From 17d261fa9439c3b4ceabbabd4924b003021e472d Mon Sep 17 00:00:00 2001 From: Paperclip Date: Mon, 1 Jun 2026 11:58:33 +0000 Subject: [PATCH] fix(docker): install pnpm via npm instead of corepack shim (GRO-1983) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The seed/migrate/reset Jobs all invoke `pnpm` at runtime via the `pnpm --filter @groombook/db ...` CMD. In the current image, `/usr/local/bin/pnpm` is a symlink to corepack's pnpm.js shim, which delegates to corepack and re-validates the package against https://registry.npmjs.org on first use. The UAT pod network is air-gapped, so corepack fails with: Error: getaddrinfo EAI_AGAIN registry.npmjs.org This causes every seed Job to fail, leaving the Better Auth credential hashes frozen at their last successful seed run — even when the SealedSecret `seed-uat-passwords` is rotated. Replace `corepack install -g pnpm@9.15.4` with `npm install -g pnpm@9.15.4` in the base and runner stages. `npm install -g` writes the real pnpm binary to /usr/local/bin/pnpm, bypassing the corepack shim entirely. The seed, migrate, and reset stages inherit from builder (which inherits from base) so they all get the real pnpm without needing their own install line. The reset stage had a redundant corepack install that can be removed. GRO-1983, supersedes GRO-1909 (incomplete — corepack shim still tried to download pnpm at runtime). Co-Authored-By: Paperclip --- Dockerfile | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index b9d73bf..5fea669 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,10 @@ FROM node:22-alpine AS base -RUN corepack enable && corepack install -g pnpm@9.15.4 -ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 -ENV COREPACK_ENABLE_STRICT=0 +# Install pnpm as a real binary via npm (not corepack shim) so runtime +# invocations of `pnpm` work without DNS access to registry.npmjs.org. +# The corepack shim delegates to corepack, which re-validates against +# npmjs.org on first use — that fails in air-gapped UAT seed/migrate/reset +# Jobs. GRO-1983 / GRO-1889 / GRO-1909. +RUN npm install -g pnpm@9.15.4 WORKDIR /app # Install deps @@ -22,9 +25,7 @@ RUN pnpm --filter @groombook/types build && \ # Runtime FROM node:22-alpine AS runner -RUN corepack enable && corepack install -g pnpm@9.15.4 -ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 -ENV COREPACK_ENABLE_STRICT=0 +RUN npm install -g pnpm@9.15.4 WORKDIR /app ENV NODE_ENV=production @@ -53,7 +54,4 @@ CMD ["pnpm", "--filter", "@groombook/db", "seed"] # Reset stage — drops all tables, re-runs migrations, and re-seeds FROM builder AS reset -RUN corepack enable && corepack install -g pnpm@9.15.4 -ENV COREPACK_ENABLE_DOWNLOAD_PROMPT=0 -ENV COREPACK_ENABLE_STRICT=0 CMD ["pnpm", "--filter", "@groombook/db", "reset"]