chore(docker): use npm ci instead of npm install in frontend Dockerfile
Aegis CI / lint-and-test (push) Has been cancelled
Aegis CI / lint-and-test (push) Has been cancelled
npm ci installs exact versions from package-lock.json with no implicit resolution, making builds fully reproducible and guaranteed to use the audited safe dependency versions.
This commit is contained in:
kitos
+3
-3
@@ -6,8 +6,8 @@ WORKDIR /app
|
|||||||
# Copy package files
|
# Copy package files
|
||||||
COPY package*.json ./
|
COPY package*.json ./
|
||||||
|
|
||||||
# Install dependencies
|
# Install dependencies — use ci for reproducible installs (exact lock file versions)
|
||||||
RUN npm install
|
RUN npm ci
|
||||||
|
|
||||||
# Copy source code
|
# Copy source code
|
||||||
COPY . .
|
COPY . .
|
||||||
@@ -25,7 +25,7 @@ FROM node:20-alpine AS build
|
|||||||
WORKDIR /app
|
WORKDIR /app
|
||||||
|
|
||||||
COPY package*.json ./
|
COPY package*.json ./
|
||||||
RUN npm install
|
RUN npm ci
|
||||||
|
|
||||||
COPY . .
|
COPY . .
|
||||||
RUN npm run build
|
RUN npm run build
|
||||||
|
|||||||
Reference in New Issue
Block a user