Skip to content

feat!: upgrade to json-server v1 (beta.12), maintain js/ts file support #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
codfish merged 2 commits into from
Mar 8, 2026
Merged

feat!: upgrade to json-server v1 (beta.12), maintain js/ts file support #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
58159ae
chore: upgrade eslint setup
codfish Mar 8, 2026
e19df4f
feat!: upgrade to json-server v1 (beta.12), maintain js/ts file support
codfish Mar 8, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,19 +17,19 @@ jobs:
uses: actions/checkout@v6

- name: Log in to Docker Hub
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: codfish/json-server

- name: Build and push Docker image
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
push: true
Expand Down
30 changes: 13 additions & 17 deletions .github/workflows/validate.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,43 +9,39 @@ jobs:
steps:
- uses: actions/checkout@v6

- uses: actions/setup-node@v6
with:
node-version-file: .nvmrc
- uses: codfish/actions/setup-node-and-install@v3

- name: install dependencies
run: npm ci
- name: typecheck ts
run: pnpm typecheck

- name: lint js
run: npm run lint
run: pnpm lint

- name: Login to DockerHub
uses: docker/login-action@v3
uses: docker/login-action@v4
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Docker meta
id: meta
uses: docker/metadata-action@v5
uses: docker/metadata-action@v6
with:
images: codfish/json-server

- name: Build and push
id: build
uses: docker/build-push-action@v6
uses: docker/build-push-action@v7
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

- uses: actions/github-script@v8
- uses: codfish/actions/comment@v3
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `🚀 PR build published. Run \`docker run -p 9999:80 codfish/json-server@${{ steps.build.outputs.digest }}\``
})
message:
"🚀 PR build published. Run \\`docker run -p 3000:3000 codfish/json-server@${{ steps.build.outputs.digest
}}\\`"
tag: pr-build
upsert: true
2 changes: 1 addition & 1 deletion .nvmrc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
20.20.0
24
18 changes: 10 additions & 8 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,19 +1,21 @@
FROM node:20.20.0-slim
FROM node:24-slim

ENV PNPM_HOME="/pnpm"
ENV PATH="$PNPM_HOME:$PATH"
RUN corepack enable
RUN mkdir /app
WORKDIR /app

COPY package.json package-lock.json ./
RUN npm ci --omit=dev
RUN npm install -g --save-exact nodemon@3.0.1
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod

# copy in files
COPY ./tsconfig.json \
./db.js \
./middleware.js \
./routes.json \
./server.mjs ./
./server.js ./

EXPOSE 80
EXPOSE 3000
ENV PORT=3000

ENTRYPOINT [ "nodemon", "server.mjs" ]
ENTRYPOINT [ "pnpm", "start" ]
Comment on lines 6 to +21
Copy link

@coderabbitai coderabbitai bot Mar 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Run the container as a non-root user.

This image still starts the server as root because there is no USER instruction. For a network-facing process, that needlessly increases the blast radius of any compromise.

🔒 Proposed fix 
 RUN mkdir /app
 WORKDIR /app

 COPY package.json pnpm-lock.yaml ./
 RUN pnpm install --frozen-lockfile --prod

 # copy in files
 COPY ./tsconfig.json \
      ./db.js \
      ./middleware.js \
      ./server.js ./

 EXPOSE 3000
 ENV PORT=3000
+RUN chown -R node:node /app
+USER node

 ENTRYPOINT [ "pnpm", "start" ]
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
RUN mkdir /app
WORKDIR /app
COPY package.json package-lock.json ./
RUN npm ci --omit=dev
RUN npm install -g --save-exact nodemon@3.0.1
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod
# copy in files
COPY ./tsconfig.json \
./db.js \
./middleware.js \
./routes.json \
./server.mjs ./
./server.js ./
EXPOSE 80
EXPOSE 3000
ENV PORT=3000
ENTRYPOINT [ "nodemon", "server.mjs" ]
ENTRYPOINT [ "pnpm", "start" ]
RUN mkdir /app
WORKDIR /app
COPY package.json pnpm-lock.yaml ./
RUN pnpm install --frozen-lockfile --prod
# copy in files
COPY ./tsconfig.json \
./db.js \
./middleware.js \
./server.js ./
EXPOSE 3000
ENV PORT=3000
RUN chown -R node:node /app
USER node
ENTRYPOINT [ "pnpm", "start" ]
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@Dockerfile` around lines 6 - 21, The Dockerfile currently runs the app as
root (no USER instruction); create a dedicated non-root user (e.g., appuser) and
set ownership of the app directory before switching to that user so the process
started by ENTRYPOINT (pnpm start) does not run as root. Add steps after
creating /app and copying files to chown the directory (ensure files like
package.json, pnpm-lock.yaml, tsconfig.json, db.js, middleware.js, server.js are
owned by the new user) and add a USER instruction to switch to the non-root
account before the existing ENTRYPOINT, using the user name you create.

Loading