fix(build): isolate parallel npm cache mounts and bump node to 22

- Give the deps and prod-deps stages distinct BuildKit cache IDs with sharing=locked so concurrent npm ci runs no longer race on /root/.npm and fail with ENOTEMPTY. - Drop the post-install 'npm cache clean --force' in prod-deps; it was wiping the cache mount it had just filled. - Update base images from node:21 to node:22 (LTS) to silence EBADENGINE warnings from packages requiring node >= 22.
2026-05-15 14:38:03 +02:00 · 2026-05-06 13:40:17 +03:00
parent 06a098fba7
commit 7dc48bccd2
1 changed files with 7 additions and 8 deletions
@@ -1,14 +1,14 @@
 # syntax=docker/dockerfile:1.7

 # Stage 1: install all deps (with cache mount so npm cache survives across builds)
-FROM node:21-slim AS deps
+FROM node:22-slim AS deps
 WORKDIR /app
 COPY package.json package-lock.json ./
-RUN --mount=type=cache,target=/root/.npm \
+RUN --mount=type=cache,id=npm-all,target=/root/.npm,sharing=locked \
    npm ci --prefer-offline --no-audit --fund=false

 # Stage 2: build TypeScript + gulp assets. Source changes only invalidate from here.
-FROM node:21-slim AS build
+FROM node:22-slim AS build
 WORKDIR /app
 COPY --from=deps /app/node_modules ./node_modules
 COPY package.json package-lock.json tsconfig.json gulpfile.js ./
@@ -17,15 +17,14 @@ COPY src ./src
 RUN npm run build

 # Stage 3: prod-only deps. Independent of source so it caches well.
-FROM node:21-slim AS prod-deps
+FROM node:22-slim AS prod-deps
 WORKDIR /app
 COPY package.json package-lock.json ./
-RUN --mount=type=cache,target=/root/.npm \
-    npm ci --omit=dev --prefer-offline --no-audit --fund=false && \
-    npm cache clean --force
+RUN --mount=type=cache,id=npm-prod,target=/root/.npm,sharing=locked \
+    npm ci --omit=dev --prefer-offline --no-audit --fund=false

 # Stage 4: minimal runtime
-FROM node:21-alpine AS runtime
+FROM node:22-alpine AS runtime
 ENV NODE_ENV=production
 ENV PORT=5000
 EXPOSE 5000