search

kyma-project / kyma

Kyma is an opinionated set of Kubernetes-based modular building blocks, including all necessary capabilities to develop and run enterprise-grade cloud-native applications.
https://kyma-project.io
Apache License 2.0
1.51k stars 405 forks source link

Nodejs function runtimes in kyma v2.10 do not support @sap/hana-client library #16674

Closed kwiatekus closed 1 year ago

kwiatekus commented 1 year ago

Description

Base image updates to alpine 3.17 introduced new system-installed openssl libraries ( openssl 3.0 from Apache).

Looks like this is the reason why @sap/hana-client started to crash

Expected result

Nodejs16 based functions should work with @sap/hana-client library.

Actual result

Nodejs16 based functions crash when @sap/hana-client library is used

Steps to reproduce

1) install kyma 2.9.3 on k3d 2) uncompress the attached fn-config.zip into any empty target folder 3) run kyma apply function from the target folder 4) Wait until the function is up and running 5) call the function via curl curl https://hanadb-test.local.kyma.dev You will get a response {"code":-10709,"sqlState":""}

6) Upgrade kyma to 2.10.1 7) rebuild the function 8) call the function again - and the function pod will crash

Attachments

fn-config.zip

List of libraries installed on nodejs16 runtime container on kyma v2.9.3 (where the same function works!)

/usr/src/app $ apk list
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.16/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.16/community: No such file or directory
musl-1.2.3-r1 x86_64 {musl} (MIT) [installed]
libstdc++-11.2.1_git20220219-r2 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
zlib-1.2.12-r3 x86_64 {zlib} (Zlib) [installed]
apk-tools-2.12.9-r3 x86_64 {apk-tools} (GPL-2.0-only) [installed]
musl-utils-1.2.3-r1 x86_64 {musl} (MIT BSD GPL2+) [installed]
libssl1.1-1.1.1s-r0 x86_64 {openssl} (OpenSSL) [installed]
alpine-baselayout-3.2.0-r23 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libgcc-11.2.1_git20220219-r2 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
alpine-keys-2.4-r1 x86_64 {alpine-keys} (MIT) [installed]
busybox-1.35.0-r17 x86_64 {busybox} (GPL-2.0-only) [installed]
scanelf-1.3.4-r0 x86_64 {pax-utils} (GPL-2.0-only) [installed]
ca-certificates-bundle-20220614-r0 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
libc-utils-0.7.2-r3 x86_64 {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
ssl_client-1.35.0-r17 x86_64 {busybox} (GPL-2.0-only) [installed]
alpine-baselayout-data-3.2.0-r23 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libcrypto1.1-1.1.1s-r0 x86_64 {openssl} (OpenSSL) [installed]
ptesny commented 1 year ago

additionally, based on the input from @pPrecel apk list on the linux base function image in kyma 2.10.1:

apk list
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: No such file or directory
musl-1.2.3-r4 x86_64 {musl} (MIT) [installed]
libstdc++-12.2.1_git20220924-r4 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
zlib-1.2.13-r0 x86_64 {zlib} (Zlib) [installed]
apk-tools-2.12.10-r1 x86_64 {apk-tools} (GPL-2.0-only) [installed]
busybox-binsh-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
musl-utils-1.2.3-r4 x86_64 {musl} (MIT AND BSD-2-Clause AND GPL-2.0-or-later) [installed]
alpine-baselayout-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libgcc-12.2.1_git20220924-r4 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
alpine-keys-2.4-r1 x86_64 {alpine-keys} (MIT) [installed]
libcrypto3-3.0.7-r0 x86_64 {openssl} (Apache-2.0) [installed]
busybox-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
scanelf-1.3.5-r1 x86_64 {pax-utils} (GPL-2.0-only) [installed]
ca-certificates-bundle-20220614-r2 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
libc-utils-0.7.2-r3 x86_64 {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
ssl_client-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
alpine-baselayout-data-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libssl3-3.0.7-r0 x86_64 {openssl} (Apache-2.0) [installed]

Conclusion: the alpine linux images have same libraries but with different versions; I initially suspected the openssl libcrypto lib versions were the root cause...but eventually it appears this is down to the libgcc and libstdc++ versions... And seemingly there is no way to bring these libgcc and libstdc++ libs from node:16.19.0-alpine3.16 into node:16.19.0-alpine3.17

