Skip to content

fix: copy lockfile into Docker builder stage and use npm ci#218

Merged
jakebromberg merged 1 commit intomainfrom
fix/dockerfile-lockfile
Mar 2, 2026
Merged

fix: copy lockfile into Docker builder stage and use npm ci#218
jakebromberg merged 1 commit intomainfrom
fix/dockerfile-lockfile

Conversation

@jakebromberg
Copy link
Member

@jakebromberg jakebromberg commented Mar 2, 2026

Summary

  • The builder stages in Dockerfile.backend and Dockerfile.auth only copied package.json, not package-lock.json
  • This caused npm install to resolve caret ranges to latest compatible versions instead of locked versions
  • better-auth resolved to 1.5.1 (which has breaking type changes in Auth) instead of the locked 1.4.9, failing integration tests on every open PR
  • Fix: copy package-lock.json into the builder stage and switch from npm install to npm ci for deterministic builds

Test plan

fix: copy lockfile into Docker builder stage and use npm ci
15217ad 
The builder stages in both Dockerfiles copied only package.json, causing
npm install to resolve caret ranges to the latest compatible versions
rather than using the locked versions. This pulled better-auth 1.5.1
(which has breaking type changes) instead of the locked 1.4.9, failing
every PR's integration tests.

Copy package-lock.json alongside package.json and switch to npm ci for
deterministic, reproducible builds.
@jakebromberg jakebromberg merged commit 03e64b4 into main Mar 2, 2026
4 checks passed
@jakebromberg jakebromberg deleted the fix/dockerfile-lockfile branch March 2, 2026 20:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jakebromberg