7066c895f6
* chore: harden npm supply chain — pin overrides, enforce npm ci, add ignore-scripts Replace open-ended >= version overrides with exact pins matching lockfile versions across all 6 package.json files. Remove dead overrides for packages not present in lockfiles. Switch CI and devcontainer from npm install to npm ci for deterministic lockfile-based installs. Add .npmrc to all 7 JS project directories with ignore-scripts=true (blocks postinstall RAT vectors like the axios@1.14.1 supply chain attack) and min-release-age=3d (refuses packages published <3 days ago, requires npm >=11.10). Remove Yarn-only resolutions field from docs/my-website. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: bump sharp to 0.33.5 in docs, add docs .npmrc sharp 0.32.x uses postinstall to download native binaries, which breaks with ignore-scripts=true. sharp 0.33+ distributes via optionalDependencies instead, making it compatible with the new .npmrc hardening. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: remove docs .npmrc to fix Vercel deploy Vercel's build for docs/my-website uses npm install which needs sharp 0.32.6's postinstall script. Since we don't control Vercel's build process, remove the .npmrc from docs rather than fight it. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * chore: Dockerfile npm ci + nvm checksum verification - Replace npm install with npm ci in Dockerfile.non_root, Dockerfile.custom_ui, and spend-logs/Dockerfile for deterministic lockfile-based installs - Replace curl-pipe-bash nvm install with download-then-verify pattern in build_admin_ui.sh, build_ui.sh, and build_ui_custom_path.sh - Update nvm from v0.38.0 (2021) to v0.40.4 (Jan 2026) with SHA256 checksum verification before execution Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: macOS sha256sum compat + clarify min-release-age scope - Use shasum -a 256 fallback on macOS where sha256sum is unavailable - Clarify in .npmrc comments that min-release-age only protects local npm install, not npm ci (used in CI) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
64 lines
1.7 KiB
Bash
Executable File
64 lines
1.7 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Check if nvm is not installed
|
|
if ! command -v nvm &> /dev/null; then
|
|
# Install nvm with checksum verification
|
|
NVM_VERSION="v0.40.4"
|
|
NVM_CHECKSUM="4b7412c49960c7d31e8df72da90c1fb5b8cccb419ac99537b737028d497aba4f"
|
|
NVM_SCRIPT=$(mktemp)
|
|
trap 'rm -f "$NVM_SCRIPT"' EXIT
|
|
curl -fsSL "https://raw.githubusercontent.com/nvm-sh/nvm/${NVM_VERSION}/install.sh" -o "$NVM_SCRIPT"
|
|
if command -v sha256sum &>/dev/null; then
|
|
echo "${NVM_CHECKSUM} ${NVM_SCRIPT}" | sha256sum -c -
|
|
elif command -v shasum &>/dev/null; then
|
|
echo "${NVM_CHECKSUM} ${NVM_SCRIPT}" | shasum -a 256 -c -
|
|
else
|
|
echo "No sha256 tool found; cannot verify nvm checksum"; exit 1
|
|
fi || { echo "nvm checksum verification failed"; exit 1; }
|
|
bash "$NVM_SCRIPT"
|
|
|
|
# Source nvm script in the current session
|
|
export NVM_DIR="$HOME/.nvm"
|
|
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
|
|
fi
|
|
|
|
# Use nvm to set the required Node.js version
|
|
nvm use v20
|
|
|
|
# Check if nvm use was successful
|
|
if [ $? -ne 0 ]; then
|
|
echo "Error: Failed to switch to Node.js v20. Deployment aborted."
|
|
exit 1
|
|
fi
|
|
|
|
# print contents of ui_colors.json
|
|
echo "Contents of ui_colors.json:"
|
|
cat ui_colors.json
|
|
|
|
# Run npm build
|
|
npm run build
|
|
|
|
# Check if the build was successful
|
|
if [ $? -eq 0 ]; then
|
|
echo "Build successful. Copying files..."
|
|
|
|
# echo current dir
|
|
echo
|
|
pwd
|
|
|
|
# Specify the destination directory
|
|
destination_dir="../../litellm/proxy/_experimental/out"
|
|
|
|
# Remove existing files in the destination directory
|
|
rm -rf "$destination_dir"/*
|
|
|
|
# Copy the contents of the output directory to the specified destination
|
|
cp -r ./out/* "$destination_dir"
|
|
|
|
rm -rf ./out
|
|
|
|
echo "Deployment completed."
|
|
else
|
|
echo "Build failed. Deployment aborted."
|
|
fi
|