From ed3dd331499d86b4631bb49666cd4e4a10f816cd Mon Sep 17 00:00:00 2001 From: Fadhli Azhari Date: Thu, 30 Apr 2026 10:00:07 +0800 Subject: [PATCH] build: Fix pnpm install not generalizing home --- ci/frontend-builder/Dockerfile | 50 ++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 23 deletions(-) diff --git a/ci/frontend-builder/Dockerfile b/ci/frontend-builder/Dockerfile index 7fdc2c0..b0b6607 100644 --- a/ci/frontend-builder/Dockerfile +++ b/ci/frontend-builder/Dockerfile @@ -13,10 +13,12 @@ # container: # image: kcr.kollect.biz/kollect-tools/ci/frontend-builder:latest # -# RUN order is cache-optimised. Playwright (~170MB chromium download) is -# the heaviest layer, so it sits high — right after pnpm — to protect it -# from being invalidated by bumps to ORAS / buf / protoc-gen-es. The -# cheap, low-volatility layers trail behind. +# RUN order is cache-optimised. protoc-gen-es runs first after corepack +# because pnpm 11's `pnpm add -g` is what initialises PNPM_HOME — `pnpm +# dlx` doesn't, so swapping these two breaks the build with "Run pnpm +# setup". Playwright (~170MB chromium download) sits next so a bump to +# the cheap, low-volatility binaries (ORAS, buf) below doesn't force a +# chromium re-download. ARG NODE_MAJOR=24 FROM node:${NODE_MAJOR}-bookworm-slim @@ -79,6 +81,20 @@ RUN corepack enable \ ENV PNPM_HOME=/root/.local/share/pnpm ENV PATH="${PNPM_HOME}:${PATH}" +# ───────────────────────────────────────────────────────────────────── +# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references. +# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2 +# resolves `local: protoc-gen-es` via PATH lookup. +# +# This must run before `pnpm dlx` (Playwright) below: pnpm 11's +# `pnpm add -g` is what creates and initialises PNPM_HOME on first use, +# and `pnpm dlx` does not — running dlx first leaves the global bin +# unconfigured and the next `add -g` errors with "Run pnpm setup". +# ───────────────────────────────────────────────────────────────────── +ARG PROTOC_GEN_ES_VERSION=2.12.0 + +RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" + # ───────────────────────────────────────────────────────────────────── # Playwright + chromium browser binary # @@ -98,8 +114,8 @@ ENV PATH="${PNPM_HOME}:${PATH}" # itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece # we actually need at runtime. # -# Placed high (right after pnpm) so a bump to any cheap downstream pin -# (oras, buf, protoc-gen-es) doesn't force a chromium re-download. +# Placed before ORAS / buf so bumps to those (low-volatility static +# binaries) don't force a 170MB chromium re-download. # ───────────────────────────────────────────────────────────────────── ARG PLAYWRIGHT_VERSION=1.59.1 ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright @@ -108,8 +124,8 @@ RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium # ───────────────────────────────────────────────────────────────────── # ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor. -# Low-volatility static binary; ahead of buf/protoc-gen-es so a bump -# here (rare) doesn't cascade into them. +# Low-volatility static binary; ahead of buf so a bump here (rare) +# doesn't cascade into buf. # ───────────────────────────────────────────────────────────────────── ARG ORAS_VERSION=1.3.2 @@ -117,7 +133,9 @@ RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_V | tar -xz -C /usr/local/bin oras # ───────────────────────────────────────────────────────────────────── -# buf CLI - single static binary, used for `buf lint` and `buf generate` +# buf CLI - single static binary, used for `buf lint` and `buf generate`. +# Last because BUF_VERSION is the most volatile pin in this image and +# downloading the static binary is cheap (~30MB single-file curl). # ───────────────────────────────────────────────────────────────────── ARG BUF_VERSION=1.69.0 @@ -125,20 +143,6 @@ RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION -o /usr/local/bin/buf \ && chmod +x /usr/local/bin/buf -# ───────────────────────────────────────────────────────────────────── -# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references. -# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2 -# resolves `local: protoc-gen-es` via PATH lookup. -# -# Last because the KollectAI-ETL CI workflow doesn't actually use this -# global install (it does `pnpm install` from proto/ to pick up the -# lockfile-pinned version) — we only bake it for ad-hoc use inside the -# container, so its volatility doesn't matter for downstream cache. -# ───────────────────────────────────────────────────────────────────── -ARG PROTOC_GEN_ES_VERSION=2.12.0 - -RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}" - WORKDIR /workspace # Verify installation. Font count guards against silently shipping an image