fix(docker): update node version and use pnpm

[mdnm18]

Resolves #45. Updates Dockerfile to use Node 20 and pnpm install instead of npm ci to fix build errors caused by engine incompatibility and dependency conflicts.

Summary

This PR addresses the issues preventing the project from building and running using the docker-compose up command as described in the README. The primary causes were an outdated Node.js version specified in the Dockerfile and the use of npm ci which conflicted with project dependencies and the pnpm-lock.yaml file.

Changes

• Dockerfile:
  • Updated the Node.js base image from node:18-alpine to node:20-alpine to meet dependency engine requirements.
  • Replaced the RUN npm ci --legacy-peer-deps step with RUN npm install -g pnpm && pnpm install --frozen-lockfile to ensure dependencies are installed using pnpm, consistent with the project's lock file and local setup.

Testing

I tested these changes locally by:

1. Replacing the existing Dockerfile with the updated version.
2. Running docker-compose up --build.
3. Verified that the Docker image built successfully without errors.
4. Verified that the application started correctly in the container and was accessible at http://localhost:3000.

Related Issue

Resolves #45

Notes

• The Docker Scout scan identified some potential vulnerabilities in the base image (node:20-alpine) after the build. Addressing these could be handled in a separate, future issue. This PR focuses solely on fixing the build failure.

[netlify]

✅ Deploy Preview for reactkolkata ready!

Name	Link
🔨 Latest commit	0a46b8a
🔍 Latest deploy log	https://app.netlify.com/projects/reactkolkata/deploys/68ff2b674978780008c27465
😎 Deploy Preview	https://deploy-preview-106--reactkolkata.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[mdnm18]

Hi @priyankarpal ,

Just wanted to add a note regarding the Docker build. While the Dockerfile updates successfully fixed the build failure (Issue #45), the Docker Scout scan (visible in the Docker Desktop image details or potentially in CI checks) did identify a few potential security vulnerabilities in the base node:20-alpine image or its underlying packages.

These vulnerabilities are separate from the original build issue. Addressing them might involve further updates to the base image or adding specific security patches.

Would you like me to create a new issue to track these vulnerabilities so they can be addressed separately? I'd be happy to investigate them further if needed.

Thanks!

[priyankarpal]

Hi @priyankarpal ,

Just wanted to add a note regarding the Docker build. While the Dockerfile updates successfully fixed the build failure (Issue #45), the Docker Scout scan (visible in the Docker Desktop image details or potentially in CI checks) did identify a few potential security vulnerabilities in the base node:20-alpine image or its underlying packages.

These vulnerabilities are separate from the original build issue. Addressing them might involve further updates to the base image or adding specific security patches.

Would you like me to create a new issue to track these vulnerabilities so they can be addressed separately? I'd be happy to investigate them further if needed.

Thanks!

Yes, definitely create a separate issue for the security vulnerabilities. Also Use more specific Node version with latest security patches
FROM --platform=linux/arm64/v8 node:20.18.0-alpine3.20 AS build

Add security updates at the start of each stage
RUN apk update && apk upgrade --no-cache

If vulnerabilities are severe:

node:20-alpine3.20 (latest Alpine)

node:20-slim (Debian-based, more packages but better support)