KollectTools/Docker-Images
18
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

build: Update libraries to latest version

Browse Source
This commit is contained in:
Fadhli Azhari
2026-04-30 09:52:04 +08:00
parent 1f3c4e2102
commit 58e25ebd4d
8 changed files with 117 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ci/frontend-builder/Dockerfile
+57 -41
View File
@@ -7,33 +7,20 @@
# (chromium browser binary + system deps), ORAS CLI, common build tools.
#
# Build:
# docker build -t 192.168.1.72/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
# docker build -t kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
#
# Usage in CI:
# container:
# image: 192.168.1.72/kollect-tools/ci/frontend-builder:latest
# image: kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest
#
# RUN order is cache-optimised. Playwright (~170MB chromium download) is
# the heaviest layer, so it sits high — right after pnpm — to protect it
# from being invalidated by bumps to ORAS / buf / protoc-gen-es. The
# cheap, low-volatility layers trail behind.
ARG NODE_MAJOR=24
FROM node:${NODE_MAJOR}-bookworm-slim
ARG PNPM_VERSION=10.15.0
ARG BUF_VERSION=1.55.0
# Pin protoc-gen-es to a known-good version. The KollectAI-ETL CI
# workflow doesn't actually use this global install (it does
# `pnpm install` from proto/ to pick up the lockfile-pinned version)
# but we still bake it for ad-hoc use inside the container.
ARG PROTOC_GEN_ES_VERSION=2.12.0
ARG ORAS_VERSION=1.2.2
# Pin Playwright in lockstep with frontend/svelte/package.json's
# @playwright/test version. If the project uses a different patch level,
# Playwright re-downloads the right browser at runtime; matching here
# means CI hits the prebaked browser cache and skips the download.
ARG PLAYWRIGHT_VERSION=1.59.1
# Install Playwright browsers under a known global path so they survive
# across containers and so `pnpm exec playwright install` reuses them.
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
# ─────────────────────────────────────────────────────────────────────
# System dependencies
#
@@ -76,7 +63,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
# ─────────────────────────────────────────────────────────────────────
# pnpm via corepack (ships with Node.js)
#
# Needed by Playwright (`pnpm dlx`) and protoc-gen-es (`pnpm add -g`),
# so it must land before both.
# ─────────────────────────────────────────────────────────────────────
ARG PNPM_VERSION=11.0.1
RUN corepack enable \
&& corepack prepare "pnpm@${PNPM_VERSION}" --activate
@@ -87,30 +79,15 @@ RUN corepack enable \
ENV PNPM_HOME=/root/.local/share/pnpm
ENV PATH="${PNPM_HOME}:${PATH}"
# ─────────────────────────────────────────────────────────────────────
# buf CLI - single static binary, used for `buf lint` and `buf generate`
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
-o /usr/local/bin/buf \
&& chmod +x /usr/local/bin/buf
# ─────────────────────────────────────────────────────────────────────
# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references.
# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2
# resolves `local: protoc-gen-es` via PATH lookup.
# ─────────────────────────────────────────────────────────────────────
RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}"
