lfg2025/gashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5c0931e8f238980b3727de95ac929ddb101cb0da
gashboard/Dockerfile
Dorian 5c0931e8f2 fix(docker): replace corepack with npm i -g pnpm; copy lockfile 
Node 22's bundled Corepack strict-validates pnpm package signatures, and
the Portainer build host couldn't complete `corepack prepare pnpm@9.12.3
--activate` (exit 1). Reproducible failure mode behind networks that
can't reach Corepack's signing-key host or against pinned pnpm versions
whose signatures aren't yet shipped in Corepack's known list.

Switch all three stages to install pnpm via plain `npm i -g pnpm@9.12.3`,
which has none of those constraints. Also copy pnpm-lock.yaml in so
`--frozen-lockfile` actually does what it says (was previously running
`--frozen-lockfile=false` because the lockfile wasn't being copied).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-06 16:07:09 +01:00

46 lines
1.5 KiB
Docker
Raw Blame History

# TODO(security): pin this base by SHA256 before shipping to production.
# Resolve with:
# docker pull node:22.12.0-alpine
# docker inspect --format='{{index .RepoDigests 0}}' node:22.12.0-alpine
# then replace `node:22.12.0-alpine` below with `node@sha256:<digest>`.
ARG NODE_IMAGE=node:22.12.0-alpine
FROM ${NODE_IMAGE} AS deps
WORKDIR /app
# Avoid Corepack — Node 22 ships a Corepack that strict-validates pnpm
# signatures and breaks behind builders that can't reach the signing host.
RUN npm install -g pnpm@9.12.3 --no-fund --no-audit && npm cache clean --force
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
COPY apps/api/package.json apps/api/
COPY apps/web/package.json apps/web/
RUN pnpm install --frozen-lockfile
FROM deps AS build-api
WORKDIR /app
COPY apps/api apps/api
RUN pnpm --filter @gashboard/api build
FROM deps AS build-web
WORKDIR /app
COPY apps/web apps/web
RUN pnpm --filter @gashboard/web build
FROM ${NODE_IMAGE} AS runtime
WORKDIR /app
ENV NODE_ENV=production
RUN apk add --no-cache wget tini \
&& npm install -g pnpm@9.12.3 --no-fund --no-audit \
&& npm cache clean --force
COPY pnpm-workspace.yaml package.json pnpm-lock.yaml ./
COPY apps/api/package.json apps/api/
RUN pnpm install --filter @gashboard/api --prod --frozen-lockfile
COPY --from=build-api /app/apps/api/dist apps/api/dist
COPY --from=build-web /app/apps/web/dist apps/api/public
USER node
EXPOSE 8080
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["node", "apps/api/dist/index.js"]
Reference in New Issue View Git Blame Copy Permalink