From 493c22bafddbc15960e8b2d3627839c3e7421d07 Mon Sep 17 00:00:00 2001
From: Anton Sviridov <anton.sviridov@sourcegraph.com>
Date: Fri, 6 Dec 2024 15:31:34 +0000
Subject: [PATCH 1/4] Provide a single self-contained docker image, remove
 alpine

---
 .github/workflows/release.yml |  7 -------
 Dockerfile                    | 29 ++++++++++++++++++++++-------
 Dockerfile.autoindex          | 27 ---------------------------
 3 files changed, 22 insertions(+), 41 deletions(-)
 delete mode 100644 Dockerfile.autoindex

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e2705e11..f7a1916d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -39,10 +39,3 @@ jobs:
             sourcegraph/scip-typescript:${{ env.PATCH }}
             sourcegraph/scip-typescript:${{ env.MINOR }}
             sourcegraph/scip-typescript:${{ env.MAJOR }}
-      - name: Build and push
-        id: docker_build_autoindex
-        uses: docker/build-push-action@v3
-        with:
-          file: Dockerfile.autoindex
-          push: true
-          tags: sourcegraph/scip-typescript:autoindex
diff --git a/Dockerfile b/Dockerfile
index 2b9a5e65..f4b89504 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,12 +1,27 @@
-# Keep in sync with Dockerfile.autoindex
-FROM node:20.8.1-alpine3.18@sha256:1ccb0c0ded3b21cee95fe6b6ce1ac23bd6680c8f152cbfb3047d5d9ea490b098
+# Keep in sync with default Dockerfile
+FROM node:22.12.0-slim@sha256:a4b757cd491c7f0b57f57951f35f4e85b7e1ad54dbffca4cf9af0725e1650cd8
 
-ARG TAG
+ENV NODE_OPTIONS=--max-old-space-size=4096
 
-RUN apk add --no-cache git curl
+RUN apt update && \
+    apt install -y git bash curl ca-certificates python3 make build-essential automake autoconf curl && \
+    rm -rf /var/lib/apt/lists/* && \
+    npm install -g n yarn pnpm --force
 
-RUN yarn global add npm yarn
+WORKDIR /app
 
-RUN yarn global add @sourcegraph/scip-typescript@${TAG} @sourcegraph/src
+COPY . .
+RUN npm install && npm run build && npm install -g .
 
-CMD ["/bin/sh"]
+WORKDIR /src
+
+RUN mv /usr/local/bin/yarn /usr/local/bin/actual-yarn
+COPY ./dev/lenient-yarn.sh /usr/local/bin/yarn
+
+RUN mv /usr/local/bin/npm /usr/local/bin/actual-npm
+COPY ./dev/lenient-npm.sh /usr/local/bin/npm
+
+RUN mv /usr/local/bin/n /usr/local/bin/actual-n
+COPY ./dev/lenient-n.sh /usr/local/bin/n
+
+ENTRYPOINT ["scip-typescript"]
diff --git a/Dockerfile.autoindex b/Dockerfile.autoindex
deleted file mode 100644
index 94e11631..00000000
--- a/Dockerfile.autoindex
+++ /dev/null
@@ -1,27 +0,0 @@
-# Keep in sync with default Dockerfile
-FROM node:20.8.1-alpine3.18@sha256:1ccb0c0ded3b21cee95fe6b6ce1ac23bd6680c8f152cbfb3047d5d9ea490b098
-
-ENV NODE_OPTIONS=--max-old-space-size=4096
-
-RUN apk add --no-cache git bash curl ca-certificates python3 make libstdc++ libgcc gcc g++ pkgconfig automake autoconf curl
-
-# The following line is kept for legacy reasons. We previously invoke the
-# `scip-typescript-autoindex` script during auto-indexing in order to handle
-# SCIP->LSIF conversion. This script is no longer needed since src handles the
-# conversion.
-RUN echo 'scip-typescript "$@" --no-progress-bar' > /usr/bin/scip-typescript-autoindex && chmod +x /usr/bin/scip-typescript-autoindex
-
-RUN yarn global add npm yarn n
-
-RUN yarn global add @sourcegraph/scip-typescript@${TAG} @sourcegraph/src
-
-RUN mv /usr/local/bin/yarn /usr/local/bin/actual-yarn
-COPY ./dev/lenient-yarn.sh /usr/local/bin/yarn
-
-RUN mv /usr/local/bin/npm /usr/local/bin/actual-npm
-COPY ./dev/lenient-npm.sh /usr/local/bin/npm
-
-RUN mv /usr/local/bin/n /usr/local/bin/actual-n
-COPY ./dev/lenient-n.sh /usr/local/bin/n
-
-CMD ["/bin/sh"]

