Skip to content

fix: prevent pnpm auto-install during Docker build#74

Merged
andrasbacsai merged 1 commit into
coollabsio:mainfrom
batmanscode:docker-update-bug-2
May 26, 2026
Merged

fix: prevent pnpm auto-install during Docker build#74
andrasbacsai merged 1 commit into
coollabsio:mainfrom
batmanscode:docker-update-bug-2

Conversation

@batmanscode

Copy link
Copy Markdown
Contributor

Summary

Fixes the scheduled Docker image build for OpenClaw releases that use pnpm 11 by preventing pnpm build from auto-running a second dependency install after the Docker metadata patch.

The Dockerfile still installs dependencies from the upstream release lockfile with pnpm install --frozen-lockfile; this only disables pnpm's pre-script dependency freshness auto-install for the later build commands.

Root Cause

This is similar to #63, but one layer deeper.

PR #69 fixed the explicit post-patch install by moving dependency installation before the Dockerfile relaxes bundled extension openclaw workspace/peer references.

The new failure happens because OpenClaw v2026.5.20 uses pnpm@11.1.0. pnpm 11 defaults verifyDepsBeforeRun to install, so when pnpm build runs after the metadata patch, pnpm sees node_modules as stale and implicitly runs another pnpm install.

That implicit install re-enters dependency resolution and hits OpenClaw's minimumReleaseAge: 2880 guard:

[ERR_PNPM_NO_MATURE_MATCHING_VERSION] Version 2.5.0 of @google/genai does not meet the minimumReleaseAge constraint

Because the base image build fails, the versioned image and final latest manifest are never pushed, leaving latest on the previous successful OpenClaw image.

Why This Fix

  • Keeps dependency installation pinned to the upstream release lockfile via pnpm install --frozen-lockfile.
  • Preserves OpenClaw's minimumReleaseAge protection during actual dependency installation.
  • Prevents pnpm 11 from doing an unintended second install after the Docker-only package metadata patch.
  • Keeps the existing package metadata relaxation before pnpm build / pnpm ui:build.

Verification

I reproduced the failing path against v2026.5.20 from the failed scheduled build.

With this change, the Docker build passed the previous failure point: pnpm build started the OpenClaw build directly instead of auto-running pnpm install and failing on @google/genai.

My local Docker build later exited during upstream tsdown with SIGTERM, which appears unrelated to the minimumReleaseAge failure and likely due to local builder resources. git diff --check passes.

Fixes #73.

@batmanscode

Copy link
Copy Markdown
Contributor Author

Codex strikes again 😃

@batmanscode

Copy link
Copy Markdown
Contributor Author

Builds passing again now 😃

The new OpenClaw release made installs more deterministic:
https://github.com/openclaw/openclaw/releases/tag/v2026.5.22

The relevant bit is the generated shrinkwrap / locked dependency graph work. So I think the immediate failure got masked because upstream is less likely to resolve a surprise dependency during install now

I think better to still merge this. Even with the upstream shrinkwrap changes, this keeps the Docker build tied to the dependencies installed by pnpm install --frozen-lockfile so no pnpm build taking a second pass at dependency verification/install later causing issues like this again

@andrasbacsai

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented May 26, 2026

Copy link
Copy Markdown
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented May 26, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: dd144b2a-c143-46f7-bc8c-477694b397ef

📥 Commits

Reviewing files that changed from the base of the PR and between f8cdb11 and 1f63dd8.

📒 Files selected for processing (1)
  • Dockerfile.base

Walkthrough

This PR configures the openclaw-build Docker stage to disable pnpm's pre-run dependency verification by setting ENV pnpm_config_verify_deps_before_run=false. The change is positioned before the pnpm build invocation and includes comments explaining the workaround targets pnpm 11's node_modules staleness detection. A simple, targeted Docker build optimization—the kind of real infrastructure you can actually inspect and debug, not some ephemeral serverless black box that eats your gluten-free taco budget.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@andrasbacsai

Copy link
Copy Markdown
Member

Thank you for the PR! 💜

@andrasbacsai andrasbacsai merged commit dd32ff6 into coollabsio:main May 26, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Docker update failing [again]

2 participants