Furthermore: npm list on 2.9.3:

npm list
nodejs16-runtime@0.1.0 /usr/src/app
+-- @opentelemetry/api@1.1.0
+-- @opentelemetry/exporter-jaeger@1.5.0
+-- @opentelemetry/instrumentation-express@0.28.0
+-- @opentelemetry/instrumentation-http@0.28.0
+-- @opentelemetry/instrumentation@0.28.0
+-- @opentelemetry/propagator-b3@1.5.0
+-- @opentelemetry/sdk-trace-node@1.5.0
+-- @opentelemetry/tracing@0.18.2
+-- axios@0.26.1
+-- co@4.6.0
+-- express@4.18.1
+-- morgan@1.10.0
`-- mz@2.7.0

on 2.10:

npm list
nodejs16-runtime@0.1.0 /usr/src/app
+-- @opentelemetry/api@1.3.0
+-- @opentelemetry/exporter-trace-otlp-http@0.33.0
+-- @opentelemetry/instrumentation-express@0.28.0
+-- @opentelemetry/instrumentation-http@0.28.0
+-- @opentelemetry/instrumentation@0.28.0
+-- @opentelemetry/propagator-b3@1.8.0
+-- @opentelemetry/sdk-trace-node@1.8.0
+-- @opentelemetry/tracing@0.18.2
+-- axios@0.26.1
+-- cloudevents@6.0.3
+-- co@4.6.0
+-- express@4.18.2
+-- morgan@1.10.0
`-- mz@2.7

the nodejs stack is pretty much the same

ptesny commented 1 year ago

In order to reproduce the issue I have been using a relatively simple nodejs function as follows:

const hana = require("@sap/hana-client");
const hdbOptions = {
  serverNode: process.env.hdb_host + ':' + process.env.hdb_port,
  uid: process.env.hdb_user,
  pwd: process.env.hdb_password,
  ca: process.env.hdb_certificate,
  encrypt: true,
  sslValidateCertificate: true
};
module.exports = {
  main: async function (event) {
    switch(event.extensions.request.url) {
      case '/sales':
        results = await hdbQuery(`SELECT * FROM "hdb.db::sales"`);
        break;
      case '/db':
        results = await hdbQuery(`SELECT SYSTEM_ID, DATABASE_NAME, HOST, VERSION, USAGE FROM M_DATABASE`);
        break;
      default:
        results = 'hdb-srv';
    }
    return results;
  }
}
async function hdbQuery(sql) {
  const hdb = await hana.createConnection();
  await hdb.connect(hdbOptions);
  await hdb.exec(`SET SCHEMA ` + process.env.hdb_schema);
  const results = await hdb.exec(sql);
  await hdb.disconnect();
  return results;
}

The above function has one single dependency which is @sap/hana-client Please note this is the only hana jdbc driver client that fully supports async/await callback-less pattern without the need of using promisifying helper libraries.

{ 
  "name": "hdb-srv",
  "version": "0.0.1",
  "dependencies": {
    "@sap/hana-client": "latest"
  }
}

The function pod crashes when calling await hdb.connect(hdbOptions); This results in the following trace:

npm ERR! path /usr/src/app
npm ERR! command failed
npm ERR! signal SIGSEGV
npm ERR! command sh -c -- node server.js
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/_logs/2023-01-19T12_34_45_146Z-debug-0.log

In order to circumvent the problem I switched to a custom runtime image as follows:

# image base on node 16 slim
FROM node:16-slim
ARG NODE_ENV
ENV NODE_ENV $NODE_ENV
ENV npm_config_cache /tmp/
RUN mkdir -p /usr/src/app
RUN mkdir -p /usr/src/app/lib
WORKDIR /usr/src/app
COPY package.json /usr/src/app/
RUN npm install && npm cache clean --force

# required for SAP HANA Cloud
RUN apt-get update
RUN apt-get install -y openssl python make g++

COPY lib /usr/src/app/lib
COPY server.js /usr/src/app/server.js
CMD ["npm", "start"]
EXPOSE 8888
kwiatekus commented 1 year ago

Looks like alpine images have different system-installed openssl libraries starting from v3.17. This has affected the compatibility our serverless runtimes with @sap/hana-client

Node.js 14:

ptesny commented 1 year ago

That (openssl incompatibility) was my initial guess. So I have tried to include the previous versions of the crypto libraries, namely libssl1.1 libcrypto1.1 but that does not help;

Dockerfile.alpine using a stock alpine nodejs image or the stock alpine image where I install nodejs package on top. The built image is here: tiosouji/hc:alpine

