mirror of
https://github.com/super-linter/super-linter.git
synced 2024-11-22 00:31:07 -05:00
ci: take package-lock into account in devcontainer (#5278)
Consider package-lock.json when building the dev-container so we can enforce a known-working dependency chain. This caused issues in the past when commitlint and release-please had bugs in new versions that impacted our build pipeline.
This commit is contained in:
parent
9b0427ea6c
commit
7a6ab115a6
2 changed files with 18 additions and 7 deletions
11
.github/dependabot.yml
vendored
11
.github/dependabot.yml
vendored
|
@ -9,6 +9,7 @@ updates:
|
|||
directory: "/"
|
||||
schedule:
|
||||
interval: weekly
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: github-actions
|
||||
commit-message:
|
||||
|
@ -16,6 +17,7 @@ updates:
|
|||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "npm"
|
||||
commit-message:
|
||||
|
@ -23,6 +25,7 @@ updates:
|
|||
directory: "/dependencies"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "bundler"
|
||||
commit-message:
|
||||
|
@ -30,6 +33,7 @@ updates:
|
|||
directory: "/dependencies"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "docker"
|
||||
commit-message:
|
||||
|
@ -37,6 +41,7 @@ updates:
|
|||
directory: "/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "pip"
|
||||
commit-message:
|
||||
|
@ -44,6 +49,7 @@ updates:
|
|||
directory: "/dependencies/python/"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "gradle"
|
||||
commit-message:
|
||||
|
@ -51,6 +57,7 @@ updates:
|
|||
directory: "/dependencies/checkstyle"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "gradle"
|
||||
commit-message:
|
||||
|
@ -58,6 +65,7 @@ updates:
|
|||
directory: "/dependencies/google-java-format"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "gradle"
|
||||
commit-message:
|
||||
|
@ -65,6 +73,7 @@ updates:
|
|||
directory: "/dependencies/ktlint"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "docker"
|
||||
commit-message:
|
||||
|
@ -72,6 +81,7 @@ updates:
|
|||
directory: "/dev-dependencies"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
||||
- package-ecosystem: "npm"
|
||||
commit-message:
|
||||
|
@ -79,3 +89,4 @@ updates:
|
|||
directory: "/dev-dependencies"
|
||||
schedule:
|
||||
interval: "weekly"
|
||||
open-pull-requests-limit: 100
|
||||
|
|
|
@ -7,16 +7,16 @@ RUN apt-get update \
|
|||
jq \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
WORKDIR /app
|
||||
ENV APP_DIR=/app
|
||||
WORKDIR "${APP_DIR}"
|
||||
|
||||
COPY package.json ./
|
||||
COPY package.json package-lock.json ./
|
||||
|
||||
ENV NPM_PACKAGES_FILE_PATH="npm-packages.txt"
|
||||
RUN npm ci \
|
||||
&& rm -rf ~/.npm
|
||||
|
||||
RUN jq '.dependencies | to_entries[] | select(.key | startswith("@commitlint/")) | .key + "@" + .value' package.json >> "${NPM_PACKAGES_FILE_PATH}" \
|
||||
&& jq '.dependencies | to_entries[] | select(.key | startswith("release-please")) | .key + "@" + .value' package.json >> "${NPM_PACKAGES_FILE_PATH}" \
|
||||
&& xargs npm install -g < "${NPM_PACKAGES_FILE_PATH}" \
|
||||
&& rm package.json "${NPM_PACKAGES_FILE_PATH}"
|
||||
ENV NODE_PATH="${APP_DIR}/node_modules"
|
||||
ENV PATH="${NODE_PATH}/.bin:${PATH}"
|
||||
|
||||
# Split this from the previous RUN instruction so we can cache the costly installation step
|
||||
# hadolint ignore=DL3059
|
||||
|
|
Loading…
Reference in a new issue