docker build + private NPM (+ private docker hub)

I found a somewhat elegant-ish solution in creating a base image for your node.js / io.js containers (you/iojs):

  1. log in to your private npm registry with the user you want to use for docker
  2. copy the .npmrc file that this generates

Example .npmrc:

registry=https://npm.mydomain.com/
username=dockerUser
[email protected]
strict-ssl=false
always-auth=true
//npm.mydomain.com/:_authToken="someAuthToken"
  1. create a Dockerfile that copies the .npmrc file appropriately.

Here's my Dockerfile (based on iojs:onbuild):

FROM iojs:2.2.1

MAINTAINER YourSelf

# Exclude the NPM cache from the image
VOLUME /root/.npm

# Create the app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app

# Copy npm config
COPY .npmrc /root/.npmrc

# Install app
ONBUILD COPY package.json /usr/src/app/
ONBUILD RUN npm install
ONBUILD COPY . /usr/src/app

# Run
CMD [ "npm", "start" ]
  1. Make all your node.js/io.js containers FROM you/iojs and you're good to go.

In 2020 we've got BuildKit available. You don't have to pass secrets via COPY or ENV anymore, as it's not considered safe.

Sample Dockerfile:

# syntax=docker/dockerfile:experimental
FROM node:13-alpine

WORKDIR /app

COPY package.json yarn.lock ./

RUN --mount=type=ssh --mount=type=secret,id=npmrc,dst=$HOME/.npmrc \
  yarn install --production --ignore-optional --frozen-lockfile

# More stuff...

Then, your build command can look like this:

docker build --no-cache --progress=plain --secret id=npmrc,src=/path-to/.npmrc .

For more details, check out: https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information