# image base on alpine:3.17.1
FROM alpine@sha256:93d5a28ff72d288d69b5997b8ba47396d2cbb62a72b5d87cd3351094b5d578a0

ARG NODE_ENV
ENV NODE_ENV $NODE_ENV
ENV npm_config_cache /tmp/

ENV NODE_VERSION 16.19.0

#SHELL ["/bin/ash", "-o", "pipefail", "-c"]

# hadolint ignore=DL3003
RUN apk update --no-cache \
    && apk upgrade --no-cache \
    && apk add --no-cache \
        libstdc++ \
        g++ gcc libgcc libstdc++ linux-headers make python3 libssl1.1 libcrypto1.1 \

    && apk add --no-cache --virtual .build-deps \
        curl \

    && ARCH= && alpineArch="$(apk --print-arch)" \
      && case "${alpineArch}" in \
        x86_64) \
          ARCH='x64' \
          CHECKSUM="f5817883eb3009972a031d635ea71ed8377808a6e831ae1c72e063e888cdd318" \
          ;; \
        *) ;; \
      esac \
  && if [ -n "${CHECKSUM}" ]; then \
    set -eu; \
    curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz"; \
    echo "${CHECKSUM}  node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" | sha256sum -c - \
      && tar -xJf "node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
      && ln -sf /usr/local/bin/node /usr/local/bin/nodejs; \
  else \
    echo "Building from source" \
    # backup build
    && apk add --no-cache --virtual .build-deps-full \
        binutils-gold \
        g++ \
        gcc \
        gnupg \
        libgcc \
        linux-headers \
        make \
        python3 \
    # gpg keys listed at https://github.com/nodejs/node#release-keys
    && for key in \
      4ED778F539E3634C779C87C6D7062848A1AB005C \
      94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
      74F12602B6F1C4E913FAA37AD3A89613643B6201 \
      71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
      C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
      DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
      A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
      108F52B48DB57BB0CC439B2997B01419BD92F80A \
      B9E2F5981AA6E0CD28160D9FF13993A75599653C \
    ; do \
      gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "${key}" || \
      gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "${key}" || \
      gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "${key}" ; \
    done \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}.tar.xz" \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/SHASUMS256.txt.asc" \
    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
    && grep " node-v${NODE_VERSION}.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
    && tar -xf "node-v${NODE_VERSION}.tar.xz" \
    && cd "node-v${NODE_VERSION}" \
    && ./configure \
    && make -j"$(getconf _NPROCESSORS_ONLN)" V= \
    && make install \
    && apk del .build-deps-full \
    && cd .. \
    && rm -Rf "node-v${NODE_VERSION}" \
    && rm "node-v${NODE_VERSION}.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
  fi \
  && rm -f "node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" \
  && apk del .build-deps \

  # smoke tests
  && node --version \
  && npm --version

RUN mkdir -p /usr/src/app
RUN mkdir -p /usr/src/app/lib
WORKDIR /usr/src/app

COPY package.json /usr/src/app/
RUN npm install --quiet node-gyp -g \
    && npm install && npm cache clean --force

COPY lib /usr/src/app/lib

COPY server.js /usr/src/app/server.js

CMD ["npm", "start"]

EXPOSE 8888
kwiatekus commented 1 year ago

I heard back from @sap/hana-client maintaners who sent a docker snippet allowing to test the library on top of alpine:3.17 & nodejs18. It works

$ docker run -it alpine:3.17
Unable to find image 'alpine:3.17' locally
3.17: Pulling from library/alpine
8921db27df28: Pull complete
Digest: sha256:f271e74b17ced29b915d351685fd4644785c6d1559dd1f2d4189a5e851ef753a
Status: Downloaded newer image for alpine:3.17
/ # apk add openssl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/1) Installing openssl (3.0.7-r2)
Executing busybox-1.35.0-r29.trigger
OK: 8 MiB in 16 packages
/ # apk add nodejs
(1/9) Installing ca-certificates (20220614-r4)
(2/9) Installing brotli-libs (1.0.9-r9)
(3/9) Installing c-ares (1.18.1-r1)
(4/9) Installing libgcc (12.2.1_git20220924-r4)
(5/9) Installing icu-data-en (72.1-r1)
Executing icu-data-en-72.1-r1.post-install
*
* If you need ICU with non-English locales and legacy charset support, install
* package icu-data-full.
*
(6/9) Installing libstdc++ (12.2.1_git20220924-r4)
(7/9) Installing icu-libs (72.1-r1)
(8/9) Installing nghttp2-libs (1.51.0-r0)
(9/9) Installing nodejs (18.12.1-r0)
Executing busybox-1.35.0-r29.trigger
Executing ca-certificates-20220614-r4.trigger
OK: 54 MiB in 25 packages
/ # apk add npm
(1/1) Installing npm (9.1.2-r0)
Executing busybox-1.35.0-r29.trigger
OK: 66 MiB in 26 packages
/ # mkdir prj
/ # cd prj
/prj # npm install @sap/hana-client

