When building on a system that doesn't have pnpm installed, pnpm 11 is pulled in automaticallly. This version of pnpm defaults to blocking install scripts for supply chain safety reasons. That leads to the following error when running make DOCKER=podman docker build:
[ERR_PNPM_IGNORED_BUILDS] Ignored build scripts: @tailwindcss/oxide@4.1.13, esbuild@0.21.5, sharp@0.34.5, unrs-resolver@1.11.1
Run "pnpm approve-builds" to pick which dependencies should be allowed to run scripts.
make[1]: *** [Makefile:230: docker-ui] Error 1
make[1]: Leaving directory '~/src/leash'
make: *** [Makefile:245: build-ui] Error 2
The four components mentioned depend on native components that are legitimately built with install scripts, so they should be approved.
The suggested pnpm approve-builds command is interactive so it can't run in the automated process, but approval can be configured in package.json. This however, requires pnpm 10 rather than pnpm 11. The main change to fix this would be something like
diff --git a/controlui/web/package.json b/controlui/web/package.json
index 2548a5d..fc87f03 100644
--- a/controlui/web/package.json
+++ b/controlui/web/package.json
@@ -2,6 +2,7 @@
"name": "web",
"version": "0.1.0",
"private": true,
+ "packageManager": "pnpm@10.18.0",
"scripts": {
"dev": "next dev",
"build": "next build",
@@ -51,5 +52,13 @@
"tw-animate-css": "^1.3.8",
"typescript": "^5",
"vitest": "^2.1.4"
+ },
+ "pnpm": {
+ "onlyBuiltDependencies": [
+ "@tailwindcss/oxide",
+ "esbuild",
+ "sharp",
+ "unrs-resolver"
+ ]
}
}
and then to make sure the automated process runs with the suggested pnpm instead of prompting the user, we also need
diff --git a/Makefile b/Makefile
index 9ad71a6..355b423 100644
--- a/Makefile
+++ b/Makefile
@@ -229,6 +229,7 @@ docker-ui: precommit ## Build the Control UI using Docker
@# otherwise kills the build.
@$(DOCKER) run --rm \
-e CI=true \
+ -e COREPACK_ENABLE_DOWNLOAD_PROMPT=0 \
-e PNPM_STORE_DIR=/pnpm/store \
-e HOST_UID=$(shell id -u) -e HOST_GID=$(shell id -g) \
-v "$(CURDIR)/controlui/web:/src:ro,z" \
(I realise now this diff is based on #75 so it might not apply cleanly to main due to conflicting context. But it's easy enough to apply manually!)
When building on a system that doesn't have pnpm installed, pnpm 11 is pulled in automaticallly. This version of pnpm defaults to blocking install scripts for supply chain safety reasons. That leads to the following error when running
make DOCKER=podman docker build:The four components mentioned depend on native components that are legitimately built with install scripts, so they should be approved.
The suggested
pnpm approve-buildscommand is interactive so it can't run in the automated process, but approval can be configured in package.json. This however, requires pnpm 10 rather than pnpm 11. The main change to fix this would be something likeand then to make sure the automated process runs with the suggested pnpm instead of prompting the user, we also need
(I realise now this diff is based on #75 so it might not apply cleanly to main due to conflicting context. But it's easy enough to apply manually!)