要在 Docker 容器中安装私有 npm 包,你需要使用 Docker 构建秘密。
🌐 To install private npm packages in a Docker container, you will need to use Docker build secrets.
🌐 Background: runtime variables
你不能仅使用运行时变量在 Docker 容器中安装私有 npm 包。请考虑以下 Dockerfile:
🌐 You cannot install private npm packages in a Docker container using only runtime variables. Consider the following Dockerfile:
FROM nodeCOPY package.json package.jsonRUN npm install# Add your source filesCOPY . .CMD npm start
这将使用官方的 Node.js 镜像,将 package.json 复制到我们的容器中,安装依赖,复制源文件,并按照 package.json 中指定的命令运行启动。
🌐 Which will use the official Node.js image, copy the package.json into our container, installs dependencies, copies the source files and runs the start command as specified in the package.json.
为了安装私有包,你可能会认为我们可以在运行 npm install 之前,通过使用 ENV 参数 添加一行代码:
🌐 In order to install private packages, you may think that we could just add a line before we run npm install, using the ENV parameter:
ENV NPM_TOKEN=00000000-0000-0000-0000-000000000000
然而,这并不像你预期的那样工作,因为你希望在运行 docker build 时执行 npm 安装,而在这种情况下,ENV 变量并没有被使用,它们只是运行时使用的。
🌐 However, this doesn't work as you would expect, because you want the npm install to occur when you run docker build, and in this instance, ENV variables aren't used, they are set for runtime only.
你必须使用 Docker build secrets 而不是运行时变量。
🌐 Instead of run-time variables, you must use Docker build secrets.
🌐 Update the Dockerfile
利用这一点的 Dockerfile 比之前的示例多了几行,它允许我们使用你的全局 .npmrc 以及在运行 npm login 命令时创建的访问令牌(如果你还没有运行它——请在继续之前运行)。
🌐 The Dockerfile that takes advantage of this has a few more lines in it than the earlier example that allows us to use your global .npmrc and the access token created when running npm login command (if you haven't run it already - do so before moving on).
# https://npm.nodejs.cn/docker-and-private-modulesFROM node:18ENV APP_HOME="/app"WORKDIR ${APP_HOME}COPY package*.json ${APP_HOME}/RUN --mount=type=secret,id=npmrc,target=/root/.npmrc npm installCOPY . ${APP_HOME}/CMD npm start
这将配置你的 Dockerfile,通过构建密钥接收 .npmrc 文件,在 npm 依赖安装完成后不会留下任何痕迹。
🌐 This will configure your Dockerfile to receive .npmrc file via build secrets, that will leave no trace after npm dependency installation is done.
🌐 Build the Docker image
要使用上述 Dockerfile 和 npm 认证令牌构建镜像,可以运行以下命令。注意末尾的 .,它将当前目录作为参数传给 docker build。
🌐 To build the image using the above Dockerfile and the npm authentication token, you can run the following command. Note the . at the end to give docker build the current directory as an argument.
docker build . -t secure-app-secrets:1.0 --secret id=npmrc,src=$HOME/.npmrc
这将使用通过构建机密从你的全局 .npmrc 文件获取的访问令牌来构建 Docker 镜像,因此你可以以当前登录用户的身份在容器内运行 npm install。
🌐 This will build the Docker image with the access token coming from your global .npmrc file received via build secrets, so you can run npm install inside your container as the current logged-in user.
**注意:**你可能需要指定一个不同于默认 / 的工作目录,否则某些框架(如 Angular)可能会失败。