tadasajon
Docker images for production deploys with Fly.io - controlling the version of NodeJS & NPM
I’m trying to work with Docker to get my production environment to match my local development environment exactly. I’m following the Fly.io instructions here: Getting Started · Fly Docs
In addition to bolting down the versions of Erlang and Elixir that I’m using, I would also like to bolt down the versions of NodeJS and NPM.
The Dockerfile suggested at Getting Started · Fly Docs begins as follows:
###
### Fist Stage - Building the Release
###
FROM hexpm/elixir:1.12.1-erlang-24.0.1-alpine-3.13.3 AS build
# install build dependencies
RUN apk add --no-cache build-base npm
# prepare build dir
WORKDIR /app
But I’m concerned that the command RUN apk add --no-cache build-base npm won’t always result in the exact same version of NPM (and nodejs) running in the Docker image.
I’m confused because I thought that the whole point of Docker was to carefully control the software environment, so updating to the whatever the latest version on NPM is seems like it will constantly result in a different environment.
But this seems like a common command in Dockerfiles, so I think I must not understand something. What am I missing?
Most Liked
sbaildon
You can use specific package versions in alpine with the <package>=<version> syntax
apk add --no-cache build-base npm=14.17.6-r0
See here for where I found which version is available in alpine v3.13:
https://pkgs.alpinelinux.org/packages?name=npm&branch=v3.13
I’ve worked on teams who pinned everything and anything they could because reproducible builds were important. In general I think most people are fine with building using the latest provided by their distribution because:
- The cost of debugging the first build broken by a version bump is pretty small
- Using latest pulls in security patches
- The distro default is likely a stable, long term support release offering backwards compatibility
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









