get clean \
-    && rm -r /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/*
 
 # Install nvm with node and npm
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Prepend to bashrc, before the "[ -z "$PS1" ] && return" line
@@ -121,7 +119,7 @@ RUN nvm install $NODE_VERSION_STABLE \
     && pnpm -v \
     && pnpm config set unsafe-perm true
 
-ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_STABLE/lib/node_modules
+ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION_STABLE/bin:$PATH
 
 # Install Bun
@@ -135,5 +133,5 @@ ENV DENO_INSTALL="/root/.deno"
 ENV PATH="$DENO_INSTALL/bin:$PATH"
 
 # Set entrypoint to make nvm available in all runtime contexts
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD ["bash"]

Dockerfile_alpine-bun

@@ -16,10 +16,11 @@ RUN apk add --no-cache \
     git \
     ca-certificates \
     unzip \
-    libstdc++
+    libstdc++ \
+    tini
 
 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -41,14 +42,18 @@ SHELL ["/usr/local/bin/bash-with-nvm"]
 ENV BASH_ENV=/etc/bash.bashrc
 
 # Install Node.js LTS via NVM and Bun
-RUN nvm install $NODE_VERSION_LTS \
+# TARGETARCH fix: QEMU buildx can report wrong arch via uname -m
+ARG TARGETARCH
+RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x64-musl") \
+    && nvm_get_arch() { echo "$NVM_MUSL_ARCH"; } \
+    && nvm install $NODE_VERSION_LTS \
     && nvm alias default $NODE_VERSION_LTS \
     && nvm use default \
     && curl -fsSL https://bun.sh/install | bash
 
 ENV PATH="$BUN_INSTALL/bin:$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH"
-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 
 # Set entrypoint to make nvm available in all runtime contexts
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD ["bash"]

Dockerfile_alpine-deno

@@ -17,10 +17,11 @@ RUN apk add --no-cache \
     ca-certificates \
     unzip \
     libstdc++ \
+    tini \
     deno
 
 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -42,13 +43,17 @@ SHELL ["/usr/local/bin/bash-with-nvm"]
 ENV BASH_ENV=/etc/bash.bashrc
 
 # Install Node.js LTS via NVM (Deno already installed from Alpine repos)
-RUN nvm install $NODE_VERSION_LTS \
+# TARGETARCH fix: QEMU buildx can report wrong arch via uname -m
+ARG TARGETARCH
+RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x64-musl") \
+    && nvm_get_arch() { echo "$NVM_MUSL_ARCH"; } \
+    && nvm install $NODE_VERSION_LTS \
     && nvm alias default $NODE_VERSION_LTS \
     && nvm use default
 
 ENV PATH="$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH"
-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 
 # Set entrypoint to make nvm available in all runtime contexts
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD ["bash"]

Dockerfile_alpine-node

@@ -22,10 +22,11 @@ RUN apk add --no-cache \
     unzip \
     iputils \
     bind-tools \
-    libstdc++
+    libstdc++ \
+    tini
 
 # Install NVM (latest version for better Alpine/musl support)
-RUN mkdir -p $NVM_DIR && curl https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
 
 # Make nvm available globally in all bash shells (interactive + non-interactive)
 # IMPORTANT: Create /etc/bash.bashrc with nvm initialization
@@ -52,16 +53,22 @@ ENV PATH="$PNPM_HOME:$PATH"
 
 # Install Node.js LTS via NVM and pnpm
 # Use musl-specific builds from unofficial-builds for Alpine compatibility
-RUN nvm install $NODE_VERSION_LTS \
+# TARGETARCH fix: QEMU buildx can report wrong arch via uname -m, causing NVM
+# to download x64 binaries on arm64. We create a temporary uname wrapper to
+# ensure the correct architecture binary is downloaded.
+ARG TARGETARCH
+RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x64-musl") \
+    && nvm_get_arch() { echo "$NVM_MUSL_ARCH"; } \
+    && nvm install $NODE_VERSION_LTS \
     && nvm alias default $NODE_VERSION_LTS \
     && nvm use default \
     && npm install -g pnpm \
     && pnpm -v \
     && pnpm config set unsafe-perm true
 
-ENV NODE_PATH=$NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH
 
 # Set entrypoint to make nvm available in all runtime contexts
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD ["bash"]

Dockerfile_alpine-npmci

@@ -1,10 +0,0 @@
-FROM host.today/ht-docker-node:alpine-node
-RUN apk update && apk add bash libc6-compat alpine-sdk
-ENV PYTHONUNBUFFERED=1
-RUN apk add --update --no-cache python3 && ln -sf python3 /usr/bin/python
-RUN python3 -m ensurepip
-RUN pip3 install --no-cache --upgrade pip setuptools
-RUN apk add --update alpine-sdk && \
-    apk add libffi-dev openssl-dev && \
-    apk add python3-dev && \
-    pnpm install -g @ship.zone/npmci node-gyp

Dockerfile_alpine-szci

@@ -0,0 +1,11 @@
+FROM host.today/ht-docker-node:alpine-node
+ENV PYTHONUNBUFFERED=1
+RUN apk add --no-cache \
+        libc6-compat \
+        alpine-sdk \
+        python3-dev \
+        py3-pip \
+        libffi-dev \
+        openssl-dev \
+    && ln -sf python3 /usr/bin/python \
+    && pnpm install -g @ship.zone/szci node-gyp

