Yarn package building issue
Apparently the key for the debian yarn package repo is expired and thus all packages which use
apt updatewill fail to build with:
W: GPG error: http://dl.yarnpkg.com/debian stable InRelease: The following signatures were invalid: EXPKEYSIG 23E7166788B63E1E Yarn Packaging <firstname.lastname@example.org> E: The repository 'http://dl.yarnpkg.com/debian stable InRelease' is not signed.
The workaround for this is mentioned at https://github.com/yarnpkg/yarn/issues/7866
Add the following to the package Dockerfile prior to
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
We have to update the base image to resolve this properly.
@nebulon Why do you guys install yarn with apt, instead of installing it with npm, in the base image ?
Good question, I am not sure anymore. So that is also up for investigation with the pending new base image
Yeah, wherever I need yarn, I'm installing it via npm and often actually installing particular node versions directly as well in my packagings. IMO we're reaching a scale of seriously diminishing returns, and frequently apps now are including the versions they need in the actual source in asdf
.tool-versionsor similar files. I specifically try to automate the runtime selection/installation at build time when this information is available from the app - it increases compatibility to be more specific, if taking a hit on container bloat since it often doubles up on base image contents.
robi last edited by robi
consider running things thru docker-slim to minify the images.
I will remove the apt installation and make it npm installation because that's what upstream recommends - https://classic.yarnpkg.com/en/docs/install/#debian-stable