From 0fdc7f59ebab76a0a7f9cc9279a1f380d3d12e45 Mon Sep 17 00:00:00 2001 From: Fadhli Azhari Date: Wed, 29 Apr 2026 07:26:24 +0800 Subject: [PATCH] build(frontend-builder): use pnpm consistently (drop npx/npm install -g) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The image is built around corepack-activated pnpm@10.15.0 but two install commands were still using npm/npx, which: - Ignores the pnpm store and creates a separate npm cache (~/.npm) - Inconsistent with the rest of the image Replace: - `npm install -g @bufbuild/protoc-gen-es@X` → `pnpm add -g @bufbuild/protoc-gen-es@X` - `npx --yes playwright@X install chromium` → `pnpm dlx playwright@X install chromium` `pnpm add -g` requires PNPM_HOME on PATH (pnpm's interactive `pnpm setup` does this; we do it explicitly): ENV PNPM_HOME=/root/.local/share/pnpm ENV PATH="${PNPM_HOME}:${PATH}" `pnpm dlx` is a transient install — fetches the package into the store, runs the install command, leaves only the browser binary at $PLAYWRIGHT_BROWSERS_PATH (which is what we actually want). No functional change for consumers. Image is just self-consistent now. Co-Authored-By: Claude Opus 4.7 (1M context) --- ci/frontend-builder/Dockerfile | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/ci/frontend-builder/Dockerfile b/ci/frontend-builder/Dockerfile index 6ed9859..92e7647 100644 --- a/ci/frontend-builder/Dockerfile +++ b/ci/frontend-builder/Dockerfile @@ -67,6 +67,13 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ RUN corepack enable \ && corepack prepare "pnpm@${PNPM_VERSION}" --activate +# Make pnpm's global-install bin dir authoritative on PATH so `pnpm add -g` +# installs land in a known location and their binaries resolve without +# extra setup. (pnpm setup is interactive — this is the non-interactive +# equivalent.) +ENV PNPM_HOME=/root/.local/share/pnpm +ENV PATH="${PNPM_HOME}:${PATH}" + # ───────────────────────────────────────────────────────────────────── # buf CLI - single static binary, used for `buf lint` and `buf generate` # ───────────────────────────────────────────────────────────────────── @@ -76,10 +83,10 @@ RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION # ───────────────────────────────────────────────────────────────────── # protoc-gen-es - TypeScript codegen plugin for buf 'local:' references. -# Installed globally so it lands on PATH; buf v2 resolves -# `local: protoc-gen-es` via PATH lookup. +# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2 +# resolves `local: protoc-gen-es` via PATH lookup. # ───────────────────────────────────────────────────────────────────── -RUN npm install -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" +RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" # ───────────────────────────────────────────────────────────────────── # ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor @@ -95,8 +102,13 @@ RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_V # and skips the ~170MB download. System libs are already installed at # the top of the file, so we use bare `playwright install chromium` # (no --with-deps). +# +# `pnpm dlx` is a one-shot — pnpm fetches the package into its store, +# executes the install command, and cleans up. The browser binary +# itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece +# we actually need at runtime. # ───────────────────────────────────────────────────────────────────── -RUN npx --yes "playwright@${PLAYWRIGHT_VERSION}" install chromium +RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium WORKDIR /workspace