VineeTagarwaL-code
commented
2 weeks ago why you removed package-lock.json ?, doesn't seem helping tbh
Closed alphacoder-mp3 closed 2 weeks ago
VineeTagarwaL-code
commented
2 weeks ago why you removed package-lock.json ?, doesn't seem helping tbh
alphacoder-mp3
commented
2 weeks ago I didn't remove package-lock.json. In fact I added it, package lock json is not there in job board codebase. It's there in my PR actually. What was the issue? I have even mentioned the reason what was the reason behind inclusion of package.lock.json. And I have suggested even alternative if you don't want package.lock.json.
alphacoder-mp3
commented
2 weeks ago I have tested too locally, this was more optimised version of dockerfile. And has better performance with better cached layer.
Optimisations in Dockerfile A] explanations:
1) Use npm ci instead of npm install in the base stage for more consistent and faster installations. 2) Move COPY . . to later stages to improve caching of the base stage. 3) Combine RUN commands in the build stage to reduce layers. 4) Use ENV instead of passing DATABASE_URL directly to commands, which is more secure and flexible. 5) Remove redundant WORKDIR commands in later stages as they inherit from the base. 6) Copy both package.json and package-lock.json in the production stage. 7) Remove the node_modules copy in the development stage as it's unnecessary (inherited from base). 8) Simplify the build stage by inheriting from the base stage, reducing duplication.
This optimised Dockerfile should be more efficient and easier to maintain. It reduces the number of layers and improves caching, which should lead to faster build times.
B] Changes in gitignore(for package.lock.json) and adding package.lock.json explanation:
using npm ci in the Dockerfile, is indeed the more optimal method. Because of the following 1) For consistency: npm ci ensures that the exact versions specified in package-lock.json are installed, providing consistency across different environments. 2) For speed: npm ci is generally faster than npm install for CI/CD environments because it skips certain user-oriented features. 3) For clean installs: npm ci removes the existing node_modules directory before installing, ensuring a clean slate every time. 4) For immutability: npm ci won't update package.json or package-lock.json, maintaining the integrity of your dependency specifications. 5) For error prevention: npm ci will fail if there are discrepancies between package.json and package-lock.json, catching potential issues early.
Adding npm ci won't be possible without package.lock.json
Alternatively if you still don't want to include package.lock.json, then I can just replace npm ci with npm install, and raise the PR again.