Dockerfile_dbase

@@ -0,0 +1,63 @@
+FROM docker:latest
+LABEL author="Task Venture Capital GmbH <hello@task.vc>"
+
+WORKDIR /workspace
+
+# Important environment variables
+ENV NODE_VERSION_LTS="24.13.0" \
+    NVM_DIR="/usr/local/nvm" \
+    PNPM_HOME="/root/.local/share/pnpm" \
+    NVM_NODEJS_ORG_MIRROR="https://unofficial-builds.nodejs.org/download/release"
+
+# System packages (single layer)
+# docker:latest already includes docker-cli and docker-compose plugin
+RUN apk add --no-cache \
+    bash curl git openssl ca-certificates wget unzip \
+    build-base python3 python3-dev py3-pip linux-headers \
+    libgcc libstdc++ libc6-compat gnupg \
+    libffi-dev openssl-dev libc-dev \
+    iputils bind-tools \
+    tini
+
+# Install NVM
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+
+# Make nvm available globally in all bash shells
+RUN printf '%s\n%s\n%s\n' \
+        'export NVM_DIR="/usr/local/nvm"' \
+        '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"' \
+        '[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"' \
+        > /etc/bash.bashrc
+
+# Copy nvm wrapper scripts
+COPY image_support_files/bash-with-nvm /usr/local/bin/bash-with-nvm
+COPY image_support_files/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
+RUN chmod +x /usr/local/bin/bash-with-nvm /usr/local/bin/docker-entrypoint.sh
+
+# Use wrapper for RUN commands to enable nvm
+SHELL ["/usr/local/bin/bash-with-nvm"]
+
+# Enable nvm for runtime bash commands
+ENV BASH_ENV=/etc/bash.bashrc
+
+# Prepare pnpm directory
+RUN mkdir -p ${PNPM_HOME}
+ENV PATH="$PNPM_HOME:$PATH"
+
+# Install Node.js LTS via NVM and pnpm
+# TARGETARCH fix: override nvm_get_arch for correct musl arch on arm64
+ARG TARGETARCH
+RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x64-musl") \
+    && nvm_get_arch() { echo "$NVM_MUSL_ARCH"; } \
+    && nvm install $NODE_VERSION_LTS \
+    && nvm alias default $NODE_VERSION_LTS \
+    && nvm use default \
+    && npm install -g pnpm \
+    && pnpm -v \
+    && pnpm config set unsafe-perm true
+
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
+ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH
+
+ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
+CMD ["bash"]

Dockerfile_dbase_dind

@@ -0,0 +1,61 @@
+FROM docker:dind
+LABEL author="Task Venture Capital GmbH <hello@task.vc>"
+
+WORKDIR /workspace
+
+# Important environment variables
+ENV NODE_VERSION_LTS="24.13.0" \
+    NVM_DIR="/usr/local/nvm" \
+    PNPM_HOME="/root/.local/share/pnpm" \
+    NVM_NODEJS_ORG_MIRROR="https://unofficial-builds.nodejs.org/download/release"
+
+# System packages
+RUN apk add --no-cache \
+    bash curl git openssl ca-certificates wget unzip \
+    build-base python3 python3-dev py3-pip linux-headers \
+    libgcc libstdc++ libc6-compat gnupg \
+    libffi-dev openssl-dev libc-dev \
+    iputils bind-tools \
+    tini
+
+# Install NVM
+RUN mkdir -p $NVM_DIR && curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
+
+# Make nvm available globally in all bash shells
+RUN printf '%s\n%s\n%s\n' \
+        'export NVM_DIR="/usr/local/nvm"' \
+        '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"' \
+        '[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"' \
+        > /etc/bash.bashrc
+
+# Copy nvm wrapper for build-time SHELL
+COPY image_support_files/bash-with-nvm /usr/local/bin/bash-with-nvm
+RUN chmod +x /usr/local/bin/bash-with-nvm
+
+# Use wrapper for RUN commands to enable nvm
+SHELL ["/usr/local/bin/bash-with-nvm"]
+
+# Enable nvm for runtime bash commands (docker exec shells)
+ENV BASH_ENV=/etc/bash.bashrc
+
+# Prepare pnpm directory
+RUN mkdir -p ${PNPM_HOME}
+ENV PATH="$PNPM_HOME:$PATH"
+
+# Install Node.js LTS via NVM and pnpm
+# TARGETARCH fix: override nvm_get_arch for correct musl arch on arm64
+ARG TARGETARCH
+RUN NVM_MUSL_ARCH=$([ "$TARGETARCH" = "arm64" ] && echo "arm64-musl" || echo "x64-musl") \
+    && nvm_get_arch() { echo "$NVM_MUSL_ARCH"; } \
+    && nvm install $NODE_VERSION_LTS \
+    && nvm alias default $NODE_VERSION_LTS \
+    && nvm use default \
+    && npm install -g pnpm \
+    && pnpm -v \
+    && pnpm config set unsafe-perm true
+
+ENV NODE_PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
+ENV PATH=$NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH
+
+# Keep docker:dind's own ENTRYPOINT (dockerd-entrypoint.sh)
+# NVM is available in exec shells via BASH_ENV

Dockerfile_dbase_npmci

@@ -0,0 +1,3 @@
+FROM host.today/ht-docker-node:dbase
+LABEL author="Task Venture Capital GmbH <hello@task.vc>"
+RUN pnpm install -g @ship.zone/szci

Dockerfile_fossglobal_preinstalled_##version##

@@ -1,12 +1,7 @@
-FROM host.today/ht-docker-node:npmci
+FROM host.today/ht-docker-node:szci
-RUN npm install -g \
+RUN pnpm install -g \
   @git.zone/tsrun \
   @git.zone/tstest \
-  @push.rocks/qenv \
+  @git.zone/tsdocker \
-  @push.rocks/smartfile \
+  @git.zone/tsbundle \
-  @push.rocks/smartpath \
+  @git.zone/tools
-  @push.rocks/smartshell \
-  @push.rocks/tapbundle \
-  axios \
-  @push.rocks/smartdelay \
-  @push.rocks/smartjson

