From 7b1331c925827ad5ca0383133c3f6f333977158b Mon Sep 17 00:00:00 2001 From: Scott Dickerson Date: Tue, 19 Mar 2024 16:19:37 -0400 Subject: [PATCH] :ghost: force npm9 during image build (#1781) Ever since the build container we use [1][2] updated to use `npm@10`, the image builder github action has encountered a number of problems. The first was solved with #1746. The second more random problem has been with network connections erroring out when installing dependencies. To work around the network and nofiles errors: 1. enforce the use of `npm@9` 2. pin the Dockerfile base images to specific version tags; builder at `:1-88`, and runtime at `:1-93` Additional solutions: - Add the force to `npm@9` directly in the Dockerfile for use in all circumstances - Find a way to use something like verdaccio to proxy/mirror the npmjs repo during the build so npmjs fetches can be pooled across the parallel image builds [1] registry.access.redhat.com/ubi9/nodejs-18:latest [2] https://catalog.redhat.com/software/containers/ubi9/nodejs-18/62e8e7ed22d1d3c2dfe2ca01 --------- Signed-off-by: Scott J Dickerson Signed-off-by: Cherry Picker --- .github/workflows/ci-repo.yml | 3 +++ .github/workflows/image-build.yaml | 1 + Dockerfile | 13 +++++++++++-- package-lock.json | 2 +- package.json | 2 +- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-repo.yml b/.github/workflows/ci-repo.yml index e06d93da75..abe3ce1dfe 100644 --- a/.github/workflows/ci-repo.yml +++ b/.github/workflows/ci-repo.yml @@ -27,6 +27,9 @@ jobs: node-version: ${{ env.node-version }} cache: "npm" + - name: Force install npm@9 to match Dockerfile build container ubi9/nodejs-18:1-88 + run: npm install -g npm@9 + - name: Verify package-lock.json run: ./scripts/verify_lock.mjs diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index 1930495d63..4db993a897 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -21,6 +21,7 @@ jobs: image_name: "tackle2-ui" containerfile: "./Dockerfile" architectures: '[ "amd64", "arm64", "ppc64le", "s390x" ]' + # 2023-03-19: currently needed for npm@10 extra-args: "--ulimit nofile=4096:4096" secrets: registry_username: ${{ secrets.QUAY_PUBLISH_ROBOT }} diff --git a/Dockerfile b/Dockerfile index 17edb1680c..281f3995d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,21 @@ +# NOTE: Since the `:latest` tag can have npm version changes, we are using +# a specific version tag. Container build errors have come up locally +# and via github action workflow when `:latest` is updated. +# +# Image info: https://catalog.redhat.com/software/containers/ubi9/nodejs-18/62e8e7ed22d1d3c2dfe2ca01 +# Relevant PRs: +# - https://github.com/konveyor/tackle2-ui/pull/1746 +# - https://github.com/konveyor/tackle2-ui/pull/1781 + # Builder image -FROM registry.access.redhat.com/ubi9/nodejs-18:latest as builder +FROM registry.access.redhat.com/ubi9/nodejs-18:1-88 as builder USER 1001 COPY --chown=1001 . . RUN npm clean-install --ignore-scripts && npm run build && npm run dist # Runner image -FROM registry.access.redhat.com/ubi9/nodejs-18-minimal:latest +FROM registry.access.redhat.com/ubi9/nodejs-18-minimal:1-93 # Add ps package to allow liveness probe for k8s cluster # Add tar package to allow copying files with kubectl scp diff --git a/package-lock.json b/package-lock.json index 035ae14891..27068fd310 100644 --- a/package-lock.json +++ b/package-lock.json @@ -51,7 +51,7 @@ }, "engines": { "node": ">=18.14.2", - "npm": ">=9.5.0" + "npm": "^9.5.0" } }, "client": { diff --git a/package.json b/package.json index 10e5f67dbc..fef8b741e9 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ ], "engines": { "node": ">=18.14.2", - "npm": ">=9.5.0" + "npm": "^9.5.0" }, "devDependencies": { "@rollup/plugin-commonjs": "^25.0.7",