Fix npm permissions in v6.20.0 #2434

[echoix]

• Fixes Container images errors when pulling, by @echoix
• Fixes Pre npm install not resolving, by @echoix
• Add build date in Beta docker images, by @nvuillam

Proposed Changes

1. Disable temporarily stylelint-config-sass-guidelines (see Allow installing together with Stylelint v15 bjankord/stylelint-config-sass-guidelines#273)
2. Remove --force flag of npm install

Readiness Checklist

Author/Contributor

• Add entry to the CHANGELOG listing the change and linking to the corresponding issue (if appropriate)
• If documentation is needed for this change, has that been included in this pull request

Reviewing Maintainer

• Label as breaking if this is a large fundamental change
• Label as either automation, bug, documentation, enhancement, infrastructure, or performance

[nvuillam]

🦙 MegaLinter status: ⚠️ WARNING

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ BASH	bash-exec	6		0	0.02s
✅ BASH	shellcheck	6		0	0.15s
✅ BASH	shfmt	6	0	0	0.43s
✅ COPYPASTE	jscpd	yes		no	3.53s
✅ DOCKERFILE	hadolint	114		0	20.45s
✅ JSON	eslint-plugin-jsonc	21	0	0	2.77s
✅ JSON	jsonlint	19		0	0.27s
✅ JSON	v8r	21		0	15.09s
⚠️ MARKDOWN	markdownlint	309	3	230	8.27s
✅ MARKDOWN	markdown-link-check	309		0	6.18s
✅ MARKDOWN	markdown-table-formatter	309	3	0	20.94s
✅ OPENAPI	spectral	1		0	1.93s
⚠️ PYTHON	bandit	183		47	2.84s
✅ PYTHON	black	183	1	0	7.26s
✅ PYTHON	flake8	183		0	2.53s
✅ PYTHON	isort	183	1	0	0.96s
✅ PYTHON	mypy	183		0	9.07s
✅ PYTHON	pylint	183		0	14.53s
⚠️ PYTHON	pyright	183		250	20.58s
✅ REPOSITORY	checkov	yes		no	36.36s
✅ REPOSITORY	git_diff	yes		no	0.42s
✅ REPOSITORY	secretlint	yes		no	15.9s
✅ REPOSITORY	trivy	yes		no	36.64s
✅ SPELL	cspell	745		0	29.96s
✅ SPELL	misspell	566	0	0	1.0s
✅ XML	xmllint	3	0	0	0.43s
✅ YAML	prettier	81	0	0	3.56s
✅ YAML	v8r	23		0	73.0s
✅ YAML	yamllint	82		0	1.26s

See detailed report in MegaLinter reports

MegaLinter is graciously provided by

[echoix]

@Kurt-von-Laven If you'd like to test out the image when it'll be on the registry, it could be helpful. It's really late and it'll have to go to tomorrow for me.

[echoix]

Ok, so this iteration doesn't seem to fix as Slim.ai can't pull the image. I'd like to see at what layer it crashes though (I'm on my cellphone)

[echoix]

/build ref=fix-npm-dependencies

No ref found for: fix-npm-dependencies

[echoix]

/build ref=fix-npm-permissions

Command run output
Build command workflow started.
Installing dependencies
Running script ./build.sh
Build command workflow completed updating files.

[echoix]

/build ref=fix-npm-permissions

Command run output
Build command workflow started.
Installing dependencies
Running script ./build.sh
Build command workflow completed updating files.

[nvuillam]

🦙 MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Fixed	Errors	Elapsed time
✅ BASH	bash-exec	6		0	0.01s
✅ BASH	shellcheck	6		0	0.17s
✅ BASH	shfmt	6	0	0	0.05s
✅ COPYPASTE	jscpd	yes		no	3.66s
❌ DOCKERFILE	hadolint	114		1	19.68s
✅ JSON	eslint-plugin-jsonc	21	0	0	2.54s
✅ JSON	jsonlint	19		0	0.24s
✅ JSON	npm-package-json-lint	yes		no	1.02s
✅ JSON	v8r	21		0	15.48s
⚠️ MARKDOWN	markdownlint	309	2	230	8.01s
✅ MARKDOWN	markdown-link-check	309		0	6.45s
✅ MARKDOWN	markdown-table-formatter	309	2	0	22.14s
✅ OPENAPI	spectral	1		0	2.06s
⚠️ PYTHON	bandit	183		47	2.75s
✅ PYTHON	black	183	0	0	4.57s
✅ PYTHON	flake8	183		0	2.25s
✅ PYTHON	isort	183	0	0	0.59s
✅ PYTHON	mypy	183		0	10.83s
✅ PYTHON	pylint	183		0	16.01s
⚠️ PYTHON	pyright	183		250	23.42s
✅ REPOSITORY	checkov	yes		no	41.34s
⚠️ REPOSITORY	devskim	yes		61	1.7s
✅ REPOSITORY	dustilock	yes		no	5.14s
✅ REPOSITORY	git_diff	yes		no	0.06s
✅ REPOSITORY	secretlint	yes		no	9.64s
✅ REPOSITORY	syft	yes		no	1.52s
✅ REPOSITORY	trivy	yes		no	27.72s
✅ SPELL	cspell	745		0	29.62s
✅ SPELL	misspell	566	2	0	0.69s
✅ XML	xmllint	3	0	0	0.05s
✅ YAML	prettier	81	0	0	3.53s
✅ YAML	v8r	23		0	74.57s
✅ YAML	yamllint	82		0	1.4s

See detailed report in MegaLinter reports

You could have same capabilities but better runtime performances if you request a new MegaLinter flavor.

• Click here to request the new flavor

MegaLinter is graciously provided by

[nvuillam]

@echoix great research !
It seems it could fix #2428 and #2348 ... is the PR mergeable after removing npm doctor ?

[echoix]

Since I had to finally add the chown, as only removing one package was enough, would you like to keep it like this or re-add the broken dependency in the css descriptor?

You can remove the second npm doctor (after the chown) to have it build, and one of us can do a quick check. The easiest is if Slim.ai is able to pull the image and give complete insights, the pull issue is probably not there.
That would help release faster today at your time rather than waiting for the end of my day

[echoix]

This image seems ok since it didn't fail

[nvuillam]

@echoix I'm ok with removing this obscure stylelint dependency, I'll generate a beta, quickly test and release tonight
What can't I remove both npm doctor ?

[echoix]

Well, unless they really add some big files, it doesn't take that long to run, and even if it's the one or two calls that took 20 seconds to run, it prints out problematic paths and a lot of traces useful

[echoix]

The last image of this beach seems ok :

[nvuillam]

That's what I call a rescue, thanks again for all stuck users @echoix :)
I release 6.20.1 tonight :)

[Kurt-von-Laven]

I just pulled and ran oxsecurity/megalinter-javascript:beta without issues. Big thank you to both of you!

[nvuillam]

Release of 6.20.1 in progress, available in minutes :)