Staging

[kipsang01]

User description

What kind of change does this PR introduce?

eg: Bug fix, feature, docs update, ...

Why was this change needed?

Please link to related issues when possible, and explain WHY you changed things, not WHAT you changed.

Other information:

eg: Did you discuss this change with anybody before working on it (not required, but can be a good idea for bigger changes). Any plans for the future, etc?

Checklist:

Put a "X" in the boxes below to indicate you have followed the checklist;

• I have read the CONTRIBUTING guide.
• I checked that there were not similar issues or PRs already open for this.
• This PR fixes just ONE issue (do not include multiple issues or types of change in the same PR) For example, don't try and fix a UI issue and include new dependencies in the same PR.

---

PR Type

Enhancement

---

Description

• Update Node.js version from 20.17.0 to 22.20.0

• Upgrade pnpm version from 8 to 10.6.1

• Improve Dockerfile ownership and directory structure

• Comment out schedule trigger in stale workflow

---

Diagram Walkthrough

flowchart LR
  A["Node.js 20.17.0"] -- "upgrade to" --> B["Node.js 22.20.0"]
  C["pnpm 8"] -- "upgrade to" --> D["pnpm 10.6.1"]
  E["Dockerfile.dev"] -- "add ownership & directory setup" --> F["Improved Docker structure"]
  G["stale.yml"] -- "disable schedule trigger" --> H["Manual workflow only"]

Loading

File Walkthrough

	Relevant files
Dependencies	build.yml Update Node.js and pnpm versions                                                  .github/workflows/build.yml Update Node.js version from 20.17.0 to 22.20.0 Upgrade pnpm version from 8 to 10.6.1 +2/-2
Configuration changes	stale.yml Disable automatic schedule trigger                                              .github/workflows/stale.yml Comment out the schedule trigger (cron: "*/30 * * * *") Keep workflow_dispatch trigger active for manual execution +2/-2
Enhancement	Dockerfile.dev Improve Docker ownership and user management                          Dockerfile.dev Add directory creation and ownership setup for www user home directory Set proper ownership of /app directory to www user Switch to www user before running pnpm install and build Set HOME environment variable to /home/www Switch back to root user before running final command +8/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Security	Run container as non-root Remove the USER root instruction to ensure the final command runs as the non-root www user, enhancing container security. Dockerfile.dev [27] -USER root + Apply / Chat Suggestion importance[1-10]: 9 __ Why: This is a critical security improvement that ensures the container's runtime processes run as a non-root user, correctly extending the PR's security enhancements to the final application execution.	High
Possible issue	Run nginx in foreground Modify the CMD instruction to run nginx in the foreground using the -g 'daemon off;' flag to prevent the container from exiting prematurely. Dockerfile.dev [29] -CMD ["sh", "-c", "nginx && pnpm run pm2"] +CMD ["sh", "-c", "nginx -g 'daemon off;' && pnpm run pm2"] Apply / Chat Suggestion importance[1-10]: 8 __ Why: This suggestion correctly identifies that nginx will run as a daemon by default, which can cause the container to exit prematurely. Running it in the foreground is a critical fix for containerized applications.	Medium
	Use frozen lockfile for reproducible installs Add the --frozen-lockfile flag to the pnpm install command to ensure reproducible builds by using the exact dependency versions from the lockfile. Dockerfile.dev [24-25] -RUN pnpm install +RUN pnpm install --frozen-lockfile RUN NODE_OPTIONS="--max-old-space-size=4096" pnpm run build Apply / Chat Suggestion importance[1-10]: 7 __ Why: This is a valuable suggestion for ensuring reproducible builds in a Docker environment by locking dependency versions, which improves reliability and prevents unexpected issues in production.	Medium
More