From ba959428ff33b81cfb0f55188337a5c7f5cf8f3a Mon Sep 17 00:00:00 2001
From: Anton Sviridov <anton.sviridov@sourcegraph.com>
Date: Mon, 9 Dec 2024 10:35:01 +0000
Subject: [PATCH 2/4] Release docker image on main branch builds as well

---
 .dockerignore                 |  1 +
 .github/workflows/release.yml | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 .dockerignore

diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 00000000..3c3629e6
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1 @@
+node_modules
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f7a1916d..6de79f20 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,6 +4,8 @@ on:
   push:
     tags:
       - v*
+    branches:
+      - main
 
 jobs:
   release-image:
@@ -29,8 +31,17 @@ jobs:
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Build and push
+      - name: Build and push snapshot
         id: docker_build
+        if: github.ref == 'refs/heads/main'
+        uses: docker/build-push-action@v3
+        with:
+          push: true
+          tags: |
+            sourcegraph/scip-typescript:latest-snapshot
+      - name: Build and push tag
+        id: docker_build
+        if: startsWith(github.ref, 'refs/tags/v')
         uses: docker/build-push-action@v3
         with:
           push: true

From 29463d79fc02da0fc65658fd635d7c59b28e65e7 Mon Sep 17 00:00:00 2001
From: Anton Sviridov <anton.sviridov@sourcegraph.com>
Date: Mon, 9 Dec 2024 10:44:42 +0000
Subject: [PATCH 3/4] Add a note about upgrading docker version

---
 Dockerfile | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index f4b89504..df416edc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,20 @@
-# Keep in sync with default Dockerfile
-FROM node:22.12.0-slim@sha256:a4b757cd491c7f0b57f57951f35f4e85b7e1ad54dbffca4cf9af0725e1650cd8
+# When updating the version of the base container, please use the
+# SHA256 listed under 'Index digest' on Docker Hub,
+# not the 'Manifest digest'.
+#
+# This ensures that when pulling the container, Docker will detect
+# the platform and pull the correct image (if it exists)
+#
+# Alternate way of determining the Index digest using the docker CLI.
+#
+# $ docker buildx imagetools inspect node:22.12.0-slim
+# Name:      docker.io/library/node:22.12.0-slim
+# MediaType: application/vnd.oci.image.index.v1+json
+# Digest:    sha256:a4b757cd491c7f0b57f57951f35f4e85b7e1ad54dbffca4cf9af0725e1650cd8
+# And use this digest in FROM
+ARG base_sha=a4b757cd491c7f0b57f57951f35f4e85b7e1ad54dbffca4cf9af0725e1650cd8
+
+FROM node:22.12.0-slim@sha256:${base_sha}
 
 ENV NODE_OPTIONS=--max-old-space-size=4096
 

From 6feaa2ee93792a8a3489b269a6b92def1293ed8b Mon Sep 17 00:00:00 2001
From: Anton Sviridov <anton.sviridov@sourcegraph.com>
Date: Wed, 11 Dec 2024 10:29:46 +0000
Subject: [PATCH 4/4] Only publish to NPM on tags

---
 .github/workflows/release.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6de79f20..97bf6c83 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -21,6 +21,7 @@ jobs:
       - run: yarn run build
       - run: du -h dist/src/main.js
       - run: npm publish --access public
+        if: startsWith(github.ref, 'refs/tags/v')
         env:
           NODE_AUTH_TOKEN: ${{secrets.NPM_TOKEN}}
       - run: echo "PATCH=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV