mirror of
https://github.com/pnpm/pnpm.git
synced 2026-04-26 09:57:49 -04:00
9ae1ca7253
* feat: publish base docker image to GHCR Adds a Dockerfile (debian:stable-slim + pnpm standalone binary) and a release-triggered workflow that builds multi-arch images and pushes to ghcr.io/pnpm/pnpm. Users who need Node.js can install it inside the container via `pnpm runtime set node <version>`. Refs #11300 * docs: add docker/README.md * chore(cspell): add buildx to dictionary * docs: mention devEngines.runtime as alternative to pnpm runtime set * fix(docker): pin base image, verify tarball sha256, harden download - Pin `debian:stable-slim` to a digest for reproducibility. - Compute pnpm tarball SHA256 in the workflow and verify it inside the build, detecting tampered artifacts regardless of what `pnpm --version` reports. - Download the tarball to disk with `--retry` instead of `curl | tar` for resilience under multi-arch QEMU builds. - README: use `--load` so the local test image is available to `docker run`. * chore(cspell): sort dictionary additions * fix(docker): address Copilot review feedback - Include $PNPM_HOME/bin on PATH so pnpm-installed globals (node, etc.) are discoverable, and make $PNPM_HOME writable for non-root users. - Document that `pnpm runtime set node` needs `-g` to install globally. - Pass workflow inputs via env: instead of inlining GitHub expressions into shell, and validate the version string before use. * fix(docker): install libatomic1 for pnpm standalone binary The pnpm linux standalone binary dynamically links against libatomic.so.1, which is not present in debian:stable-slim by default. Without it, `pnpm --version` fails during the build with: pnpm: error while loading shared libraries: libatomic.so.1: cannot open shared object file: No such file or directory Caught by local build testing.