From 8a296e2f5d0dfe4666af5bc17afa1344f10f7225 Mon Sep 17 00:00:00 2001
From: Marco Ferrari <ferrari.marco@gmail.com>
Date: Tue, 13 Feb 2024 10:12:52 +0000
Subject: [PATCH] ci: take package-lock into account in devcontainer

Consider package-lock.json when building the dev-container so we can
enforce a known-working dependency chain. This caused issues in the past
when commitlint and release-please had bugs in new versions  that
impacted our build pipeline.
---
 dev-dependencies/Dockerfile | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/dev-dependencies/Dockerfile b/dev-dependencies/Dockerfile
index a0760be7b1f..7ae9b52aae1 100644
--- a/dev-dependencies/Dockerfile
+++ b/dev-dependencies/Dockerfile
@@ -7,16 +7,16 @@ RUN apt-get update \
   jq \
   && rm -rf /var/lib/apt/lists/*
 
-WORKDIR /app
+ENV APP_DIR=/app
+WORKDIR "${APP_DIR}"
 
-COPY package.json ./
+COPY package.json package-lock.json ./
 
-ENV NPM_PACKAGES_FILE_PATH="npm-packages.txt"
+RUN npm ci \
+  && rm -rf ~/.npm
 
-RUN jq '.dependencies | to_entries[] | select(.key | startswith("@commitlint/")) | .key + "@" + .value' package.json >> "${NPM_PACKAGES_FILE_PATH}" \
-  && jq '.dependencies | to_entries[] | select(.key | startswith("release-please")) | .key + "@" + .value' package.json >> "${NPM_PACKAGES_FILE_PATH}" \
-  && xargs npm install -g < "${NPM_PACKAGES_FILE_PATH}" \
-  && rm package.json "${NPM_PACKAGES_FILE_PATH}"
+ENV NODE_PATH="${APP_DIR}/node_modules"
+ENV PATH="${NODE_PATH}/.bin:${PATH}"
 
 # Split this from the previous RUN instruction so we can cache the costly installation step
 # hadolint ignore=DL3059