fix(build): stabilize NodeSource Node 22 install in Docker image#91
fix(build): stabilize NodeSource Node 22 install in Docker image#91techartdev merged 3 commits intomainfrom
Conversation
- replace NodeSource setup_22.x pipe script with keyring + apt source - prevent intermittent apt exit 100 during nodejs install - bump add-on version to 0.5.57 Fixes #89
There was a problem hiding this comment.
Pull request overview
Stabilizes the Home Assistant add-on Docker image build by replacing the deprecated/intermittent NodeSource setup_22.x | bash install flow with an explicit apt keyring + repository configuration for installing Node.js 22.
Changes:
- Replaced the NodeSource pipe-to-bash installer with a deterministic keyring +
sources.list.drepo setup in the Dockerfile. - Documented the Docker build stability fix in the changelog under Unreleased.
- Bumped the add-on version to
0.5.57.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
openclaw_assistant/Dockerfile |
Switches Node.js installation to explicit NodeSource keyring + apt source configuration to reduce build flakiness. |
openclaw_assistant/CHANGELOG.md |
Adds an Unreleased “Fixed” entry describing the build stability change. |
openclaw_assistant/config.yaml |
Updates add-on version to reflect the release containing the Docker build fix. |
| # Use explicit keyring + apt source instead of setup_22.x pipe script for deterministic builds. | ||
| RUN mkdir -p /etc/apt/keyrings \ | ||
| && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key \ | ||
| | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \ |
There was a problem hiding this comment.
The gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg output is commonly created with restrictive permissions; if the file is not world-readable, apt-get update can fail under the _apt sandbox user when verifying the repo. Consider explicitly setting readable permissions (e.g., chmod 644 /etc/apt/keyrings/nodesource.gpg) after writing the keyring to make the build more reliable across base images/apt configs.
| | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \ | |
| | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg \ | |
| && chmod 644 /etc/apt/keyrings/nodesource.gpg \ |
| && echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_22.x nodistro main" \ | ||
| > /etc/apt/sources.list.d/nodesource.list \ | ||
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends nodejs \ |
There was a problem hiding this comment.
If the NodeSource repo setup fails for any reason, apt-get install nodejs may still succeed by installing Debian’s default nodejs package (Bookworm ships Node 18), which would silently violate the “20+ required” constraint. To keep builds deterministic, consider asserting the installed major version (e.g., fail unless node -v is v22.x) as part of this install step.
| && apt-get install -y --no-install-recommends nodejs \ | |
| && apt-get install -y --no-install-recommends nodejs \ | |
| && node -v \ | |
| && node -v | grep -E '^v22\.' \ |
- ensure nodesource keyring is world-readable for _apt - assert installed Node major is v22 to avoid Debian Node 18 fallback
openclaw_assistant/Dockerfile
Outdated
| && apt-get update \ | ||
| && apt-get install -y --no-install-recommends nodejs \ | ||
| && node -v \ | ||
| && node -v | grep -E '^v22\.' \ |
There was a problem hiding this comment.
The NodeSource repo is added to the image and left enabled. Since the Dockerfile later runs another apt-get update (for Chromium), build stability can still be impacted if deb.nodesource.com is temporarily unavailable at that later step. Consider removing /etc/apt/sources.list.d/nodesource.list (and optionally the keyring) right after installing nodejs so subsequent apt-get update calls only hit Debian mirrors.
| && node -v | grep -E '^v22\.' \ | |
| && node -v | grep -E '^v22\.' \ | |
| && rm -f /etc/apt/sources.list.d/nodesource.list /etc/apt/keyrings/nodesource.gpg \ |
openclaw_assistant/Dockerfile
Outdated
| && node -v \ | ||
| && node -v | grep -E '^v22\.' \ |
There was a problem hiding this comment.
node -v is executed twice in a row (once for logging and once for the version assertion). Consider capturing the version once (or piping the first output) to avoid redundant work and keep the install step simpler.
| && node -v \ | |
| && node -v | grep -E '^v22\.' \ | |
| && NODE_VERSION="$(node -v)" \ | |
| && echo "${NODE_VERSION}" \ | |
| && echo "${NODE_VERSION}" | grep -E '^v22\.' \ |
- remove NodeSource repo/key after Node install - avoid duplicate node -v call via NODE_VERSION variable
Summary
Fixes intermittent Docker build failures (
exit code 100) during Node.js installation by replacing the legacy NodeSourcesetup_22.x | bashflow with explicit keyring + apt source configuration.Changes
openclaw_assistant/Dockerfilecurl ... setup_22.x | bash)sources.list.drepo setupapt-get install --no-install-recommends nodejsopenclaw_assistant/CHANGELOG.mdopenclaw_assistant/config.yaml0.5.57Why this happened
The setup script path can fail/intermittently leave apt without a usable NodeSource source in container builds, causing
apt-get install nodejsto fail with exit code 100.Validation
Fixes #89