Merge remote-tracking branch 'origin/master' into ci/publish-docker-image

aldy505 · aldy505 · commit e2fdf9ed348b · 2026-03-18T07:51:16.000+07:00
diff --git a/.dockerignore b/.dockerignore
@@ -6,3 +6,4 @@
 !/yarn.lock
 !/src
 !/fonts
+!/smoketest.js
diff --git a/Dockerfile b/Dockerfile
@@ -1,35 +1,58 @@
-FROM node:20.19.5-bookworm AS builder
+FROM us-docker.pkg.dev/sentryio/dhi/node:24-debian13-dev AS builder
 
-COPY package.json yarn.lock .
+WORKDIR /build
+
+COPY package.json yarn.lock ./
 RUN yarn install --frozen-lockfile
 
 COPY tsconfig.json .
 COPY src src
 RUN yarn build
 
-FROM node:20.19.5-bookworm-slim
+# Drop devDependencies from node_modules for the runtime image
+RUN yarn install --frozen-lockfile --production
+
+# canvas 3.x bundles its graphics libs (libcairo, libpango, etc.) but some of
+# those bundled libs still need system libs absent from the minimal runtime image.
+# Use ldd to auto-detect all transitive system dependencies of every native module
+# so this stays correct when canvas or any other native dependency is updated.
+RUN mkdir -p /canvas-sys-libs && \
+    find /build/node_modules -name "*.node" | \
+    xargs ldd 2>/dev/null | \
+    awk '/=> \// { print $3 }' | \
+    grep -v '^/build' | \
+    sort -u | \
+    while IFS= read -r lib; do \
+        real=$(readlink -f "$lib"); \
+        cp --parents "$real" /canvas-sys-libs/ 2>/dev/null || true; \
+        usr="${lib/#\/lib\//\/usr\/lib\/}"; \
+        [ "$usr" != "$real" ] && \
+            ln -sf "$(basename "$real")" "/canvas-sys-libs$usr" 2>/dev/null || true; \
+    done
+
+# canvas bundles libfontconfig but needs /etc/fonts/fonts.conf to initialise.
+# Without it fontconfig silently fails and all text renders as box glyphs.
+RUN apt-get update -qq && \
+    apt-get install -qq -y --no-install-recommends fontconfig && \
+    rm -rf /var/lib/apt/lists/*
+
+
+FROM us-docker.pkg.dev/sentryio/dhi/node:24-debian13
 
 ENV NODE_ENV=production
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        build-essential \
-        libcairo2-dev \
-        libpango1.0-dev \
-        libpangocairo-1.0-0 \
-        libjpeg-dev \
-        libgif-dev \
-        librsvg2-dev \
-    && rm -rf /var/lib/apt/lists/*
-
 WORKDIR /usr/src/app
 
-COPY package.json yarn.lock ./
-RUN yarn install --frozen-lockfile
-
+COPY package.json ./
 COPY fonts fonts
-COPY --from=builder lib lib
-
-RUN node lib/index.js --help
+COPY --from=builder /build/node_modules node_modules
+COPY --from=builder /build/lib lib
+COPY --from=builder /canvas-sys-libs/usr/lib/ /usr/lib/
+COPY --from=builder /etc/fonts/ /etc/fonts/
+COPY --from=builder /usr/share/fonts/ /usr/share/fonts/
+COPY smoketest.js .
+
+RUN ["node", "smoketest.js"]
 
