mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 2 Wiki Activity

chore(web): avoid pnpm in runtime image to reduce CVE noise
All checks were successful
ci/woodpecker/push/web Pipeline was successful
Details

Browse Source
This commit is contained in:
Jason Woltje
2026-02-18 20:24:22 -06:00
parent f43631671f
commit 7935d86015
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
apps/web/Dockerfile
View File

@@ -81,7 +81,6 @@ ADD https://github.com/Yelp/dumb-init/releases/download/v1.2.5/dumb-init_1.2.5_x
# Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot) # Single RUN to minimize Kaniko filesystem snapshots (each RUN = full snapshot)
RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \ RUN rm -rf /usr/local/lib/node_modules/npm /usr/local/bin/npm /usr/local/bin/npx \
&& corepack enable && corepack prepare pnpm@10.27.0 --activate \
&& chmod 755 /usr/local/bin/dumb-init \ && chmod 755 /usr/local/bin/dumb-init \
&& groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nextjs && groupadd -g 1001 nodejs && useradd -m -u 1001 -g nodejs nextjs
@@ -113,6 +112,7 @@ EXPOSE ${PORT:-3000}
# Environment variables # Environment variables
ENV NODE_ENV=production ENV NODE_ENV=production
ENV HOSTNAME="0.0.0.0" ENV HOSTNAME="0.0.0.0"
ENV PATH="/app/apps/web/node_modules/.bin:${PATH}"
# Health check uses PORT env var (set by docker-compose or defaults to 3000) # Health check uses PORT env var (set by docker-compose or defaults to 3000)
HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \ HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
@@ -122,4 +122,4 @@ HEALTHCHECK --interval=30s --timeout=10s --start-period=40s --retries=3 \
ENTRYPOINT ["dumb-init", "--"] ENTRYPOINT ["dumb-init", "--"]
# Start the application # Start the application
CMD ["pnpm", "start"] CMD ["next", "start"]