From 053357899dbe14baac80064a852dc692c01dbefa Mon Sep 17 00:00:00 2001 From: Padreug Date: Wed, 27 May 2026 17:05:10 +0200 Subject: [PATCH] fix(docker): entrypoint runs migrations via scripts/start.js MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Upstream Dockerfile sets `ENTRYPOINT [ "node", "./dist/index.js" ]`, which boots the daemon directly and silently bypasses `scripts/start.js` — the only place that runs `prisma migrate deploy`. On a clean install, the SQLite db file at $DATABASE_URL is created empty (0 bytes) and every Policy / KeyUser / Token / SigningCondition operation throws "table does not exist." `ping` / `get_keys` / `create_new_key` happen to survive because they only touch the JSON config, not the db. Two changes: 1. ENTRYPOINT switches to `node ./scripts/start.js`. The CMD arg (`start`) and any additional argv pass through to the daemon unchanged via process.argv. 2. Runtime pnpm install drops `--prod`. The prisma CLI lives in devDependencies; with `--prod`, `npx prisma migrate deploy` tries to download prisma@latest at runtime, which OOMs in modest containers. Including devDeps at runtime adds modest image bulk for correctness. Validated end-to-end against the local regtest stack — after the rebuild the SQLite db boots populated with 22 migrations, and the lnbits-side admin spike harness passes all 9 steps including NIP-46 sign_event with Schnorr-valid signatures. Co-Authored-By: Claude Opus 4.7 (1M context) --- Dockerfile | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1168d8c..9ace24a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,10 +39,20 @@ RUN npm install -g pnpm@9 # Copy built files from the build stage COPY --from=build /app . -# Install only runtime dependencies (pnpm respects the workspace protocol) -RUN pnpm install --prod --no-frozen-lockfile +# Install all dependencies (including devDeps). The prisma CLI lives in +# devDependencies but scripts/start.js invokes `prisma migrate deploy` +# at boot, so it must be available at runtime. Dropping --prod adds the +# CLI tooling to the runtime image — a modest size cost for the +# correctness of the migration step. +RUN pnpm install --no-frozen-lockfile EXPOSE 3000 -ENTRYPOINT [ "node", "./dist/index.js" ] +# Run via scripts/start.js so `prisma migrate deploy` applies pending +# migrations before the daemon spawns. The upstream Dockerfile invokes +# ./dist/index.js directly, which silently bypasses the migration step +# and leaves the SQLite db empty on first boot — every command that +# touches Policy/KeyUser/Token/etc. then throws "table does not exist." +# Caught during aiolabs/nsecbunkerd#7 diagnosis 2026-05-27. +ENTRYPOINT [ "node", "./scripts/start.js" ] CMD ["start"]