till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-28 22:17:43 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

build(web): supply Verdaccio npm auth to SvelteKit builds via BuildKit secret

Browse source 
The sveltekit-base build (and the mana-web / manavoxel-web app builds on
top of it) run `pnpm install` with no .npmrc in the build context, so
private @mana/* packages resolved against registry.npmjs.org and 404'd
(e.g. @mana/shared-icons@1.0.0, which only lives on npm.mana.how). It had
been coasting on a warm pnpm cache; once sveltekit-base:local was gone the
rebuild hard-failed.

Mount the host ~/.npmrc (registry map + resolved _authToken) as a BuildKit
secret at /root/.npmrc in all three pnpm-install steps. Token never lands
in an image layer. build-app.sh passes it via --secret for the base build;
docker compose build reads it from the top-level secrets: entry.

Unblocks every managarten web rebuild (incl. the pending umami-removal).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-05-26 15:43:23 +02:00
parent 7db881b026
commit bffb5be345
5 changed files with 43 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

20
scripts/mac-mini/build-app.sh
View file

@ -25,6 +25,22 @@ DOCKER="${DOCKER_CMD:-/usr/local/bin/docker}"
# 2026-04-23; this flag keeps it that way.
COMPOSE_ARGS=(-f "$COMPOSE_FILE" --env-file "$ENV_FILE")
# BuildKit is required for the --mount=type=secret in the SvelteKit
# Dockerfiles (Verdaccio @mana token). `docker compose build` (v2) enables
# it by default and reads the secret from the compose top-level `secrets:`;
# the classic `docker build` for the base image needs it set explicitly.
export DOCKER_BUILDKIT=1
# Source for the `npmrc` build secret: registry mapping + resolved
# Verdaccio _authToken so private @mana/* packages resolve during the base
# image build. Without it pnpm falls back to registry.npmjs.org and 404s on
# e.g. @mana/shared-icons. Defaults to the build host's ~/.npmrc.
NPMRC_SECRET="${NPMRC_SECRET:-$HOME/.npmrc}"
if [ ! -f "$NPMRC_SECRET" ]; then
echo "WARN: npmrc secret not found at $NPMRC_SECRET — @mana/* auth will" \
"fail during the sveltekit-base build (set NPMRC_SECRET)." >&2
fi
# Minimum free memory (in MB) needed for a Docker build
BUILD_MEM_THRESHOLD_MB=3000
@ -116,7 +132,7 @@ stop_monitoring_now() {
build_base_images() {
echo "=== Building sveltekit-base image ==="
$DOCKER build -f "$PROJECT_ROOT/docker/Dockerfile.sveltekit-base" -t sveltekit-base:local "$PROJECT_ROOT"
$DOCKER build --secret id=npmrc,src="$NPMRC_SECRET" -f "$PROJECT_ROOT/docker/Dockerfile.sveltekit-base" -t sveltekit-base:local "$PROJECT_ROOT"
echo "sveltekit-base:local built."
echo ""
}
@ -187,7 +203,7 @@ build_services() {
echo "=== Rebuilding sveltekit-base (stale: newer commit touches packages/) ==="
echo " Triggering commit: $last_commit"
fi
$DOCKER build -f "$PROJECT_ROOT/docker/Dockerfile.sveltekit-base" -t sveltekit-base:local "$PROJECT_ROOT"
$DOCKER build --secret id=npmrc,src="$NPMRC_SECRET" -f "$PROJECT_ROOT/docker/Dockerfile.sveltekit-base" -t sveltekit-base:local "$PROJECT_ROOT"
echo ""
fi
break