From da9da4c5672fb9c775163f86b1e9a34d60c5da65 Mon Sep 17 00:00:00 2001 From: Scott Dickerson Date: Tue, 19 Mar 2024 16:19:37 -0400 Subject: [PATCH] :ghost: force npm9 during image build (#1781) Ever since the build container we use [1][2] updated to use `npm@10`, the image builder github action has encountered a number of problems. The first was solved with #1746. The second more random problem has been with network connections erroring out when installing dependencies. To work around the network and nofiles errors: 1. enforce the use of `npm@9` 2. pin the Dockerfile base images to specific version tags; builder at `:1-88`, and runtime at `:1-93` Additional solutions: - Add the force to `npm@9` directly in the Dockerfile for use in all circumstances - Find a way to use something like verdaccio to proxy/mirror the npmjs repo during the build so npmjs fetches can be pooled across the parallel image builds [1] registry.access.redhat.com/ubi9/nodejs-18:latest [2] https://catalog.redhat.com/software/containers/ubi9/nodejs-18/62e8e7ed22d1d3c2dfe2ca01 --------- Signed-off-by: Scott J Dickerson --- .github/workflows/ci-repo.yml | 3 +++ .github/workflows/image-build.yaml | 7 ++++--- Dockerfile | 13 +++++++++++-- package-lock.json | 2 +- package.json | 2 +- 5 files changed, 20 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci-repo.yml b/.github/workflows/ci-repo.yml index e06d93da75..abe3ce1dfe 100644 --- a/.github/workflows/ci-repo.yml +++ b/.github/workflows/ci-repo.yml @@ -27,6 +27,9 @@ jobs: node-version: ${{ env.node-version }} cache: "npm" + - name: Force install npm@9 to match Dockerfile build container ubi9/nodejs-18:1-88 + run: npm install -g npm@9 + - name: Verify package-lock.json run: ./scripts/verify_lock.mjs diff --git a/.github/workflows/image-build.yaml b/.github/workflows/image-build.yaml index 3e67b3fcf2..4db993a897 100644 --- a/.github/workflows/image-build.yaml +++ b/.github/workflows/image-build.yaml @@ -4,10 +4,10 @@ on: workflow_dispatch: push: branches: - - 'main' - - 'release-*' + - "main" + - "release-*" tags: - - 'v*' + - "v*" concurrency: group: build-${{ github.ref }} @@ -21,6 +21,7 @@ jobs: image_name: "tackle2-ui" containerfile: "./Dockerfile" architectures: '[ "amd64", "arm64", "ppc64le", "s390x" ]' + # 2023-03-19: currently needed for npm@10 extra-args: "--ulimit nofile=4096:4096" secrets: registry_username: ${{ secrets.QUAY_PUBLISH_ROBOT }} diff --git a/Dockerfile b/Dockerfile index 17edb1680c..281f3995d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,21 @@ +# NOTE: Since the `:latest` tag can have npm version changes, we are using +# a specific version tag. Container build errors have come up locally +# and via github action workflow when `:latest` is updated. +# +# Image info: https://catalog.redhat.com/software/containers/ubi9/nodejs-18/62e8e7ed22d1d3c2dfe2ca01 +# Relevant PRs: +# - https://github.com/konveyor/tackle2-ui/pull/1746 +# - https://github.com/konveyor/tackle2-ui/pull/1781 + # Builder image -FROM registry.access.redhat.com/ubi9/nodejs-18:latest as builder +FROM registry.access.redhat.com/ubi9/nodejs-18:1-88 as builder USER 1001 COPY --chown=1001 . . RUN npm clean-install --ignore-scripts && npm run build && npm run dist # Runner image -FROM registry.access.redhat.com/ubi9/nodejs-18-minimal:latest +FROM registry.access.redhat.com/ubi9/nodejs-18-minimal:1-93 # Add ps package to allow liveness probe for k8s cluster # Add tar package to allow copying files with kubectl scp diff --git a/package-lock.json b/package-lock.json index 6ccdc97416..61214d0546 100644 --- a/package-lock.json +++ b/package-lock.json @@ -51,7 +51,7 @@ }, "engines": { "node": ">=18.14.2", - "npm": ">=9.5.0" + "npm": "^9.5.0" } }, "client": { diff --git a/package.json b/package.json index 10e5f67dbc..fef8b741e9 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ ], "engines": { "node": ">=18.14.2", - "npm": ">=9.5.0" + "npm": "^9.5.0" }, "devDependencies": { "@rollup/plugin-commonjs": "^25.0.7",