fix: align Dockerfile pnpm version with apps/web packageManager

CodeRabbit flagged that the Dockerfile activated pnpm@10.28.2 while both the root and apps/web package.json declare pnpm@10.32.1. Bump the corepack prepare line to match, removing toolchain version skew between local dev and the docker image. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix: pin Dockerfile global package versions for reproducible builds
2026-05-23 19:49:08 -05:00 · 2026-05-23 14:29:38 +02:00 · 2026-05-23 14:22:26 +02:00
4 changed files with 13 additions and 10 deletions
@@ -18,9 +18,9 @@ FROM node:24-alpine3.23 AS base
 FROM base AS installer

 # Enable corepack and prepare pnpm
-RUN npm install --ignore-scripts -g corepack@latest
+RUN npm install --ignore-scripts -g corepack@0.35.0
 RUN corepack enable
-RUN corepack prepare pnpm@10.28.2 --activate
+RUN corepack prepare pnpm@10.32.1 --activate

 # Install necessary build tools and compilers
 RUN apk update && apk add --no-cache cmake g++ gcc jq make openssl-dev python3
@@ -56,7 +56,7 @@ COPY . .
 RUN touch apps/web/.env

 # Install the dependencies
-RUN pnpm install --ignore-scripts
+RUN pnpm install --ignore-scripts --frozen-lockfile

 # Build the database package first
 RUN pnpm build --filter=@formbricks/database
@@ -82,7 +82,7 @@ FROM base AS runner
 # Upgrade Alpine system packages to pick up security patches, update npm to latest, then create user
 # Note: npm's bundled tar has a known vulnerability but npm is only used during build, not at runtime
 RUN apk update && apk upgrade --no-cache \
-    && npm install --ignore-scripts -g npm@latest \
+    && npm install --ignore-scripts -g npm@11.15.0 \
    && addgroup -S nextjs \
    && adduser -S -u 1001 -G nextjs nextjs

@@ -155,7 +155,7 @@ COPY --from=installer /app/node_modules/otlp-logger ./node_modules/otlp-logger
 RUN chmod -R 755 ./node_modules/otlp-logger

 # Install prisma CLI globally for database migrations and fix permissions for nextjs user
-RUN npm install --ignore-scripts -g prisma@6 \
+RUN npm install --ignore-scripts -g prisma@6.19.3 \
    && chown -R nextjs:nextjs /usr/local/lib/node_modules/prisma

 # Create a startup script to handle the conditional logic
@@ -38,17 +38,20 @@ const formatArrayToRecord = (responseValue: TResponseDataValue, keys: string[]):
  return result;
 };

-const formatAddressData = (responseValue: TResponseDataValue): Record<string, string> => {
+// Export for testing
+export const formatAddressData = (responseValue: TResponseDataValue): Record<string, string> => {
  const addressKeys = ["addressLine1", "addressLine2", "city", "state", "zip", "country"];
  return formatArrayToRecord(responseValue, addressKeys);
 };

-const formatContactInfoData = (responseValue: TResponseDataValue): Record<string, string> => {
+// Export for testing
+export const formatContactInfoData = (responseValue: TResponseDataValue): Record<string, string> => {
  const contactInfoKeys = ["firstName", "lastName", "email", "phone", "company"];
  return formatArrayToRecord(responseValue, contactInfoKeys);
 };

-const extractResponseData = (response: TResponseWithQuotas, survey: TSurvey): Record<string, any> => {
+// Export for testing
+export const extractResponseData = (response: TResponseWithQuotas, survey: TSurvey): Record<string, any> => {
  const responseData: Record<string, any> = {};

  const elements = getElementsFromBlocks(survey.blocks);
@@ -17,7 +17,7 @@ interface TemplateTagsProps {

 type NonNullabeChannel = NonNullable<TWorkspaceConfigChannel>;

-const getRoleBasedStyling = (role: TTemplateRole | undefined): string => {
+export const getRoleBasedStyling = (role: TTemplateRole | undefined): string => {
  switch (role) {
    case "productManager":
      return "border-blue-300 bg-blue-50 text-blue-500";
@@ -26,4 +26,4 @@ function Badge({ className, variant, ...props }: BadgeProps) {
  return <div className={cn(badgeVariants({ variant }), className)} {...props} />;
 }

-export { Badge };
+export { Badge, badgeVariants };