Skip to content

Dockerfile: Changes to make Yarn work reliably#86

Closed
awilfox wants to merge 1 commit into
mainfrom
awilfox/AP-779-one-way
Closed

Dockerfile: Changes to make Yarn work reliably#86
awilfox wants to merge 1 commit into
mainfrom
awilfox/AP-779-one-way

Conversation

@awilfox

@awilfox awilfox commented Jul 10, 2026

Copy link
Copy Markdown
Member
  • Move Yarn-managed packages to a specific directory, the same way we did in Added NODE_PATH to Dockerfile and configure yarn build in prod target UCBEARS#17. This makes it easier to handle.

  • Add Yarn binstubs to the available PATH.

  • Copy the lock file into the app directory, which is required for the cssbundling task to determine we are using Yarn. Otherwise we will have this error:

    cssbundling-rails: No suitable tool found for installing JavaScript dependencies

  • Switch to headless JRE to lower attack surface and use less resources.

Ref: AP-779

* Move Yarn-managed packages to a specific directory, the same way we
  did in BerkeleyLibrary/UCBEARS#17.  This makes it easier to handle.

* Add Yarn binstubs to the available PATH.

* Copy the lock file into the app directory, which is required for the
  cssbundling task to determine we are using Yarn.  Otherwise we will
  have this error:

    cssbundling-rails: No suitable tool found for installing JavaScript dependencies

* Switch to headless JRE to lower attack surface and use less resources.

Ref: AP-779
@awilfox
awilfox requested a review from yzhoubk July 10, 2026 23:06
@awilfox awilfox self-assigned this Jul 10, 2026

@anarchivist anarchivist left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally r+; one minor question.

Comment thread Dockerfile
# Use Yarn via Corepack to avoids using reops and GPG keys
RUN corepack enable \
&& corepack prepare yarn@stable --activate \
&& corepack prepare yarn@1.22.22 --activate \

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this effectively downgrading yarn from our past images?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It installed a stable yarn that was never used, because the package specified 1.22.22. This just ensures it downloads that version the first time, so it doesn't waste the time of fetching a useless one.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 I made the same change in my refactoring of Yuchai's PR.

Comment thread Dockerfile
g++ \
make

RUN mkdir -p /usr/local/yarn && chown $APP_USER:$APP_USER /usr/local/yarn

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Just do all of this when setting up the application user at the top of the Dockerfile:

install -d -o $APP_USER -g $APP_USER path1 path2 …

Comment thread Dockerfile
# Use Yarn via Corepack to avoids using reops and GPG keys
RUN corepack enable \
&& corepack prepare yarn@stable --activate \
&& corepack prepare yarn@1.22.22 --activate \

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 I made the same change in my refactoring of Yuchai's PR.

Comment thread Dockerfile
COPY --from=development --chown=geodata /opt/app /opt/app
COPY --from=development --chown=geodata /usr/local/bundle /usr/local/bundle
COPY --from=development --chown=geodata /usr/local/yarn /usr/local/yarn
RUN cp /usr/local/yarn/yarn.lock /opt/app/

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the reasoning behind not committing yarn.lock?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't sure if this was something GeoData-specific. If we can commit it instead, that'd be even better.

Comment thread Dockerfile
COPY --from=development --chown=geodata /usr/local/bundle /usr/local/bundle
COPY --from=development --chown=geodata /usr/local/yarn /usr/local/yarn
RUN cp /usr/local/yarn/yarn.lock /opt/app/
RUN ln -s /usr/local/yarn/node_modules /opt/app/node_modules

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is all this pageantry with installing to /usr/local/yarn/… just to avoid conflicts with the bind mount when developing locally?

Copy link
Copy Markdown
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe the idea was to keep it separate from /opt/app so that it can be copied entirely (since some files are written to the base directory outside of node_modules), and to prevent the vendor files from clogging up the source tree. This level of clean separation isn't necessary, just something I thought I'd do while I was here (and to match UCBEARS).

@awilfox awilfox mentioned this pull request Jul 16, 2026
@awilfox

awilfox commented Jul 18, 2026

Copy link
Copy Markdown
Member Author

Superseded by #90.

@awilfox awilfox closed this Jul 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants