docker-base-images icon indicating copy to clipboard operation
docker-base-images copied to clipboard

Published 20 hours ago verified publisher icon whatwedo

Add `npm` images

Open renestalder opened this issue 1 year ago • 2 comments

Add npm images as a future replacement for the outdated yarn version images.

It basically requires RUN apk add --update npm on the base images.

Bonus: Make the npm version controllable.

The nodejs version dictates what version of npm is used. There are cases we might want to try out a newer version.

Other notes that might be useful

A preferred way to install npm packages might be:

npm install --prefer-offline --no-audit --cache ./.npm

Or a clean install that deletes node_modules before running:

npm ci --prefer-offline --no-audit --cache ./.npm
  1. You want to use --prefer-offline when running in a cached environment to make use of that cache
  2. You might want to use npm ci when you want to make you have a clean install of all dependencies. You will not benefit from a cache node_modules folder.
  3. You might want to strictly define the location of the cache folder and cache that folder, in case you would rather not cache all node_modules.

renestalder avatar Sep 11 '23 10:09 renestalder

About versioning:

In our official Docker base images, we prefer to use the Node.js and NPM versions of the official Alpine Linux repository to ensure we receive security patches as soon as possible.

Currently, we distribute Alpine 3.17 and 3.18 as "stable" images. This means we will install:

It's the same as this:

$ docker run --rm -it whatwedo/base:v2.7 sh
/ # apk add npm
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.18/community/aarch64/APKINDEX.tar.gz
(1/11) Installing libgcc (12.2.1_git20220924-r10)
[...]
/ # npm -v
9.6.6

If you want to try a newer version, we have the following options:

  • Either publish an unstable docker image with the NPM version on the Edge repository of Alpine (currently 9.8)
  • Or temporarily switch to node:20-alpine (or similar) image in the project
  • Or use whatwedo/base:v2.7 (or any other version) in the project and install/update npm to a specific required version ourselves.

Previously, in version 1 of the docker-base-images, we created images with a specific version (f.ex. whatwedo/npm9) and maintained custom builds on the newest distros. This consumed a lot of time and wasn't stable enough to maintain automatically. With this strategy, we tend to update our project earlier to stable versions and the images are much smaller and more flexible – even though we don't have always the newest technology available (because Alpine only releases a new minor version about twice a year or so).

xarem avatar Sep 11 '23 15:09 xarem

Sounds about right. In any way, every project still has the option to overwrite it in the Dockerfile by pulling the potential npm image and then doing something like npm install -g npm@<version> (the official way to handling npm versions).

My initial thought was that this could be a built-in feature, but on the other side, as it is so easy to change the version, it probably doesn't matter and doesn't require that bonus.

renestalder avatar Sep 12 '23 13:09 renestalder

introduced in v2.8 (whatwedo/nodejs)

xarem avatar Apr 27 '24 00:04 xarem