Dockerfile_lts

@@ -4,5 +4,5 @@ LABEL author="Task Venture Capital GmbH <hello@task.vc>"
 RUN bash -c "source $NVM_DIR/nvm.sh \
     && nvm install $NODE_VERSION_LTS"
     
-ENV NODE_PATH $NVM_DIR/v$NODE_VERSION_LTS/lib/node_modules
+ENV NODE_PATH $NVM_DIR/versions/node/v$NODE_VERSION_LTS/lib/node_modules
 ENV PATH      $NVM_DIR/versions/node/v$NODE_VERSION_LTS/bin:$PATH

Dockerfile_stableinit

@@ -1,6 +0,0 @@
-FROM host.today/ht-docker-node:latest
-# Add Tini
-ENV TINI_VERSION v0.19.0
-ADD https://github.com/krallin/tini/releases/download/${TINI_VERSION}/tini /tini
-RUN chmod +x /tini
-ENTRYPOINT ["/tini", "--"]

Dockerfile_szci

@@ -1,4 +1,4 @@
 FROM host.today/ht-docker-node:latest
 LABEL author="Task Venture Capital GmbH <hello@task.vc>"
 
-RUN pnpm install -g @ship.zone/npmci
+RUN pnpm install -g @ship.zone/szci

changelog.md

@@ -1,5 +1,49 @@
 # Changelog
 
+## 2026-02-07 - 5.6.0 - feat(dockerfiles)
+Add base Dockerfiles for dbase/dind, enable pnpm and stack-fix, update preinstalled image tooling and registries, and bump @git.zone/tsdocker devDependency
+
+- Added Dockerfile_dbase: Alpine-based docker image with nodejs-current, pnpm installation, python/pip setup, compiles /lib/stack-fix.so and sets LD_PRELOAD, and enables pnpm unsafe-perm.
+- Added Dockerfile_dbase_dind: multi-stage docker:dind build that installs same toolchain, compiles stack-fix.so in build stage, copies pnpm/python artifacts to final stage, and preserves LD_PRELOAD.
+- Added Dockerfile_dbase_npmci: lightweight image FROM hosttoday/ht-docker-dbase:latest that installs @ship.zone/npmci globally via pnpm.
+- Updated Dockerfile_fossglobal_preinstalled_##version##: switched from npm to pnpm and replaced several global packages (removed push.rocks/* and axios; added @git.zone/tsdocker, @git.zone/tsbundle, @git.zone/tools).
+- Updated npmextra.json: cleared szci.dockerRegistries and simplified @git.zone/tsdocker registries/registryRepoMap to only use code.foss.global and preserved platforms/testDir.
+- Bumped devDependency @git.zone/tsdocker from ^1.17.0 to ^1.17.1 (patch bump).
+
+## 2026-02-07 - 5.5.2 - fix()
+no changes detected — no release necessary
+
+- No files changed in the provided git diff
+- Current package.json version is 5.5.1
+
+## 2026-02-07 - 5.5.1 - fix(docker)
+normalize NODE_PATH and harden Dockerfile installs; use curl -fsSL; consolidate Alpine apk installs; update .dockerignore; bump @git.zone/tsdocker devDependency
+
+- Change NODE_PATH to $NVM_DIR/versions/node/v... across Dockerfiles to match nvm layout
+- Use curl -fsSL for non-interactive installs
+- Run apt-get clean and remove /var/lib/apt/lists to reduce image size and ensure clean state
+- Consolidate apk add commands and ensure python3 symlink and pnpm global installs in Alpine image
+- Add .dockerignore entries to exclude build artifacts and include image_support_files
+- Bump devDependency @git.zone/tsdocker from ^1.15.1 to ^1.16.0
+
+## 2026-02-07 - 5.5.0 - feat(docker)
+Rework Dockerfile into layered installs and add tooling (tini, chromium, MongoDB); simplify Alpine CI image Python/pip setup; add tsdocker devDependency; remove npmextra push flag; update README and registry links
+
+- Dockerfile: split apt installs into logical layers, added tini, iputils-ping and dnsutils, moved chromium-browser into its own layer, and fixed apt cache cleanup (rm -rf)
+- Dockerfile: add MongoDB 8.0 apt repository and install in a dedicated layer
+- Alpine image (Dockerfile_alpine-szci): consolidated python3 and py3-pip install (removed ensurepip + manual pip upgrade)
+- package.json: add devDependency @git.zone/tsdocker@^1.15.1
+- npmextra.json: removed "push": false flag (affects CI/publish behavior)
+- README: update registry URLs to code.foss.global, document tini and NVM behavior, refresh image descriptions and links
+
+## 2026-02-06 - 5.4.0 - feat(ci)
+replace npmci with szci across CI and images; add szci preinstalled images and make tini the PID 1 init in Docker images
+
+- Replace @ship.zone/npmci with @ship.zone/szci in Gitea CI workflows (.gitea/workflows/docker_nottags.yaml, docker_tags.yaml) and update commands to use szci
+- Add szci-specific Dockerfiles (Dockerfile_szci, Dockerfile_alpine-szci) and tests (test/test_szci.sh); remove npmci-specific files
+- Install and use tini as PID 1 in multiple Dockerfiles and switch ENTRYPOINT to run tini for proper signal forwarding and zombie reaping
+- Update metadata/manifest files (package.json, npmextra.json, readme.*, Dockerfile base tags) to reference szci and document the inclusion of tini
+
 ## 2026-02-06 - 5.3.0 - feat(docker)
 add Chromium support for Puppeteer/Playwright and npm build/release scripts
 

