fix(ci): add Verdaccio to stack and Gate 7 for @esbuild-kit registry

The base-node-deps Docker build failed because .npmrc routes @esbuild-kit packages to localhost:4873 (Verdaccio), which is unreachable inside BuildKit. - Add Verdaccio service to docker-compose.stack.yml with patched tarballs - Start Verdaccio in Gate 7 Tier 1 before base-node-deps build - Configure buildx with network=host so BuildKit can reach localhost:4873 - Update verdaccio.yaml storage path for container volume mount Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-24 13:54:57 +00:00 · 2026-03-11 22:38:17 +00:00
parent ad51d61ee4
commit 45daa18bb1
3 changed files with 84 additions and 4 deletions
--- a/.github/workflows/gated-pipeline.yml
+++ b/.github/workflows/gated-pipeline.yml
@@ -1342,6 +1342,56 @@ jobs:

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v4
+        with:
+          # host networking lets BuildKit reach Verdaccio on localhost:4873
+          driver-opts: network=host
+
+      - name: Start Verdaccio and publish patched packages
+        if: matrix.image == 'base-node-deps'
+        shell: bash
+        run: |
+          npm install -g verdaccio@6 --silent
+
+          mkdir -p /tmp/verdaccio-storage
+          cat > /tmp/verdaccio-ci.yaml << 'VERDACCIO_EOF'
+          storage: /tmp/verdaccio-storage
+          uplinks:
+            npmjs:
+              url: https://registry.npmjs.org/
+              timeout: 60s
+              max_fails: 3
+          packages:
+            '@esbuild-kit/*':
+              access: $all
+              publish: $all
+              proxy: npmjs
+            '**':
+              access: $all
+              publish: $all
+              proxy: npmjs
+          server:
+            keepAliveTimeout: 60
+          log:
+            type: stdout
+            format: pretty
+            level: warn
+          listen: 0.0.0.0:4873
+          VERDACCIO_EOF
+
+          verdaccio --config /tmp/verdaccio-ci.yaml &
+          timeout 30 bash -c 'until curl -sf http://localhost:4873/-/ping >/dev/null 2>&1; do sleep 1; done'
+          echo "Verdaccio ready"
+
+          # Publish patched tarballs
+          for tarball in deployment/npm-patches/*.tgz; do
+            [ -f "$tarball" ] || continue
+            echo "Publishing $tarball..."
+            npm publish "$tarball" \
+              --registry http://localhost:4873 \
+              --tag patched \
+              2>&1 | grep -v "^npm notice" || true
+          done
+          echo "Patched packages published to Verdaccio"

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v4
--- a/deployment/docker-compose.stack.yml
+++ b/deployment/docker-compose.stack.yml
@@ -36,6 +36,29 @@
 #   http://localhost/kibana/      Kibana (Elasticsearch admin)

 services:
+  # ============================================================================
+  # NPM Registry (Verdaccio) — serves patched @esbuild-kit packages
+  # ============================================================================
+
+  verdaccio:
+    image: verdaccio/verdaccio:6
+    container_name: metabuilder-verdaccio
+    restart: unless-stopped
+    ports:
+      - "4873:4873"
+    volumes:
+      - ./verdaccio.yaml:/verdaccio/conf/config.yaml:ro
+      - ./npm-patches:/verdaccio/patches:ro
+      - verdaccio-storage:/verdaccio/storage
+    healthcheck:
+      test: ["CMD", "wget", "--quiet", "--tries=1", "--spider", "http://127.0.0.1:4873/-/ping"]
+      interval: 15s
+      timeout: 5s
+      retries: 3
+      start_period: 5s
+    networks:
+      - metabuilder
+
  # ============================================================================
  # Core Services
  # ============================================================================
@@ -1062,6 +1085,9 @@ services:
 # Volumes
 # ============================================================================
 volumes:
+  # NPM registry
+  verdaccio-storage:
+    driver: local
  # Core
  postgres-data:
    driver: local
--- a/deployment/verdaccio.yaml
+++ b/deployment/verdaccio.yaml
@@ -3,11 +3,15 @@
 # else to npmjs.org.
 #
 # Usage:
-#   npx verdaccio --config deployment/verdaccio.yaml &
-#   bash deployment/publish-npm-patches.sh --verdaccio
-#   # .npmrc already points @esbuild-kit:registry to localhost:4873
+#   Local dev: npx verdaccio --config deployment/verdaccio.yaml &
+#   Compose:   docker compose -f docker-compose.stack.yml up verdaccio
+#   CI:        uses inline config with /tmp/verdaccio-storage
+#   Then:      bash deployment/publish-npm-patches.sh --verdaccio
+#   .npmrc already points @esbuild-kit:registry to localhost:4873

-storage: /tmp/verdaccio-storage
+# Docker container path (volume-mounted in docker-compose.stack.yml).
+# For local dev, use the CI composite action or npx verdaccio (default config).
+storage: /verdaccio/storage
 uplinks:
  npmjs:
    url: https://registry.npmjs.org/