diff --git a/ci/frontend-builder/Dockerfile b/ci/frontend-builder/Dockerfile index 6ed9859..92e7647 100644 --- a/ci/frontend-builder/Dockerfile +++ b/ci/frontend-builder/Dockerfile @@ -67,6 +67,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN corepack enable \ && corepack prepare "pnpm@${PNPM_VERSION}" --activate +# Make pnpm's global-install bin dir authoritative on PATH so `pnpm add -g` +# installs land in a known location and their binaries resolve without +# extra setup. (pnpm setup is interactive — this is the non-interactive +# equivalent.) +ENV PNPM_HOME=/root/.local/share/pnpm +ENV PATH="${PNPM_HOME}:${PATH}" + # ───────────────────────────────────────────────────────────────────── # buf CLI - single static binary, used for `buf lint` and `buf generate` # ───────────────────────────────────────────────────────────────────── @@ -76,10 +83,10 @@ RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION # ───────────────────────────────────────────────────────────────────── # protoc-gen-es - TypeScript codegen plugin for buf 'local:' references. -# Installed globally so it lands on PATH; buf v2 resolves -# `local: protoc-gen-es` via PATH lookup. +# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2 +# resolves `local: protoc-gen-es` via PATH lookup. # ───────────────────────────────────────────────────────────────────── -RUN npm install -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" +RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" # ───────────────────────────────────────────────────────────────────── # ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor @@ -95,8 +102,13 @@ RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_V # and skips the ~170MB download. System libs are already installed at # the top of the file, so we use bare `playwright install chromium` # (no --with-deps). +# +# `pnpm dlx` is a one-shot — pnpm fetches the package into its store, +# executes the install command, and cleans up. The browser binary +# itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece +# we actually need at runtime. # ───────────────────────────────────────────────────────────────────── -RUN npx --yes "playwright@${PLAYWRIGHT_VERSION}" install chromium +RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium WORKDIR /workspace