npmextra.json

@@ -16,31 +16,23 @@
         "CI",
         "git",
         "ssh",
-        "npmci",
+        "szci",
         "node version management",
         "typescript"
       ]
     }
   },
-  "npmci": {
+  "szci": {
-    "dockerRegistries": [
+    "dockerRegistries": []
-      "docker.io",
-      "registry.gitlab.com"
-    ]
   },
   "@git.zone/tsdocker": {
     "registries": [
-      "code.foss.global",
+      "code.foss.global"
-      "registry.gitlab.com",
-      "docker.io"
     ],
     "registryRepoMap": {
-      "code.foss.global": "host.today/ht-docker-node",
+      "code.foss.global": "host.today/ht-docker-node"
-      "registry.gitlab.com": "hosttoday/ht-docker-node",
-      "docker.io": "hosttoday/ht-docker-node"
     },
     "platforms": ["linux/amd64", "linux/arm64"],
-    "push": false,
     "testDir": "./test"
   },
   "tsdoc": {

package.json

@@ -1,6 +1,6 @@
 {
   "name": "ht-docker-node",
-  "version": "5.3.0",
+  "version": "5.6.0",
   "description": "A Docker image that integrates Node.js with shipzone.io support.",
   "main": "index.js",
   "scripts": {
@@ -30,8 +30,11 @@
     "CI",
     "git",
     "ssh",
-    "npmci",
+    "szci",
     "node version management",
     "typescript"
-  ]
+  ],
+  "devDependencies": {
+    "@git.zone/tsdocker": "^1.17.1"
+  }
 }

readme.hints.md

@@ -68,7 +68,7 @@ RUN node --version      # Now shows v18.x.x
 - ✅ Dockerfile RUN: `nvm install`, `nvm use`, version switching
 - ✅ Runtime bash -c: All nvm commands work
 - ✅ CI/CD workflows: Tested in .gitea/workflows context
-- ✅ Backward compat: pnpm, npmci, ENV PATH fallback
+- ✅ Backward compat: pnpm, szci, ENV PATH fallback
 - ✅ Multi-stage builds: nvm available in all stages
 - ✅ Interactive shells: Full nvm access
 

readme.md

@@ -1,121 +1,163 @@
 # 🐳 ht-docker-node
 
-> Production-ready Docker images for Node.js development with multi-architecture support, modern runtimes, and intelligent version management.
+> Production-ready Docker images for Node.js with NVM built in, multi-arch support, and modern runtimes (Bun, Deno). Every image ships with **tini** as PID 1 and full **NVM** integration — switch Node versions on the fly, no sourcing required.
 
-**Multi-arch ready** • **Alpine & Ubuntu** • **NVM built-in** • **Bun, Deno & pnpm** • **CI/CD optimized**
+**Multi-arch** • **Alpine & Ubuntu** • **NVM built-in** • **Bun, Deno & pnpm** • **tini init** • **CI/CD optimized**
+
+## Issue Reporting and Security
+
+For reporting bugs, issues, or security vulnerabilities, please visit [community.foss.global/](https://community.foss.global/). This is the central community hub for all issue reporting. Developers who sign and comply with our contribution agreement and go through identification can also get a [code.foss.global/](https://code.foss.global/) account to submit Pull Requests directly.
 
 ---
 
 ## 🚀 Quick Start
 
 ```bash
-# Pull and run the latest Node.js LTS image
+# Pull and run the full-featured Ubuntu image
-docker pull registry.gitlab.com/hosttoday/ht-docker-node:latest
+docker pull code.foss.global/host.today/ht-docker-node:latest
-docker run -it registry.gitlab.com/hosttoday/ht-docker-node:latest
+docker run -it code.foss.global/host.today/ht-docker-node:latest
 
-# Or use Alpine for smaller images (200MB vs 800MB+)
+# Or go lean with Alpine (~200 MB vs ~900 MB)
-docker pull registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
+docker pull code.foss.global/host.today/ht-docker-node:alpine-node
+docker run -it code.foss.global/host.today/ht-docker-node:alpine-node
 ```
 
+NVM is ready the moment you enter the container — no manual sourcing, no `.bashrc` hacks:
+
+```bash
+$ nvm install 22
+$ nvm use 22
+$ node -v   # v22.x.x ✅
+```
+
+---
+
 ## 📦 Available Images
 
-### Ubuntu-Based Images (Full-Featured)
+### Ubuntu-Based (Full-Featured)
 
-Perfect for complex builds requiring native dependencies and maximum compatibility.
+Built on **Ubuntu 24.04**. Maximum compatibility, all build tools included, plus Chromium for Puppeteer/Playwright, and MongoDB 8.0.
 
