Skip to content

Commit

Permalink
APP-5322-update-yarn-to-v2
Browse files Browse the repository at this point in the history 
fixing the issue where the yarn global changes forces to change the behaviour
  • Loading branch information
@farhad-ris
farhad-ris committed Sep 24, 2024
1 parent 0fbc02b commit 7fbc827
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
11 changes: 5 additions & 6 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Arguments
ARG NODE_ALPINE_IMAGE
FROM $NODE_ALPINE_IMAGE

Expand Down Expand Up @@ -34,14 +35,12 @@ RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/s
apk add --force-overwrite glibc-2.34-r0.apk && \
rm -f glibc-2.34-r0.apk

# Enable Corepack and set Yarn to Berry version
# Enable Corepack and set Yarn to Berry version and install Serverless
RUN npm install -g corepack && \

Check warning on line 39 in Dockerfile

View check run for this annotation

Wiz Security Bot (22793c4344) / Wiz IaC Scanner

Install command without pinned version 

Rule ID: 2594c504-dcdd-4294-acdb-81eca2baeb9f
Severity: Medium
Resource: FROM={{$NODE_ALPINE_IMAGE}}.{{RUN npm install -g corepack &&     corepack enable &&     yarn set version berry &&     yarn --version &&     npm install -g serverless@$SERVERLESS_VERSION &&     serverless --version}}

Check if packages installed by npm and pnpm are pinning a specific version.
Raw output 
Expected: 'RUN npm install -g corepack &&     corepack enable &&     yarn set version berry &&     yarn --version &&     npm install -g serverless@$SERVERLESS_VERSION &&     serverless --version' uses npm install with a pinned version
Found: 'RUN npm install -g corepack &&     corepack enable &&     yarn set version berry &&     yarn --version &&     npm install -g serverless@$SERVERLESS_VERSION &&     serverless --version' does not uses npm install with a pinned version
corepack enable && \
yarn set version berry && \
yarn --version
yarn --version && \
npm install -g serverless@$SERVERLESS_VERSION && \
serverless --version

# Use yarn dlx to run serverless without globally installing
RUN yarn dlx serverless@$SERVERLESS_VERSION --version

# Set working directory
WORKDIR /opt/app
1 change: 1 addition & 0 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ push: env-DOCKER_USERNAME env-DOCKER_ACCESS_TOKEN
pull:
docker pull $(IMAGE)

# Run the image in interactive mode
shell:
docker run --rm -it -v $(ROOT_DIR):/opt/app $(IMAGE) bash

Expand Down

0 comments on commit 7fbc827

Please sign in to comment.