feat(container): target field in .lerd.yaml selects a multi-stage build stage#385
Merged
Conversation
…ld stage Sn0wCrack's projects ship Containerfiles with separate development and production stages. The development stage layers in xdebug, pcov, and other dev tooling; the production stage copies application files instead of mounting them. Without a way to tell lerd which stage to build, lerd always pulled the trailing stage, which forced them to either reorganise the Containerfile or duplicate it for local use. The .lerd.yaml container block now accepts an optional target field. When set, lerd threads it as `--target <name>` into both podman build invocations (the synchronous lerd link path and the streaming UI rebuild path). A shared buildCustomImageArgs helper carries the flag so the two code paths can't drift, and the multi-stage cache invalidation works by mixing the target value into hashContainerfile's MD5 input with a NUL delimiter — without that, flipping target between development and production with an unchanged Containerfile served the previously-built stage because the cache key didn't notice. Docs and the MCP skill table both pick up the new field. The macOS path needs no change; the flag rides on the standard `podman build` argv that already gets forwarded into the podman-machine VM. Addresses #379.
Merged
geodro
added a commit
that referenced
this pull request
May 19, 2026
The 1.21.0 line graduates from beta with eight follow-up commits on top of v1.21.0-beta.1. A LAN-exposure audit closes three dashboard endpoints that were reachable on lan:expose installs (raw .env, push-test, an unauthenticated mailpit webhook) and adds path-traversal validation for the new public_dir override (#382). mysql and mariadb pick up catatonit as PID 1 via a new init flag on the preset schema, so podman stop returns in around a second instead of timing out at 30s and lerd service restart stops wedging at the 30-90s mark (#383, closes #380). Host workers stopped via the UI or lerd worker stop no longer resurrect on the next fsnotify event or launchd heal tick, and the same fix puts lerd's bin directory on PATH for npm-spawned subprocesses so wayfinder and friends can find php (#375, #376, closes #381). The PHP-FPM runtime stage gets git back after the multi-stage split in #364 dropped it (#377), restoring VCS-typed composer repositories. Notification clicks land on the right tab now: worker_failed deep-links via the site's primary domain and dump arrivals jump straight to the Dumps sub-tab (#384). The .lerd.yaml container block accepts a target field for multi-stage Containerfiles, with the cache key mixing target in so flipping stages on an unchanged file actually rebuilds (#385, addresses #379), and the MCP service_add tool picks up the matching init argument so agent-driven flows reach feature parity with the YAML path (#386). And a security pass bumps jwt-go to 5.2.2, svelte to 5.55.8, and kysely to 0.28.17 closing one high-severity JWT header-parsing flaw, three medium svelte XSS paths, and one high kysely JSON-path traversal injection (#387).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Multi-stage Containerfiles often ship separate
developmentandproductionstages. The development stage layers in xdebug, pcov, and other dev tooling; the production stage copies application files instead of mounting them. Without a way to tell lerd which stage to build, lerd always pulled the trailing stage, which forced projects to either reorganise the Containerfile or duplicate it for local use.The
.lerd.yamlcontainer block now accepts an optionaltargetfield. When set, lerd threads it as--target <name>into bothpodman buildinvocations (the synchronouslerd linkpath and the streaming UI rebuild path). A sharedbuildCustomImageArgshelper carries the flag so the two code paths can't drift, and the multi-stage cache invalidation works by mixing the target value intohashContainerfile's MD5 input with a NUL delimiter, without that flipping target between development and production with an unchanged Containerfile served the previously-built stage because the cache key didn't notice.Docs and the MCP skill table both pick up the new field. The macOS path needs no change; the flag rides on the standard
podman buildargv that already gets forwarded into the podman-machine VM.Addresses #379.