docker build + private NPM (+ private docker hub)
I found a somewhat elegant-ish solution in creating a base image for your node.js / io.js containers (you/iojs
):
- log in to your private npm registry with the user you want to use for docker
- copy the
.npmrc
file that this generates
Example .npmrc
:
registry=https://npm.mydomain.com/
username=dockerUser
[email protected]
strict-ssl=false
always-auth=true
//npm.mydomain.com/:_authToken="someAuthToken"
- create a
Dockerfile
that copies the.npmrc
file appropriately.
Here's my Dockerfile
(based on iojs:onbuild
):
FROM iojs:2.2.1
MAINTAINER YourSelf
# Exclude the NPM cache from the image
VOLUME /root/.npm
# Create the app directory
RUN mkdir -p /usr/src/app
WORKDIR /usr/src/app
# Copy npm config
COPY .npmrc /root/.npmrc
# Install app
ONBUILD COPY package.json /usr/src/app/
ONBUILD RUN npm install
ONBUILD COPY . /usr/src/app
# Run
CMD [ "npm", "start" ]
- Make all your node.js/io.js containers
FROM you/iojs
and you're good to go.
In 2020 we've got BuildKit available. You don't have to pass secrets via COPY
or ENV
anymore, as it's not considered safe.
Sample Dockerfile
:
# syntax=docker/dockerfile:experimental
FROM node:13-alpine
WORKDIR /app
COPY package.json yarn.lock ./
RUN --mount=type=ssh --mount=type=secret,id=npmrc,dst=$HOME/.npmrc \
yarn install --production --ignore-optional --frozen-lockfile
# More stuff...
Then, your build command can look like this:
docker build --no-cache --progress=plain --secret id=npmrc,src=/path-to/.npmrc .
For more details, check out: https://docs.docker.com/develop/develop-images/build_enhancements/#new-docker-build-secret-information