# ─────────────────────────────────────────────────────────────────────
# ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor
# ─────────────────────────────────────────────────────────────────────
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
| tar -xz -C /usr/local/bin oras
# ─────────────────────────────────────────────────────────────────────
# Playwright + chromium browser binary
#
# Browsers go to /ms-playwright (PLAYWRIGHT_BROWSERS_PATH set above) so
# Pin Playwright in lockstep with frontend/svelte/package.json's
# @playwright/test version. If the project uses a different patch level,
# Playwright re-downloads the right browser at runtime; matching here
# means CI hits the prebaked browser cache and skips the download.
#
# Browsers go to /ms-playwright (PLAYWRIGHT_BROWSERS_PATH set below) so
# CI's `pnpm exec playwright install chromium` finds the prebaked binary
# and skips the ~170MB download. System libs are already installed at
# the top of the file, so we use bare `playwright install chromium`
@@ -120,9 +97,48 @@ RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_V
# executes the install command, and cleans up. The browser binary
# itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece
# we actually need at runtime.
#
# Placed high (right after pnpm) so a bump to any cheap downstream pin
# (oras, buf, protoc-gen-es) doesn't force a chromium re-download.
# ─────────────────────────────────────────────────────────────────────
ARG PLAYWRIGHT_VERSION=1.59.1
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium
# ─────────────────────────────────────────────────────────────────────
# ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor.
# Low-volatility static binary; ahead of buf/protoc-gen-es so a bump
# here (rare) doesn't cascade into them.
# ─────────────────────────────────────────────────────────────────────
ARG ORAS_VERSION=1.3.2
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
| tar -xz -C /usr/local/bin oras
# ─────────────────────────────────────────────────────────────────────
# buf CLI - single static binary, used for `buf lint` and `buf generate`
# ─────────────────────────────────────────────────────────────────────
ARG BUF_VERSION=1.69.0
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
-o /usr/local/bin/buf \
&& chmod +x /usr/local/bin/buf
# ─────────────────────────────────────────────────────────────────────
# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references.
# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2
# resolves `local: protoc-gen-es` via PATH lookup.
#
# Last because the KollectAI-ETL CI workflow doesn't actually use this
# global install (it does `pnpm install` from proto/ to pick up the
# lockfile-pinned version) — we only bake it for ad-hoc use inside the
# container, so its volatility doesn't matter for downstream cache.
# ─────────────────────────────────────────────────────────────────────
ARG PROTOC_GEN_ES_VERSION=2.12.0
RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}"
WORKDIR /workspace
# Verify installation. Font count guards against silently shipping an image
ci/frontend-builder/README.md
+7 -7
View File
@@ -5,7 +5,7 @@ Pre-baked build environment for KollectAI-ETL frontend (SvelteKit) CI jobs and p
## What's included
- Node.js 24 (`node:24-bookworm-slim`)
- pnpm 10 (via corepack)
- pnpm 11 (via corepack)
- [buf](https://buf.build) CLI — for `buf lint` and `buf generate`
- [`@bufbuild/protoc-gen-es`](https://www.npmjs.com/package/@bufbuild/protoc-gen-es) — installed globally so `buf` v2 `local: protoc-gen-es` resolves via PATH (no BSR remote-plugin calls)
- Playwright chromium runtime libraries pre-installed (`libnss3`, `libgbm1`, `libasound2`, etc.)
@@ -16,8 +16,8 @@ Pre-baked build environment for KollectAI-ETL frontend (SvelteKit) CI jobs and p
## Build
```bash
docker build -t 192.168.1.72/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
docker push 192.168.1.72/kollect-tools/ci/frontend-builder:latest
docker build -t kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
docker push kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest
```
### Build args
@@ -25,11 +25,11 @@ docker push 192.168.1.72/kollect-tools/ci/frontend-builder:latest
| Arg | Default | Description |
|-----|---------|-------------|
| `NODE_MAJOR` | `24` | Node.js major version (matches Node base image) |
| `PNPM_VERSION` | `10.15.0` | pnpm version (corepack-activated) |
| `BUF_VERSION` | `1.55.0` | buf CLI version |
| `PNPM_VERSION` | `11.0.1` | pnpm version (corepack-activated) |
| `BUF_VERSION` | `1.69.0` | buf CLI version |
| `PROTOC_GEN_ES_VERSION` | `2.12.0` | `@bufbuild/protoc-gen-es` version (ad-hoc use only — KollectAI-ETL CI uses the version pinned in `proto/pnpm-lock.yaml`) |
| `PLAYWRIGHT_VERSION` | `1.59.1` | Playwright version. Must match `frontend/svelte/package.json` `@playwright/test`; mismatch causes runtime browser re-download |
| `ORAS_VERSION` | `1.2.2` | ORAS CLI version |
| `ORAS_VERSION` | `1.3.2` | ORAS CLI version |
## Usage in CI
@@ -38,7 +38,7 @@ jobs:
test-unit:
runs-on: ubuntu-latest
container:
image: 192.168.1.72/kollect-tools/ci/frontend-builder:latest
image: kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest
steps:
- uses: actions/checkout@v6
- run: pnpm install --frozen-lockfile