Fix offline/air-gapped Docker boot: stop pnpm self-provisioning the pinned version (#7911)#7918
Merged
Merged
Conversation
Qodo reviews are paused for this user.Troubleshooting steps vary by plan Learn more → On a Teams plan? Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center? |
Code Review by Qodo
Context used 1. Env test misses regressions
|
…e boot (#7911) The official Docker image installs pnpm directly via npm (corepack was dropped for Node 25+). Standalone pnpm still honours the "packageManager" pin in package.json: the image's pnpm intentionally lags that pin (pnpm 11.1.x enforces a minimum-release-age policy the frozen-lockfile build can't satisfy), so pnpm treats every invocation — including the informational `pnpm --version` probe Etherpad runs at startup — as a request to download and run the pinned build. Behind a corporate firewall / in an air-gapped install that download fails: [WARN] plugins - Failed to get pnpm version: Error: Command exited with code 1: pnpm --version which is what #7911 reported. Fix — neutralise the gap instead of closing it (closing it would break the frozen-lockfile build on 11.1.x): - Dockerfile build stage sets `pnpm_config_pm_on_fail=ignore` (the pnpm 11 successor to managePackageManagerVersions), inherited by the development and production runtime stages. pnpm then uses the installed pnpm instead of fetching the pinned one. It does not change which pnpm runs the build-time install, so the frozen-lockfile build is unaffected. - plugins.ts startup probe and the updater's pnpm-on-PATH checks run with the same flag, so the fix also covers non-Docker offline installs and the probe can never fail-loud. Add a backend spec that fails CI if the offline guard is dropped while the image pnpm differs from the package.json pin. Verified with a standalone (non-corepack) pnpm: a "packageManager" mismatch makes `pnpm --version` exit 1 by default (tries to fetch the pinned build), and exit 0 reading the local version with pm_on_fail=ignore. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
JohnMcLear
force-pushed
the
pnpm-offline-startup-7911
branch
from
9623f9c to
d589296
Compare
…tage Address Qodo review: the regression spec matched ENV pnpm_config_pm_on_fail anywhere in the Dockerfile, so it would still pass if the guard were removed from the `build` stage (which the runtime stages inherit) but left in the throwaway `adminbuild` stage — reintroducing the offline failure. Extract the `build` stage block and assert the ENV is present there specifically. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Member
Author
|
Thanks Qodo — actioned in 87215a7. You're right that matching |
JohnMcLear
added a commit
that referenced
this pull request
Jun 9, 2026
…7921) The `# 3.3.0` changelog section was written before ~8 commits landed on develop. #7909 (dark mode) and #7918/#7911 (offline Docker boot) were already captured; this adds the remaining user-facing change and dependency bumps so the 3.3.0 release notes are complete: - Notable fixes: #7910 — Firefox authorship-colour flake (early keystrokes tagged author='' before the async userAuthor propagated, producing an unattributed insert the pad-corruption guard rejected). - Dependencies: mysql2 →3.22.5 (#7915), undici →8.4.1 (#7914), pdfkit →0.19.0 (#7916), @radix-ui/react-switch →1.3.0 (#7913), and the extra dev-dependency group bump (#7912). Localisation (translatewiki) is already covered by the existing entry. Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Summary by Qodo
Fix offline Docker startup by preventing pnpm self-provisioning
🐞 Bug fix🧪 Tests⚙️ Configuration changes📝 Documentation🕐 20-40 MinutesWalkthroughs
User Description
What
Addresses item 1 of #7911 — the reporter confirmed they hit it on the official Docker image running
nodedirectly, with:Root cause
The official image installs pnpm directly via npm (corepack was dropped for Node 25+). Standalone pnpm still honours the
"packageManager"pin inpackage.jsonvia its built-in version management (the pnpm 11pmOnFailsetting, successor tomanagePackageManagerVersions). The image shipped pnpm 11.0.6 against apnpm@11.1.2pin — so every pnpm call, including the informationalpnpm --versionprobe Etherpad runs at startup (plugins.ts), tried to download and run the pinned 11.1.2 build. Behind a firewall that download fails → non-zero exit → the warning above and a broken offline boot.Fix (defence-in-depth)
ARG PnpmVersionto thepackage.jsonpin (11.1.2) so there's no mismatch to trigger a download, and setpnpm_config_pm_on_fail=ignorein the build + runtime stages so any future drift — or any other offline pnpm call in the container (updater, ad-hocpnpmin an exec shell) — uses the installed pnpm instead of reaching for the network.pnpm --versionprobe inplugins.tsand the updater'spnpmOnPathchecks (updater/index.ts,updateActions.ts) now run withpnpm_config_pm_on_fail=ignore. The probe is purely informational — it should only ever read the local version, never self-provision.Tests
New backend spec
dockerfilePnpmPin.tsfails CI if (a) the Dockerfile pnpm version drifts from thepackageManagerpin again — the exact regression that caused this — or (b) the offline flag is dropped. Existing updater specs (updateActions,updater-integration, scheduler/window) still green on Node 24.Verification
Reproduced with a standalone (non-corepack) pnpm — the Docker setup:
pnpm --versionwith a mismatchedpackageManagerpin (default)pnpm_config_pm_on_fail=ignoreScope
Item 1 only. Item 2 (env-var overrides for the outbound calls) is #7917. Together they close #7911.
🤖 Generated with Claude Code
AI Description
Diagram
graph TD A["package.json (pnpm pin)"] --> B["Dockerfile (PnpmVersion + pm_on_fail)"] --> C["Container runtime"] C --> D["plugins.ts ('pnpm --version' probe)"] --> F["pnpm CLI"] --> G{{"Pinned build download"}} C --> E["Updater (pnpmOnPath checks)"] --> FHigh-Level Assessment
The following are alternative approaches to this PR:
1. Remove the startup pnpm version probe entirely
2. Rely on corepack-managed pnpm in the Docker image
3. Detect pnpm availability/version without executing pnpm (e.g., inspect installed package files)
Recommendation: Keep the PR’s approach: (1) align the Docker-installed pnpm version with the repo’s packageManager pin and (2) defensively set pnpm_config_pm_on_fail=ignore for all pnpm probes (Docker + app code). This directly targets the failure mode, improves offline robustness beyond Docker, and the added regression test prevents recurrence with minimal ongoing maintenance.
File Changes
Bug fix (3)
Tests (1)
Documentation (1)
Other (1)