From 76e0c08cec7049011f412072dfcd567b638b34eb Mon Sep 17 00:00:00 2001 From: agent_vscode Date: Sat, 4 Jul 2026 22:09:40 +0300 Subject: [PATCH] fix(docker): install python3/make/g++ toolchain for re2 native build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The develop image build broke at `pnpm install --frozen-lockfile`: the new native dependency re2@1.25.0 (packages/mcp, search_in_page #330) always compiles from source under pnpm — its prebuilt-binary downloader (install-artifact-from-github) cannot identify the GitHub repo because pnpm does not populate npm_package_repository_*/npm_package_json env vars ("No github repository was identified. Building locally ..."), and node:22-slim ships no python3/make/g++ for the node-gyp fallback. - builder stage: add a cache-friendly apt layer with python3 make g++ before COPY; the stage is discarded so the toolchain may stay. - installer stage: install the toolchain, run the prod install as the node user via `su node -c`, and purge the toolchain — all in one RUN layer so the final image stays slim and node_modules ownership needs no extra chown layer; USER node is restored right after. Fixes the failed run 28715009124 (develop docker build); release.yml uses the same Dockerfile and is covered too. Co-Authored-By: Claude Fable 5 --- Dockerfile | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 42f5a267..f3b1f646 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,6 +5,13 @@ RUN npm install -g pnpm@10.4.0 FROM base AS builder +# re2 (packages/mcp) always compiles from source under pnpm (the prebuilt-binary +# download cannot identify the GitHub repo), so node-gyp needs python3/make/g++. +# This stage is discarded, so the toolchain can stay installed. +RUN apt-get update \ + && apt-get install -y --no-install-recommends python3 make g++ \ + && rm -rf /var/lib/apt/lists/* + WORKDIR /app COPY . . @@ -57,9 +64,16 @@ COPY --from=builder /app/patches /app/patches RUN chown -R node:node /app -USER node +# Toolchain is needed transiently to compile re2 during the prod install; install +# and purge it in one layer to keep the final image slim. The install itself runs +# as the node user via su to keep node_modules ownership without a costly chown layer. +RUN apt-get update \ + && apt-get install -y --no-install-recommends python3 make g++ \ + && su node -c "pnpm install --frozen-lockfile --prod" \ + && apt-get purge -y --auto-remove python3 make g++ \ + && rm -rf /var/lib/apt/lists/* -RUN pnpm install --frozen-lockfile --prod +USER node RUN mkdir -p /app/data/storage