Include .npmrc for onbuild version

[techniq]

I ran into an issue where I needed to set unsafe-perm=true when using node:0.12-onbuild but I couldn't get the setting to take using "config": { "unsafe-perm": true } in package.json. It would be nice if .npmrc is also copied over when package.json is copied so we could configure npm before npm install. I know we can always break glass and not use the -onbuild version but it's convenient to use (can write my Dockerfile from memory without having to lookup the base to copy/paste).

So in short, could we change:

ONBUILD COPY package.json /usr/src/app/

to:

ONBUILD COPY package.json .npmrc /usr/src/app/

[md5]

Doing as you suggest would break the image for anyone without a .npmrc in
their project. As far as I know, Docker doesn't have an optional COPY
directive. Perhaps .npmrc* might work, but I doubt it.

[techniq]

@md5 Well that wouldn't be good :)

It would be nice if setting unsafe-perm within package.json worked, which would remove the need to use .npmrc, although ultimately I think my problem is due to running a command as postinstall with the root (default) user in docker build ..

[chorrell]

Hi @techniq

Are you ok with me closing this out? It seems like you found a work around?

[techniq]

@chorrell I'm ok with that (and will do it for you) :)

It seems the proper fix is running the container as non-root (issue #1 and issue #6). The .npmrc request was more of a workaround for running as root, and really isn't the proper fix.

[chorrell]

Thanks!

[levino]

Also this is very dangerous. Potentially the .npmrc contains login credentials for the users account on a private registry or so!

[Starefossen]

@levino everything gets copied at line 8 ONBUILD COPY . /usr/src/app, so unless you have ignored it in your .dockerignorefile it will end up in the final image.

[levino]

In this case one should ignore all hidden files by default, I find.

[joscha]

This is a marker for those searching for the actual error message:

postinstall: cannot run in wd %s %s (wd=%s)

[petebrowne]

I have a need for including the .npmrc in my build to install from private registries. In order for this to work with/without the file in the project, you could use .npmrc*:

ONBUILD COPY package.json .npmrc* /usr/src/app/

[Starefossen]

We probably will not do that, here is the reasons why:

1. .npmrc may contain username and password, this is potentially very harmfull if you push the Docker Image to a public registry without knowing this file will be included.
2. every setting in .npmrc can be provided as environment variables npm_config_*.
3. you should maybe not use the ONBUILD image, here is why

[petebrowne]

Thanks - that's a very helpful explanation