We are using JFrog Artifactory for NPM Packages in our Jenkins CI Pipeline.. I would like to download npm packages from Artifactory while building docker images in our CI for npm ci/npm install step to decrease the duration of docker build process.
I tried as below via copy the .npmrc file that contains our private registry informations from local to docker container and when I checked the logs of npm install it able to download the dependencies from our JFrog Artifactory.. But this is not a secure approach cause I do not want to keep .npmrc in local repository and commit to the VCS.
What might be the best approach of doing this ?
Dockerfile
FROM node:12.21.0-alpine3.12 AS builder
WORKDIR /usr/src/app
ARG NPM_TOKEN
ARG NODE_ENVIRONMENT=development
ENV NODE_ENV=$NODE_ENVIRONMENT
COPY package.json /usr/src/app/package.json
COPY package-lock.json* .
COPY .npmrc /usr/src/app/.npmrc
RUN npm ci --loglevel verbose
RUN rm -f .npmrc
FROM node:12.21.0-alpine3.12
WORKDIR /usr/src/app
RUN apk update && apk add curl
COPY --from=builder /usr/src/app /usr/src/app
COPY . .
EXPOSE 50005 9183
CMD [ "npm", "run", "start:docker" ]
.npmrc
registry=https://artifacts.[company].com/artifactory/api/npm/team-npm-development-virtual
_auth = xxxxxxxxxx
always-auth = true
email = [email protected]