added 3 packages in 3s
/prj # vi test.js
/prj # cat test.js
var hana = require('@sap/hana-client');

var conn = hana.createConnection();

var conn_params = {
  serverNode: '', //put the real server node 
  uid: '',//put the real uid 
  pwd: ''//put the real password 
};

conn.connect(conn_params, function(err) {
  if (err) throw err;
  conn.exec('SELECT 1 AS "One" FROM DUMMY', function (err, result) {
      if (err) throw err;
      console.log('One: ', result[0].One);
      conn.disconnect();
  })
});
/prj # node test.js
One:  1

      "dependencies": {
        "@sap/hana-client": "^2.15.19"
      }
kwiatekus commented 1 year ago

Support for OpenSSL 3.0 was added in hana-clients 2.12.11 and higher. I checked this particula case hana-client version was defined with a tick ^ and eventually resolves to the latest -> @sap/hana-client@2.15.19

We would need to repeat the above test based on nodejs 14 & 16

kwiatekus commented 1 year ago

latest @sap/hana-client doesnt work in node:16-alpine3.17. The same test works in node:16-alpine3.16 (older alpipne) and node:18-alpine3.17 (newer node).

docker run -it --rm -w /workspace -v $(pwd):/workspace -e SERVER_NODE='YOUR_SERVER_NODE' -e UID='USER' -e PASSWORD='PWD'  node:16-alpine3.17 /bin/sh

/workspace # cat test.js
console.log("starting")

var conn_params = {
  serverNode: process.env.SERVER_NODE,
  uid: process.env.UID,
  pwd: process.env.PASSWORD,
};

var hana = require('@sap/hana-client');
var conn = hana.createConnection();

try {
    conn.connect(conn_params, function(err) {
        if (err) throw err;
        conn.exec('SELECT 1 AS "One" FROM DUMMY', function (err, result) {
            if (err) throw err;
            console.log('One: ', result[0].One);
            conn.disconnect();
        })
      });
} catch(err) {
    console.log(err)
}

console.log("super")

/workspace # npm install @sap/hana-client

added 3 packages, and audited 4 packages in 26s

found 0 vulnerabilities
npm notice
npm notice New major version of npm available! 8.19.3 -> 9.4.2
npm notice Changelog: https://github.com/npm/cli/releases/tag/v9.4.2
npm notice Run npm install -g npm@9.4.2 to update!
npm notice 

/workspace # node test.js
starting
super
Segmentation fault

/workspace # apk list
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/main: No such file or directory
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.17/community: No such file or directory
musl-1.2.3-r4 x86_64 {musl} (MIT) [installed]
libstdc++-12.2.1_git20220924-r4 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
zlib-1.2.13-r0 x86_64 {zlib} (Zlib) [installed]
apk-tools-2.12.10-r1 x86_64 {apk-tools} (GPL-2.0-only) [installed]
busybox-binsh-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
musl-utils-1.2.3-r4 x86_64 {musl} (MIT AND BSD-2-Clause AND GPL-2.0-or-later) [installed]
alpine-baselayout-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libgcc-12.2.1_git20220924-r4 x86_64 {gcc} (GPL-2.0-or-later LGPL-2.1-or-later) [installed]
alpine-keys-2.4-r1 x86_64 {alpine-keys} (MIT) [installed]
libcrypto3-3.0.7-r2 x86_64 {openssl} (Apache-2.0) [installed]
busybox-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
scanelf-1.3.5-r1 x86_64 {pax-utils} (GPL-2.0-only) [installed]
ca-certificates-bundle-20220614-r4 x86_64 {ca-certificates} (MPL-2.0 AND MIT) [installed]
libc-utils-0.7.2-r3 x86_64 {libc-dev} (BSD-2-Clause AND BSD-3-Clause) [installed]
ssl_client-1.35.0-r29 x86_64 {busybox} (GPL-2.0-only) [installed]
alpine-baselayout-data-3.4.0-r0 x86_64 {alpine-baselayout} (GPL-2.0-only) [installed]
libssl3-3.0.7-r2 x86_64 {openssl} (Apache-2.0) [installed]

https://jira.tools.sap/browse/HDBCLIENT-904

ptesny commented 1 year ago

Indeed switching from node 16.9.0 to node 18.14.0 makes the function base image compatible with the latest hana-client

