From 3bb4349f0b2b9fa83f70d6bfcb6756318e7cfad6 Mon Sep 17 00:00:00 2001
From: Claude <noreply@anthropic.com>
Date: Thu, 12 Mar 2026 07:28:14 +0000
Subject: [PATCH] Fix Docker build failure: copy postinstall patch script into
 build context

The .dockerignore excluded the scripts/ directory, so
scripts/patch-bundled-deps.sh was missing during npm install in the
base-node-deps Docker image. This caused the postinstall hook to fail
with "No such file or directory" on every retry.

- Whitelist scripts/patch-bundled-deps.sh in .dockerignore
- Add COPY for the script in Dockerfile.node-deps before npm install

https://claude.ai/code/session_01LsQx9CLjseJn72Sup32Dwm
---
 .dockerignore                               | 3 +++
 deployment/base-images/Dockerfile.node-deps | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.dockerignore b/.dockerignore
index 28082661f..135a5fad0 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -96,6 +96,9 @@ mojo
 spec
 scripts
 .claude
+
+# Allow postinstall patch script for node-deps base image
+!scripts/patch-bundled-deps.sh
 dist
 
 # Allow specific dbal paths through for app builds
diff --git a/deployment/base-images/Dockerfile.node-deps b/deployment/base-images/Dockerfile.node-deps
index d01245046..bd2cb1526 100644
--- a/deployment/base-images/Dockerfile.node-deps
+++ b/deployment/base-images/Dockerfile.node-deps
@@ -51,6 +51,9 @@ COPY translations/package.json                         ./translations/
 COPY types/package.json                                ./types/
 COPY workflow/package.json                             ./workflow/
 
+# Postinstall patch script (patches vulnerable bundled deps in npm)
+COPY scripts/patch-bundled-deps.sh                     ./scripts/
+
 # Install all workspace deps (generates lock file from package.json manifests)
 RUN npm config set fetch-retries 5 \
     && npm config set fetch-retry-mintimeout 20000 \