-| Tag | Description | Use Case |
+| Tag | Description | Key Contents |
-|-----|-------------|----------|
+|-----|-------------|--------------|
-| `:latest` | Node.js LTS with NVM (Ubuntu 24.04) | General purpose, production builds |
+| `:latest` | Kitchen-sink Node.js image | Node LTS + NVM + pnpm + Bun + Deno + Chromium + MongoDB 8.0 |
-| `:lts` | Based on latest | Explicit LTS naming |
+| `:lts` | Alias of `:latest` | Same — explicit LTS naming for clarity |
-| `:npmci` | With npmci preinstalled | CI/CD pipelines |
+| `:szci` | CI/CD workhorse | `:latest` + `@ship.zone/szci` preinstalled |
-| `:stableinit` | Stable initialization base | Init scripts |
+| `:fossglobal_preinstalled_<ver>` | Preloaded tooling image | `:szci` + tsrun, tstest, tapbundle, smartfile, and more |
 
-### Alpine-Based Images (Lightweight & Multi-Arch) ⚡
+### Alpine-Based (Lightweight & Multi-Arch) ⚡
 
-**40-60% smaller** than Ubuntu images. Native performance on **both x64 and ARM64** (Apple Silicon, ARM servers).
+**40–75 % smaller** than Ubuntu. Native performance on **both amd64 and arm64** (Apple Silicon, Graviton, Ampere).
 
 | Tag | Description | Size | Architectures |
 |-----|-------------|------|---------------|
 | `:alpine-node` | Node.js LTS + NVM + pnpm | ~200 MB | amd64, arm64 |
-| `:alpine-deno` | Node.js LTS + NVM + Deno | ~180MB | amd64, arm64 |
 | `:alpine-bun` | Node.js LTS + NVM + Bun | ~150 MB | amd64, arm64 |
-| `:alpine-npmci` | Alpine Node + npmci + build tools | ~250MB | amd64, arm64 |
+| `:alpine-deno` | Node.js LTS + NVM + Deno | ~180 MB | amd64, arm64 |
+| `:alpine-szci` | Alpine Node + szci + build tools | ~250 MB | amd64, arm64 |
 
-**✨ Multi-architecture magic:** Docker automatically selects the right image for your platform. Build on Mac, deploy on Linux servers—same Dockerfile, native speed everywhere.
+> 💡 Docker automatically pulls the right arch for your platform. Build on a Mac, deploy on an ARM server — same tag, native speed everywhere.
 
-> **Note:** The Deno image uses Alpine edge to access the official musl-compiled Deno package from Alpine's community repository.
+> **Note:** The Deno Alpine image uses `alpine:edge` to get the official musl-compiled Deno from the community repository.
+
+### What every image includes
+
+| Feature | Detail |
+|---------|--------|
+| **tini** | PID 1 init — proper signal forwarding & zombie reaping |
+| **NVM** | v0.40.1 — works in `RUN`, `docker exec`, CI scripts, interactive shells |
+| **Node.js** | LTS v24.13.0 (default, switchable) |
+| **docker-entrypoint.sh** | Loads NVM at runtime so `docker run … bash -c "nvm use 22"` just works |
 
 ---
 
 ## 💡 Key Features
 
-### 🔄 NVM (Node Version Manager) Built-In
+### 🔄 NVM — Zero-Config Node Version Management
 
-Switch Node.js versions **instantly** without rebuilding images:
+NVM is pre-wired into every shell context. No manual sourcing required in any of these scenarios:
+
+**Dockerfile RUN commands** (via the `bash-with-nvm` SHELL wrapper):
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:latest
+FROM code.foss.global/host.today/ht-docker-node:latest
 
-# Works directly in RUN commands - no sourcing needed!
+# Works directly — no sourcing needed!
-RUN nvm install 18.20.0
+RUN nvm install 22 && nvm use 22 && npm ci
-RUN nvm use 18 && npm install
+RUN nvm alias default 22          # persists for later RUN steps
-RUN nvm install 20 && nvm use 20 && npm test
-
-# Set default for subsequent commands
-RUN nvm install 19 && nvm alias default 19
 ```
 
-### 🎯 CI/CD Workflow Ready
+**CI/CD scripts** (via `BASH_ENV=/etc/bash.bashrc`):
-
-NVM works seamlessly in GitHub Actions, GitLab CI, and other automation:
 
 ```yaml
-# .gitlab-ci.yml
+# Gitea / GitLab CI
 test:
-  image: registry.gitlab.com/hosttoday/ht-docker-node:latest
+  image: code.foss.global/host.today/ht-docker-node:latest
   script:
-    - nvm install 18
+    - nvm install 22 && nvm use 22
-    - nvm use 18
+    - pnpm ci && pnpm test
-    - npm ci
-    - npm test
-
-    # Test on multiple Node versions
-    - nvm install 20
-    - nvm use 20
-    - npm test
 ```
 
-### 🏔️ Alpine: Production-Optimized
+**Interactive shells** and **`docker exec`**:
+
+```bash
+docker exec -it mycontainer bash
+$ nvm ls          # lists installed versions
+$ nvm install 20  # installs Node 20
+$ nvm use 20      # switches immediately
+```
+
+> ⚠️ **Note on version persistence across RUN steps:** Each Dockerfile `RUN` starts a new shell. Use `nvm alias default <version>` to persist your choice, or chain commands in a single `RUN`.
+
+### 🛡️ tini — Proper Init for Containers
+
+All images use [tini](https://github.com/krallin/tini) as PID 1:
+
+```
+tini → docker-entrypoint.sh → your command
+```
+
+This means:
+- ✅ Signals (SIGTERM, SIGINT) are forwarded correctly to your app
+- ✅ Zombie processes are reaped automatically
+- ✅ Clean container shutdown — no orphaned processes
+
+### 🌐 Chromium (Ubuntu `:latest` only)
+
+Puppeteer and Playwright work out of the box:
+
+```javascript
+const browser = await puppeteer.launch(); // uses /usr/bin/chromium-browser
+```
+
+Environment variables `PUPPETEER_EXECUTABLE_PATH` and `CHROME_BIN` are pre-set. Multi-arch compatible (amd64 + arm64).
+
+### 🏔️ Alpine — Production Optimized
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
+FROM code.foss.global/host.today/ht-docker-node:alpine-node
 
-# Same NVM commands as Ubuntu
+RUN nvm install 22 && nvm use 22
-RUN nvm install 20 && nvm use 20
+RUN pnpm install && pnpm build
-RUN pnpm install
+# Result: ~200 MB image
-RUN pnpm build
-
-# Result: 200MB image vs 800MB+ Ubuntu
 ```
 