# image base on alpine:3.17.1
FROM alpine@sha256:93d5a28ff72d288d69b5997b8ba47396d2cbb62a72b5d87cd3351094b5d578a0

ARG NODE_ENV
ENV NODE_ENV $NODE_ENV
ENV npm_config_cache /tmp/

ENV NODE_VERSION 18.14.0

#SHELL ["/bin/ash", "-o", "pipefail", "-c"]

# hadolint ignore=DL3003
RUN apk update --no-cache \
    && apk upgrade --no-cache \
    && apk add --no-cache \
        libstdc++ \
        openssl \

    && apk add --no-cache --virtual .build-deps \
        curl \

    && ARCH= && alpineArch="$(apk --print-arch)" \
      && case "${alpineArch}" in \
        x86_64) \
          ARCH='x64' \
          CHECKSUM="b58339afbfa329c94d2764fc7fac4750fc1cbb99c4aa6bf65509200d69e2e3b0" \
          ;; \
        *) ;; \
      esac \
  && if [ -n "${CHECKSUM}" ]; then \
    set -eu; \
    curl -fsSLO --compressed "https://unofficial-builds.nodejs.org/download/release/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz"; \
    echo "${CHECKSUM}  node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" | sha256sum -c - \
      && tar -xJf "node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" -C /usr/local --strip-components=1 --no-same-owner \
      && ln -sf /usr/local/bin/node /usr/local/bin/nodejs; \
  else \
    echo "Building from source" \
    # backup build
    && apk add --no-cache --virtual .build-deps-full \
        binutils-gold \
        g++ \
        gcc \
        gnupg \
        libgcc \
        linux-headers \
        make \
        python3 \
    # gpg keys listed at https://github.com/nodejs/node#release-keys
    && for key in \
      4ED778F539E3634C779C87C6D7062848A1AB005C \
      94AE36675C464D64BAFA68DD7434390BDBE9B9C5 \
      74F12602B6F1C4E913FAA37AD3A89613643B6201 \
      71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 \
      8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 \
      C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 \
      C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C \
      DD8F2338BAE7501E3DD5AC78C273792F7D83545D \
      A48C2BEE680E841632CD4E44F07496B3EB3C1762 \
      108F52B48DB57BB0CC439B2997B01419BD92F80A \
      B9E2F5981AA6E0CD28160D9FF13993A75599653C \
    ; do \
      gpg --batch --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys "${key}" || \
      gpg --batch --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys "${key}" || \
      gpg --batch --keyserver hkp://pgp.mit.edu:80 --recv-keys "${key}" ; \
    done \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}.tar.xz" \
    && curl -fsSLO --compressed "https://nodejs.org/dist/v${NODE_VERSION}/SHASUMS256.txt.asc" \
    && gpg --batch --decrypt --output SHASUMS256.txt SHASUMS256.txt.asc \
    && grep " node-v${NODE_VERSION}.tar.xz\$" SHASUMS256.txt | sha256sum -c - \
    && tar -xf "node-v${NODE_VERSION}.tar.xz" \
    && cd "node-v${NODE_VERSION}" \
    && ./configure \
    && make -j"$(getconf _NPROCESSORS_ONLN)" V= \
    && make install \
    && apk del .build-deps-full \
    && cd .. \
    && rm -Rf "node-v${NODE_VERSION}" \
    && rm "node-v${NODE_VERSION}.tar.xz" SHASUMS256.txt.asc SHASUMS256.txt; \
  fi \
  && rm -f "node-v${NODE_VERSION}-linux-${ARCH}-musl.tar.xz" \
  && apk del .build-deps \

  # smoke tests
  && node --version \
  && npm --version

RUN mkdir -p /usr/src/app
RUN mkdir -p /usr/src/app/lib
WORKDIR /usr/src/app

COPY package.json /usr/src/app/
RUN npm install --quiet node-gyp -g \
    && npm install && npm cache clean --force

COPY lib /usr/src/app/lib

COPY server.js /usr/src/app/server.js

CMD ["npm", "start"]

EXPOSE 8888
ptesny commented 1 year ago

Support for OpenSSL 3.0 was added in hana-clients 2.12.11 and higher. I checked this particula case hana-client version was defined with a tick ^ and eventually resolves to the latest -> @sap/hana-client@2.15.19

We would need to repeat the above test based on nodejs 14 & 16

That does not work with nodejs 16 as commented here

kwiatekus commented 1 year ago

To summarise