Nixius
/
hastebin
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix: use npm ci in Dockerfile to respect package-lock.json 

- Changed npm install to npm ci --omit=dev
- Removed unnecessary mocha install (dev dependency)
- Added debug output to build-image and trivy-image steps
This commit is contained in:
Colin 2026-01-23 20:16:30 -05:00
parent 78646afe4e
commit 2ea5e878e9
Signed by: colin
SSH Key Fingerprint: SHA256:nRPCQTeMFLdGytxRQmPVK9VXY3/ePKQ5lGRyJhT5DY8
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
.woodpecker.yml
View File

@ -123,6 +123,9 @@ steps:
commands: commands:
- echo "nameserver 1.1.1.1" > /etc/resolv.conf - echo "nameserver 1.1.1.1" > /etc/resolv.conf
- echo "nameserver 1.0.0.1" >> /etc/resolv.conf - echo "nameserver 1.0.0.1" >> /etc/resolv.conf
- echo "=== DEBUG: Verifying lockfile before build ==="
- grep -A3 '"node_modules/glob"' package-lock.json | head -5 || echo "glob not found"
- grep -E '10\.4\.5|6\.2\.1|7\.4\.3' package-lock.json || echo "No vulnerable versions in lockfile"
- HOSTNAME=$(docker info --format "{{.Name}}") - HOSTNAME=$(docker info --format "{{.Name}}")
- echo "Building on $HOSTNAME" - echo "Building on $HOSTNAME"
- echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin - echo "$${DOCKER_REGISTRY_PASSWORD}" | docker login -u "$${DOCKER_REGISTRY_USER}" --password-stdin
@ -143,8 +146,10 @@ steps:
commands: commands:
- echo "nameserver 1.1.1.1" > /etc/resolv.conf - echo "nameserver 1.1.1.1" > /etc/resolv.conf
- echo "nameserver 1.0.0.1" >> /etc/resolv.conf - echo "nameserver 1.0.0.1" >> /etc/resolv.conf
- echo "=== DEBUG: Inspecting image contents ==="
- trivy --version | cat - trivy --version | cat
- trivy image --timeout 10m --scanners vuln --severity HIGH,CRITICAL --ignore-unfixed --exit-code 1 git.nixc.us/nixius/hastebin:latest - echo "=== DEBUG: Running Trivy with full output ==="
- trivy image --debug --timeout 10m --scanners vuln --severity HIGH,CRITICAL --ignore-unfixed --exit-code 1 git.nixc.us/nixius/hastebin:latest
when: when:
branch: main branch: main
event: [push, cron] event: [push, cron]

5
Dockerfile
View File

@ -8,10 +8,9 @@ COPY . /app
# Create data directory for file storage # Create data directory for file storage
RUN mkdir -p /app/data RUN mkdir -p /app/data
# Install dependencies # Install dependencies using ci to respect package-lock.json exactly
RUN npm cache clean --force && \ RUN npm cache clean --force && \
npm install --production --no-optional && \ npm ci --omit=dev && \
npm install mocha && \
chmod +x app.sh chmod +x app.sh
# Build assets if needed # Build assets if needed