Install Yarn as suggested in official documentation

[AlicanC]

I had an image which was built before Yarn was added to this project.

I installed Yarn like this:

FROM node:boron

# Update
RUN apt-get update -y

# Install apt-transport-https for Yarn repository
RUN apt-get install apt-transport-https -y

# Add Yarn repository
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list

# Update
RUN apt-get update -y

# Install Yarn
RUN apt-get install yarn -y

It was working perfectly fine until I decided to update my image and use the provided Yarn instead of my own. Now my project's postinstall script is crashing with Error: Cannot find module '/bin/yarn.js'. If I try to install my own Yarn like above, yours just replace mine and it still doesn't work.

Could you just install Yarn as suggested in the official docs?

[chorrell]

I guess the postinstall script has a hard-coded path to yarn? We install yarn in /usr/local/bin which takes precedence over /bin in the PATH variable which is why your version isn't being called.

The chosen installation method was because at the time we added yarn (if I remember this right) the debian package wasn't gpg signed. The installation method we chose is based on Docker's recommendation for Official images: https://github.com/docker-library/official-images#security

Also, and again my memory is a bit fuzzy here, we worked with the some members of the yarn community on this and this installation method was the best option at the time. I think there were some other issues too, like the debian package assumed the node binary was called nodejs and also installed via a debian package.

The PR that landed yarn and the discussion about install method etc. are here fwiw:

• https://github.com/nodejs/docker-node/pull/337
• https://github.com/nodejs/docker-node/issues/243

[karfau]

As a maybe related side note: the docker files for v6.10 (e.g. alpine ) contain the following line:

ENV YARN_VERSION 0.21.3

but running docker run --rm node:6.10.2-alpine yarn --version results in the output 0.22.0

This might cause some confusion when people try to find out which version is coming with which docker image.

[Starefossen]

Also, the final image size is a concern when installing yarn, this was the most space efficient method.

[Daniel15]

Also, the final image size is a concern when installing yarn, this was the most space efficient method.

That's right - The main reason Yarn is installed using the standalone .js file is because it used to be much smaller than the other releases of Yarn. However, in Yarn 0.24.x, we updated the Debian package and tarball to just use the bundled .js file rather than packing the individual files, so the sizes are comparable now. I filed #401 for that, before seeing this issue 😛

the debian package wasn't gpg signed

Debian package is GPG signed if you install it via the package repository. In general, Debian doesn't really GPG sign individual .deb files, only the metadata files for package repositories are signed. You can use debsigs to sign individual .deb files, but Debian doesn't use it out-of-the-box.

. I think there were some other issues too, like the debian package assumed the node binary was called nodejs and also installed via a debian package.

You just need to install it with --no-install-recommends.

[Starefossen]

Thanks for the info @Daniel15! We should revisit whether we should install using the debian repo or continue using the tarball as we do today.

[pesho]

@Starefossen we do not use the tarball today.

[nschonni]

Was playing with this and it looks like this would be what is required for the minimum

RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE=DontWarn apt-key add - && \
    echo "deb http://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
    apt-get update && \
    apt-get install --no-install-recommends yarn

You can do the apt-get install --no-install-recommends yarn=$YARN_VERSION but the deb packages have a -1 build part that also needs to be added. The apt-transport-https can also be skipped if the deb URL is changed to HTTP

[nschonni]

Alpine 3.6+ can also do the install now with apk add yarn https://yarnpkg.com/en/docs/install#alpine-stable

[geoidesic]

The way this has been installed makes it difficult to upgrade yarn

[SimenB]

Shouldn't be, instructions in https://yarnpkg.com/getting-started/install remain valid afaik