-**Why Alpine?**
+Why Alpine?
-- ✅ **60-75% smaller images** → Faster deployments
+- ✅ **60–75 % smaller** → Faster pulls, faster deploys
-- ✅ **Reduced attack surface** → Better security
+- ✅ **Reduced attack surface** → Fewer packages = fewer CVEs
-- ✅ **Native musl builds** → No glibc compatibility issues
+- ✅ **Native musl builds** → No glibc compatibility layer
-- ✅ **Multi-arch support** → One image, all platforms
+- ✅ **Multi-arch** → Same tag works on x64 and ARM64
 
 ---
 
 ## 🛠️ Usage Examples
 
-### Basic Node.js Application
+### Basic Node.js App
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
+FROM code.foss.global/host.today/ht-docker-node:alpine-node
 
 WORKDIR /app
-
-# NVM is already configured, Node.js LTS is ready
 COPY package*.json ./
 RUN pnpm install
 
@@ -129,135 +171,113 @@ CMD ["node", "dist/index.js"]
 ### Multi-Version Testing
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:latest
+FROM code.foss.global/host.today/ht-docker-node:latest
 
 WORKDIR /app
 COPY package*.json ./
 
-# Test on Node 18
-RUN nvm install 18 && nvm use 18 && npm ci && npm test
-
-# Test on Node 20
 RUN nvm install 20 && nvm use 20 && npm ci && npm test
+RUN nvm install 22 && nvm use 22 && npm ci && npm test
 
-# Use Node 20 for production build
+# Ship with Node 22
-RUN nvm alias default 20 && npm run build
+RUN nvm alias default 22 && npm run build
 ```
 
 ### Deno Application
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-deno
+FROM code.foss.global/host.today/ht-docker-node:alpine-deno
 
 WORKDIR /app
-
-# Both Deno and Node.js are available
 COPY . .
 
-# Use Deno for the app
+# Deno and Node.js are both available
 CMD ["deno", "run", "--allow-net", "main.ts"]
-
-# Or switch to Node.js if needed
-# RUN nvm use default && npm install
 ```
 
-### Bun for Ultra-Fast Builds
+### Bun for Ultra-Fast Installs
 
 ```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-bun
+FROM code.foss.global/host.today/ht-docker-node:alpine-bun
 
 WORKDIR /app
-
-# Bun is 10-20x faster for package installation
 COPY package.json bun.lockb ./
 RUN bun install
 
 COPY . .
 RUN bun run build
-
-# Node.js also available via NVM
 CMD ["bun", "run", "start"]
 ```
 
-### TypeScript Project with Multi-Stage Build
+### TypeScript Multi-Stage Build
 
 ```dockerfile
 # Build stage
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node AS builder
+FROM code.foss.global/host.today/ht-docker-node:alpine-node AS builder
-
 WORKDIR /app
 COPY package*.json ./
 RUN pnpm install
-
 COPY tsconfig.json ./
 COPY src ./src
 RUN pnpm build
 
-# Production stage
+# Production stage — only runtime deps
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
+FROM code.foss.global/host.today/ht-docker-node:alpine-node
-
 WORKDIR /app
 COPY package*.json ./
 RUN pnpm install --prod
-
 COPY --from=builder /app/dist ./dist
+EXPOSE 3000
+CMD ["node", "dist/index.js"]
+```
 
+### Production-Hardened Setup
+
+```dockerfile
+FROM code.foss.global/host.today/ht-docker-node:alpine-node
+
+# Non-root user
+RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
+
+WORKDIR /app
+COPY package*.json ./
+RUN pnpm install --frozen-lockfile && pnpm cache clean
+
+COPY --chown=nodejs:nodejs . .
+RUN pnpm build
+
+USER nodejs
 EXPOSE 3000
 CMD ["node", "dist/index.js"]
 ```
 
 ---
 
-## 🔧 NVM Usage Patterns
+## 🔧 NVM Cheat Sheet
-
-### In Dockerfiles
-
-```dockerfile
-# Install specific version
-RUN nvm install 18.20.0
-
-# Use version
-RUN nvm use 18
-
-# Set default (persists across RUN commands)
-RUN nvm alias default 18
-
-# Chain commands in single RUN
-RUN nvm install 19 && nvm use 19 && npm install
-```
-
-### In CI/CD Scripts
 
 ```bash
-#!/bin/bash
+# Install a specific version
-# NVM is automatically available in bash scripts
+nvm install 22.5.0
 
-nvm install 20
+# Use a version (current shell)
-nvm use 20
+nvm use 22
-npm ci
-npm test
-```
 
-### Version Switching
+# Set default (persists across shells / RUN steps)
+nvm alias default 22
+
+# Install and switch to latest LTS
+nvm install --lts && nvm use --lts
 
-```bash
 # List installed versions
 nvm ls
 
-# Install and switch to latest LTS
+# Chain in a single Dockerfile RUN
-nvm install --lts
+RUN nvm install 22 && nvm use 22 && npm ci && npm test
-nvm use --lts
-
-# Install specific version
-nvm install 18.20.0
-
-# Use installed version
-nvm use 18
 ```
 
 ---
 
-## 🏗️ Building Multi-Architecture Images
+## 🏗️ Building the Images
 
 This project uses [@git.zone/tsdocker](https://code.foss.global/git.zone/tsdocker) for Docker image management.
 
