dsrptlab/clientsflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix compose dev: isolate node_modules and remove host path leakage

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-02-18 23:20:17 +07:00
parent 00452a81bc
commit 1999cff6de
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Frontend/scripts/compose-dev.sh
View File

@@ -4,8 +4,8 @@ set -euo pipefail
cd "$(dirname "$0")/.." cd "$(dirname "$0")/.."
# Prevent path leakage between host Nuxt build cache and Docker runtime. # Prevent path leakage between host Nuxt build cache and Docker runtime.
# Host-generated .nuxt can contain absolute /Users/... imports that break in /app. # If any cache contains absolute /Users/... imports, Nitro dev runtime can break in /app.
rm -rf .nuxt .output rm -rf .nuxt .output node_modules/.cache node_modules/.vite
# Install deps (container starts from a clean image). # Install deps (container starts from a clean image).
# Fallback to npm install when lockfile was produced by a newer npm major. # Fallback to npm install when lockfile was produced by a newer npm major.

11
compose.yaml
View File

@@ -3,8 +3,11 @@ services:
image: node:22-bookworm-slim image: node:22-bookworm-slim
working_dir: /app/Frontend working_dir: /app/Frontend
volumes: volumes:
- .:/app # Mount only the app source; keep node_modules inside the container to avoid
# leaking absolute host paths into Nuxt/Nitro dev runtime.
- ./Frontend:/app/Frontend
- clientsflow_data:/app/.data - clientsflow_data:/app/.data
- frontend_node_modules:/app/Frontend/node_modules
ports: ports:
- "3000:3000" - "3000:3000"
environment: environment:
@@ -12,12 +15,9 @@ services:
REDIS_URL: "redis://redis:6379" REDIS_URL: "redis://redis:6379"
CF_AGENT_MODE: "langgraph" CF_AGENT_MODE: "langgraph"
OPENAI_MODEL: "gpt-4o-mini" OPENAI_MODEL: "gpt-4o-mini"
GIGACHAT_AUTH_KEY: "MDE5YzQwNmQtMDM0NC03MTVlLTg4MTAtOWZlYjlmNzQwY2E3OmNhZTg5NmM1LWZiOGEtNGZkZS04ODA0LWZkYjYyYzVlMTI0OQ=="
GIGACHAT_MODEL: "GigaChat-2"
GIGACHAT_SCOPE: "GIGACHAT_API_PERS"
NODE_TLS_REJECT_UNAUTHORIZED: "0"
# Set this in your shell or a compose override: # Set this in your shell or a compose override:
# OPENAI_API_KEY: "..." # OPENAI_API_KEY: "..."
# GIGACHAT_AUTH_KEY: "..." (if you use GigaChat integration)
command: > command: >
bash -lc " bash -lc "
./scripts/compose-dev.sh ./scripts/compose-dev.sh
@@ -34,4 +34,5 @@ services:
volumes: volumes:
clientsflow_data: clientsflow_data:
frontend_node_modules:
redis_data: redis_data: