Dockerfile: do not run "git clean" for "pack"

Do not run "git clean" for "pack" as node image does not have git and it is arguably more dangerous to copy .git folder into intermediate build image. As we don't run "git clean", sensitive information might be included in result package. Add a warning for that.
2025-12-06 07:16:18 +00:00 · 2020-09-05 12:08:32 +08:00
parent 5db9e195fa
commit dc906adfab
1 changed files with 9 additions and 1 deletions
--- a/10
+++ b/10
@@ -1,3 +1,8 @@
+# WARNING:
+# This Dockerfile uses contents of current folder which might contain
+# secrets, uncommitted changes or other sensitive information. DO NOT
+# publish the result image unless it was composed in a clean environment.
+
 ARG NODE_IMAGE=node:alpine

 FROM ${NODE_IMAGE} as nodebuild
@@ -8,10 +13,13 @@ WORKDIR /usr/src/app/
 COPY . ./

 # Fetch dependencies from npm
+RUN npm set unsafe-perm true
 RUN npm install

 # Build package
-RUN npm pack
+RUN cp config.cli.js config.js
+RUN npm run build
+RUN npm pack --ignore-scripts

 # Now get the clean image
 FROM ${NODE_IMAGE} as flood