forked from cartsnitch/cartsnitch
fix(auth): pin base image to node 22.22.2 digest (CAR-1279 Phase 2)
Pin both build and runtime stages of auth/Dockerfile to node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f — the Docker Hub manifest digest for node:22.22.2-alpine (verified against the registry by CTO). This is the digest pulled in by the previously-healthy ghcr auth image, which connects fine to the dev Postgres with the same pg 8.20.0 driver and byte-identical source. The Gitea-built image, which bundles node 22.22.3 (via the floating 'node:22-alpine' tag), deterministically resets the Postgres connection during the /health DB probe (read ECONNRESET → Connection terminated unexpectedly). Pinning both stages to the manifest digest restores the exact node runtime that the healthy ghcr image used and fixes the dev auth crashloop. The 'RUN apk update && apk upgrade --no-cache' lines are kept as-is per task spec. Refs CAR-1279, CAR-1276 (CAR-1287)
This commit is contained in:
+2
-2
@@ -1,4 +1,4 @@
|
||||
FROM node:22-alpine AS builder
|
||||
FROM node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f AS builder
|
||||
RUN apk update && apk upgrade --no-cache
|
||||
WORKDIR /app
|
||||
COPY package.json package-lock.json* ./
|
||||
@@ -7,7 +7,7 @@ COPY tsconfig.json ./
|
||||
COPY src/ src/
|
||||
RUN npm run build
|
||||
|
||||
FROM node:22-alpine
|
||||
FROM node:22-alpine@sha256:8ea2348b068a9544dae7317b4f3aafcdc032df1647bb7d768a05a5cad1a7683f
|
||||
RUN apk update && apk upgrade --no-cache
|
||||
WORKDIR /app
|
||||
ENV NODE_ENV=production
|
||||
|
||||
Reference in New Issue
Block a user