 EXPOSE 9090/tcp
 CMD ["node", "./lib/index.js", "server", "9090"]
diff --git a/devservices/config.yml b/devservices/config.yml
@@ -25,7 +25,7 @@ services:
     labels:
       - orchestrator=devservices
     healthcheck:
-      test: python3 -c "import urllib.request; urllib.request.urlopen(\"http://127.0.0.1:9090/api/chartcuterie/healthcheck/live\", timeout=5)"
+      test: ["CMD", "node", "-e", "fetch('http://127.0.0.1:9090/api/chartcuterie/healthcheck/live').then(r=>r.ok?0:1,()=>1).then(process.exit)"]
       interval: 5s
       timeout: 5s
       retries: 3
diff --git a/gocd/templates/jsonnetfile.json b/gocd/templates/jsonnetfile.json
@@ -8,7 +8,7 @@
           "subdir": "libs"
         }
       },
-      "version": "v2.13.0"
+      "version": "v2.18.0"
     }
   ],
   "legacyImports": true
diff --git a/gocd/templates/jsonnetfile.lock.json b/gocd/templates/jsonnetfile.lock.json
@@ -8,8 +8,8 @@
           "subdir": "libs"
         }
       },
-      "version": "6ddc943ae87444b48e16995639dfe89f33a0f444",
-      "sum": "NH9U5jQ8oCSPXLuBw27OqAaPLBUDqMGHvRLxfo84hNQ="
+      "version": "3b7e3b151fb20d21d66c2f04d17a740ba0b09ac0",
+      "sum": "cgfkKWTz+bBKHa8WVji1v4Ke5JM3bTeMnqPtYZuy9VM="
     }
   ],
   "legacyImports": false
diff --git a/package.json b/package.json
@@ -20,35 +20,39 @@
     "README"
   ],
   "dependencies": {
-    "@sentry/node": "10.0.0",
-    "@sentry/profiling-node": "10.0.0",
+    "@sentry/node": "10.40.0",
+    "@sentry/profiling-node": "10.40.0",
     "canvas": "^3.2.0",
     "dotenv": "^8.2.0",
     "echarts": "6.0.0",
-    "express": "4.21.2",
+    "express": "5.2.1",
     "joi": "17.6.0",
     "winston": "3.7.2",
     "yargs": "^16.2.0"
   },
   "devDependencies": {
-    "@types/express": "^4.17.21",
+    "@types/express": "^5.0.6",
     "@types/jest-image-snapshot": "4.3.1",
-    "@types/node": "^20.10.6",
-    "@types/supertest": "^2.0.10",
+    "@types/node": "^24.0.0",
+    "@types/supertest": "^7.2.0",
     "@types/yargs": "^17.0.32",
     "eslint": "^8.56.0",
-    "eslint-config-sentry-app": "^1.129.0",
+    "eslint-config-sentry-app": "^2.10.0",
     "jest": "^29.7.0",
     "jest-fetch-mock": "^3.0.3",
     "jest-image-snapshot": "5.1.0",
     "prettier": "2.6.2",
-    "supertest": "6.2.3",
+    "supertest": "7.2.2",
     "ts-jest": "28.0.5",
     "tsc-watch": "5.0.3",
     "typescript": "^5.3.3"
   },
+  "resolutions": {
+    "json5": "^2.2.3",
+    "minimatch": "9.0.9"
+  },
   "volta": {
-    "node": "20.10.0",
+    "node": "24.14.0",
     "yarn": "1.22.5"
   }
 }
diff --git a/smoketest.js b/smoketest.js
@@ -0,0 +1,38 @@
+'use strict';
+// Exercises the full rendering path: canvas init, font loading, echarts render, PNG output.
+// Runs as a build-time check in the Docker runtime stage — any missing .so or font files
+// will cause this to throw and fail the build.
+//
+// The expected hash pins the exact pixel output. If it changes, update it by running:
+//   docker build -t chartcuterie:local . && \
+//   docker run --rm chartcuterie:local node -e "
+//     const crypto = require('crypto');
+//     const {renderSync} = require('./lib/render');
+//     const r = renderSync({key:'smoke',height:100,width:100,getOption:()=>({
+//       xAxis:{type:'category'},yAxis:{type:'value'},series:[{type:'line',data:[1,2,3]}]
+//     })},[]);
+//     console.log(crypto.createHash('sha256').update(r.buffer).digest('hex'));
+//     r.dispose();
+//   "
+const crypto = require('crypto');
+const {renderSync} = require('./lib/render');
+
+const result = renderSync({
+  key: 'smoke',
+  height: 100,
+  width: 100,
+  getOption: () => ({
+    xAxis: {type: 'category'},
+    yAxis: {type: 'value'},
+    series: [{type: 'line', data: [1, 2, 3]}],
+  }),
+}, []);
+
+const {buffer} = result;
+result.dispose();
+
+const EXPECTED_SHA256 = '2616947b26199985b53250044725868a530ee2e2328ed2380825a2cbd71c37f9';
+const actual = crypto.createHash('sha256').update(buffer).digest('hex');
+if (actual !== EXPECTED_SHA256) {
+  throw new Error(`smoke test failed: output hash ${actual} !== expected ${EXPECTED_SHA256}`);
+}
diff --git a/yarn.lock b/yarn.lock

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`"subdir": "libs"`
`9`	`9`	`}`
`10`	`10`	`},`
`11`		`- "version": "v2.13.0"`
	`11`	`+ "version": "v2.18.0"`
`12`	`12`	`}`
`13`	`13`	`],`
`14`	`14`	`"legacyImports": true`
Original file line number	Diff line number	Diff line change
`@@ -8,8 +8,8 @@`
`8`	`8`	`"subdir": "libs"`
`9`	`9`	`}`
`10`	`10`	`},`
`11`		`- "version": "6ddc943ae87444b48e16995639dfe89f33a0f444",`
`12`		`- "sum": "NH9U5jQ8oCSPXLuBw27OqAaPLBUDqMGHvRLxfo84hNQ="`
	`11`	`+ "version": "3b7e3b151fb20d21d66c2f04d17a740ba0b09ac0",`
	`12`	`+ "sum": "cgfkKWTz+bBKHa8WVji1v4Ke5JM3bTeMnqPtYZuy9VM="`
`13`	`13`	`}`
`14`	`14`	`],`
`15`	`15`	`"legacyImports": false`