7066c895f6
* chore: harden npm supply chain — pin overrides, enforce npm ci, add ignore-scripts Replace open-ended >= version overrides with exact pins matching lockfile versions across all 6 package.json files. Remove dead overrides for packages not present in lockfiles. Switch CI and devcontainer from npm install to npm ci for deterministic lockfile-based installs. Add .npmrc to all 7 JS project directories with ignore-scripts=true (blocks postinstall RAT vectors like the axios@1.14.1 supply chain attack) and min-release-age=3d (refuses packages published <3 days ago, requires npm >=11.10). Remove Yarn-only resolutions field from docs/my-website. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump sharp to 0.33.5 in docs, add docs .npmrc sharp 0.32.x uses postinstall to download native binaries, which breaks with ignore-scripts=true. sharp 0.33+ distributes via optionalDependencies instead, making it compatible with the new .npmrc hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: remove docs .npmrc to fix Vercel deploy Vercel's build for docs/my-website uses npm install which needs sharp 0.32.6's postinstall script. Since we don't control Vercel's build process, remove the .npmrc from docs rather than fight it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: Dockerfile npm ci + nvm checksum verification - Replace npm install with npm ci in Dockerfile.non_root, Dockerfile.custom_ui, and spend-logs/Dockerfile for deterministic lockfile-based installs - Replace curl-pipe-bash nvm install with download-then-verify pattern in build_admin_ui.sh, build_ui.sh, and build_ui_custom_path.sh - Update nvm from v0.38.0 (2021) to v0.40.4 (Jan 2026) with SHA256 checksum verification before execution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: macOS sha256sum compat + clarify min-release-age scope - Use shasum -a 256 fallback on macOS where sha256sum is unavailable - Clarify in .npmrc comments that min-release-age only protects local npm install, not npm ci (used in CI) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
77 lines
2.9 KiB
Docker
77 lines
2.9 KiB
Docker
# Use the provided base image
|
|
FROM ghcr.io/berriai/litellm:litellm_fwd_server_root_path-dev
|
|
|
|
# Set the working directory to /app
|
|
WORKDIR /app
|
|
|
|
# Install Node.js and npm (adjust version as needed)
|
|
RUN apt-get update && apt-get upgrade -y \
|
|
libxml2 \
|
|
libexpat1 \
|
|
openssl \
|
|
libssl3 \
|
|
git \
|
|
libkrb5-3 \
|
|
libglib2.0-0 \
|
|
wget \
|
|
libaom3 \
|
|
libxslt1.1 \
|
|
libgnutls30 \
|
|
libc6 && \
|
|
apt-get install -y nodejs npm && \
|
|
npm install -g npm@latest tar@7.5.11 glob@11.1.0 @isaacs/brace-expansion@5.0.1 minimatch@10.2.4 diff@8.0.3 && \
|
|
GLOBAL="$(npm root -g)" && \
|
|
find "$GLOBAL/npm" -type d -name "tar" -path "*/node_modules/tar" | while read d; do \
|
|
rm -rf "$d" && cp -rL "$GLOBAL/tar" "$d"; \
|
|
done && \
|
|
find "$GLOBAL/npm" -type d -name "glob" -path "*/node_modules/glob" | while read d; do \
|
|
rm -rf "$d" && cp -rL "$GLOBAL/glob" "$d"; \
|
|
done && \
|
|
find "$GLOBAL/npm" -type d -name "brace-expansion" -path "*/node_modules/@isaacs/brace-expansion" | while read d; do \
|
|
rm -rf "$d" && cp -rL "$GLOBAL/@isaacs/brace-expansion" "$d"; \
|
|
done && \
|
|
find "$GLOBAL/npm" -type d -name "minimatch" -path "*/node_modules/minimatch" | while read d; do \
|
|
rm -rf "$d" && cp -rL "$GLOBAL/minimatch" "$d"; \
|
|
done && \
|
|
find "$GLOBAL/npm" -type d -name "diff" -path "*/node_modules/diff" | while read d; do \
|
|
rm -rf "$d" && cp -rL "$GLOBAL/diff" "$d"; \
|
|
done && \
|
|
find /usr/local/lib /usr/lib -path "*/node_modules/npm/package.json" -exec \
|
|
sed -i 's/"tar": "\^7\.5\.[0-9]*"/"tar": "^7.5.10"/g; s/"minimatch": "\^10\.[0-9.]*"/"minimatch": "^10.2.4"/g' {} + 2>/dev/null && \
|
|
npm cache clean --force && \
|
|
apt-get purge -y npm
|
|
|
|
# Copy the UI source into the container
|
|
COPY ./ui/litellm-dashboard /app/ui/litellm-dashboard
|
|
|
|
# Set an environment variable for UI_BASE_PATH
|
|
# This can be overridden at build time
|
|
# set UI_BASE_PATH to "<your server root path>/ui"
|
|
ENV UI_BASE_PATH="/prod/ui"
|
|
|
|
# Build the UI with the specified UI_BASE_PATH
|
|
WORKDIR /app/ui/litellm-dashboard
|
|
RUN npm ci
|
|
RUN UI_BASE_PATH=$UI_BASE_PATH npm run build
|
|
|
|
# Create the destination directory
|
|
RUN mkdir -p /app/litellm/proxy/_experimental/out
|
|
|
|
# Move the built files to the appropriate location
|
|
# Assuming the build output is in ./out directory
|
|
RUN rm -rf /app/litellm/proxy/_experimental/out/* && \
|
|
mv ./out/* /app/litellm/proxy/_experimental/out/
|
|
|
|
# Switch back to the main app directory
|
|
WORKDIR /app
|
|
|
|
# Make sure your docker/entrypoint.sh is executable
|
|
# Convert Windows line endings to Unix for entrypoint scripts
|
|
RUN sed -i 's/\r$//' docker/entrypoint.sh && chmod +x docker/entrypoint.sh
|
|
RUN sed -i 's/\r$//' docker/prod_entrypoint.sh && chmod +x docker/prod_entrypoint.sh
|
|
|
|
# Expose the necessary port
|
|
EXPOSE 4000/tcp
|
|
|
|
# Override the CMD instruction with your desired command and arguments
|
|
CMD ["--port", "4000", "--config", "config.yaml", "--detailed_debug"] |