@@ -265,199 +285,43 @@ This project uses [@git.zone/tsdocker](https://code.foss.global/git.zone/tsdocke
 # Install tsdocker
 pnpm install -g @git.zone/tsdocker@latest
 
-# List all discovered Dockerfiles and their tags
+# Discover all Dockerfiles and their tags
 tsdocker list
 
 # Build all images (multi-arch: amd64 + arm64)
 tsdocker build
 
-# Test all images
+# Run all test scripts
 tsdocker test
 
 # Push to a specific registry
 tsdocker push code.foss.global
 ```
 
-### Manual Builds
+### Manual Build (single image)
-
-For building individual images manually:
 
 ```bash
-# Build for both amd64 and arm64, push to registry
 docker buildx build \
   --platform linux/amd64,linux/arm64 \
   -f Dockerfile_alpine-node \
   -t your-registry/your-image:alpine-node \
-  --push \
+  --push .
-  .
 ```
 
----
+### Image Dependency Chain
 
-## 📚 Advanced Examples
+Some images depend on others being in the registry first:
 
-### Docker Compose Setup
+```
+Dockerfile (:latest) ──► Dockerfile_lts (:lts)
+                     ──► Dockerfile_szci (:szci)
+                          ──► Dockerfile_fossglobal_preinstalled_* (:fossglobal_preinstalled_<ver>)
 
-```yaml
+Dockerfile_alpine-node (:alpine-node)
-version: '3.8'
+                     ──► Dockerfile_alpine-szci (:alpine-szci)
-
-services:
-  app:
-    image: registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
-    working_dir: /app
-    volumes:
-      - .:/app
-      - /app/node_modules
-    ports:
-      - "3000:3000"
-    environment:
-      - NODE_ENV=development
-    command: sh -c "pnpm install && pnpm dev"
-
-  mongo:
-    image: mongo:latest
-    ports:
-      - "27017:27017"
 ```
 
-### GitHub Actions Workflow
+The standalone Alpine images (`:alpine-bun`, `:alpine-deno`) have no registry dependencies.
-
-```yaml
-name: CI
-
-on: [push, pull_request]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    container:
-      image: registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Install dependencies
-        run: pnpm install
-
-      - name: Run tests
-        run: pnpm test
-
-      - name: Test on multiple Node versions
-        run: |
-          for version in 18 20; do
-            echo "Testing on Node $version"
-            nvm install $version
-            nvm use $version
-            pnpm test
-          done
-```
-
-### Custom Base Image
-
-```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
-
-# Add your custom tools
-RUN apk add --no-cache \
-    python3 \
-    make \
-    g++ \
-    postgresql-client
-
-# Configure your environment
-ENV DATABASE_URL="postgresql://localhost/mydb"
-
-# Your app setup
-WORKDIR /app
-COPY package.json pnpm-lock.yaml ./
-RUN pnpm install
-
-COPY . .
-CMD ["pnpm", "start"]
-```
-
----
-
-## 🎓 Best Practices
-
-### ✅ DO
-
-- **Use Alpine images for production** (smaller, more secure)
-- **Pin Node versions in production** (`nvm alias default 20.11.0`)
-- **Use multi-stage builds** to reduce final image size
-- **Leverage build cache** with proper COPY order
-- **Run as non-root user** in production
-
-### ❌ DON'T
-
-- Don't use `:latest` tag in production (be explicit)
-- Don't install packages globally if local works
-- Don't copy `node_modules` (let the build install them)
-- Don't skip `.dockerignore` (keeps builds fast)
-
-### 🔒 Security Tips
-
-```dockerfile
-# Example: Production-hardened Dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
-
-# Create non-root user
-RUN addgroup -g 1001 -S nodejs && adduser -S nodejs -u 1001
-
-WORKDIR /app
-
-# Install deps as root
-COPY package*.json ./
-RUN pnpm install --frozen-lockfile && pnpm cache clean
-
-# Copy source
-COPY --chown=nodejs:nodejs . .
-
-# Build
-RUN pnpm build
-
-# Switch to non-root user
-USER nodejs
-
-EXPOSE 3000
-CMD ["node", "dist/index.js"]
-```
-
----
-
-## 🐛 Troubleshooting
-
-### NVM command not found
-
-If NVM isn't available in your script:
-
-```bash
-# Manually source NVM (shouldn't be needed in our images)
-export NVM_DIR="/usr/local/nvm"
-[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
-```
-
-### Alpine native module build failures
-
-Some npm packages need build tools:
-
-```dockerfile
-FROM registry.gitlab.com/hosttoday/ht-docker-node:alpine-node
-
-# Install build dependencies
-RUN apk add --no-cache python3 make g++
-
-# Now install your packages
-RUN pnpm install
-```
-
-### Permission denied errors
-
-```dockerfile
-# Fix ownership before switching users
-COPY --chown=node:node . .
-USER node
-```
 
 ---
 
@@ -466,55 +330,79 @@ USER node
 | Feature | Ubuntu `:latest` | Alpine `:alpine-node` |
 |---------|------------------|----------------------|
 | Base Size | ~900 MB | ~200 MB |
-| Build Tools | ✅ Full | ⚠️ Install separately |
+| Build Tools | ✅ Full (gcc, g++, make, python3) | ⚠️ Install separately (`apk add build-base`) |
-| Compatibility | ✅ Maximum | ✅ Good (musl) |
+| Chromium | ✅ Pre-installed | ❌ |
-| Multi-arch | ❌ amd64 only | ✅ amd64, arm64 |
+| MongoDB | ✅ 8.0 | ❌ |
-| Security | ✅ Good | ✅ Excellent (smaller surface) |
+| Runtimes | Node + Bun + Deno + pnpm | Node + pnpm |
-| Speed | Fast | Faster (smaller) |
+| Compatibility | ✅ Maximum (glibc) | ✅ Good (musl) |
-| Use Case | Complex builds | Production, CI/CD |
+| Multi-arch | ✅ amd64, arm64 | ✅ amd64, arm64 |
+| tini init | ✅ | ✅ |
+| Best for | Complex builds, E2E tests, full-stack dev | Production, CI/CD, microservices |
 
 ---
 
-## 🔗 Useful Links
+## 🐛 Troubleshooting
 
-- **GitHub Repository:** https://github.com/HostToday/ht-docker-node
+### NVM command not found
-- **Docker Hub:** registry.gitlab.com/hosttoday/ht-docker-node
+
-- **NVM Documentation:** https://github.com/nvm-sh/nvm
+Shouldn't happen in our images, but if it does:
-- **Alpine Linux:** https://alpinelinux.org/
+
-- **Node.js Unofficial Builds:** https://unofficial-builds.nodejs.org/ (musl support)
+```bash
+export NVM_DIR="/usr/local/nvm"
+[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"
+```
+
+### Alpine native module build failures
+
+Some npm packages require native build tools:
+
+```dockerfile
+FROM code.foss.global/host.today/ht-docker-node:alpine-node
+RUN apk add --no-cache python3 make g++
+RUN pnpm install
+```
+
+Or use `:alpine-szci` which ships with build tools pre-installed.
+
+### Version not persisting across RUN steps
+
+Each Dockerfile `RUN` creates a new shell. Use `nvm alias default`:
+
+```dockerfile
+RUN nvm install 22 && nvm alias default 22
+RUN node -v   # ✅ v22.x.x
+```
 
 ---
 
-## 📋 Changelog
+## 🔗 Links
 
-See [changelog.md](changelog.md) for detailed version history.
+- **Source Code:** [code.foss.global/host.today/ht-docker-node](https://code.foss.global/host.today/ht-docker-node)
-
+- **NVM:** [github.com/nvm-sh/nvm](https://github.com/nvm-sh/nvm)
-**Latest Updates (v5.0.148):**
+- **tini:** [github.com/krallin/tini](https://github.com/krallin/tini)
-- ✨ Multi-architecture Alpine images (amd64 + arm64)
+- **tsdocker:** [code.foss.global/git.zone/tsdocker](https://code.foss.global/git.zone/tsdocker)
-- ✨ Native Deno support via Alpine edge
+- **Alpine Linux:** [alpinelinux.org](https://alpinelinux.org/)
-- ✨ Bun runtime integration
+- **Node.js Unofficial Builds:** [unofficial-builds.nodejs.org](https://unofficial-builds.nodejs.org/) (musl support)
-- ✨ Simplified image tags (`:alpine-node` vs `:alpine-x64-node`)
-- 🚀 docker buildx integration for cross-platform builds
-- 📦 pnpm preinstalled on Alpine Node image
-- 🔧 NVM 0.40.1 with improved Alpine/musl support
 
 ---
 
 ## License and Legal Information
 
-This repository contains open-source code that is licensed under the MIT License. A copy of the MIT License can be found in the [license](license) file within this repository.
+This repository contains open-source code licensed under the MIT License. A copy of the license can be found in the [LICENSE](./LICENSE) file.
 
 **Please note:** The MIT License does not grant permission to use the trade names, trademarks, service marks, or product names of the project, except as required for reasonable and customary use in describing the origin of the work and reproducing the content of the NOTICE file.
 
 ### Trademarks
 
-This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH and are not included within the scope of the MIT license granted herein. Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines, and any usage must be approved in writing by Task Venture Capital GmbH.
+This project is owned and maintained by Task Venture Capital GmbH. The names and logos associated with Task Venture Capital GmbH and any related products or services are trademarks of Task Venture Capital GmbH or third parties, and are not included within the scope of the MIT license granted herein.
+
+Use of these trademarks must comply with Task Venture Capital GmbH's Trademark Guidelines or the guidelines of the respective third-party owners, and any usage must be approved in writing. Third-party trademarks used herein are the property of their respective owners and used only in a descriptive manner, e.g. for an implementation of an API or similar.
 
 ### Company Information
 
 Task Venture Capital GmbH
-Registered at District court Bremen HRB 35230 HB, Germany
+Registered at District Court Bremen HRB 35230 HB, Germany
 
-For any legal inquiries or if you require further information, please contact us via email at hello@task.vc.
+For any legal inquiries or further information, please contact us via email at hello@task.vc.
 
 By using this repository, you acknowledge that you have read this section, agree to comply with its terms, and understand that the licensing of the code does not imply endorsement by Task Venture Capital GmbH of any derivative works.

test/test_npmci.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-set -e
-
-# check if npmci is available
-npm init -y
-npmci -v
-
-# TODO update npmci to not require package.json
-npmci node install stable
-
-# check if npm picks it up
-npmci command pnpm install -g @gitzone/tsrun
-npmci command tsrun -v

test/test_szci.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+set -e
+
+# check if szci is available
+npm init -y
+szci -v
+
+# TODO update szci to not require package.json
+szci node install stable
+
+# check if npm picks it up
+szci command pnpm install -g @gitzone/tsrun
+szci command tsrun -v