fix(ci): route npm registry direct in docker build NO_PROXY

The D601 provider-gateway egress proxy (127.0.0.1:18789) is a
WebSocket-tunneled CONNECT proxy to backend-core. Long npm downloads
(playwright tarball ~3MB, plus tarball streaming) trigger ECONNRESET
mid-install, which then compounds into ENOTEMPTY on the next npm
retry because the partial global install is not cleaned up. The
in-dockerfile retry loop (5 attempts) exhausts and the image build
fails at Step 12/37.

The build's --build-arg NO_PROXY only listed localhost / 127.0.0.1 /
::1 / host.docker.internal, so every npm fetch went through the
proxy. Direct curl tests from D601 to registry.npmjs.org succeed at
HTTP 200 with ~280 KB/s, well above what the WS tunnel can sustain
for multi-MB downloads.

Persist the fix in both D601 and G14 pipeline manifests by adding
registry.npmjs.org and .registry.npmjs.org to NO_PROXY so docker
build's npm install goes direct. The proxy is still used for apt-get
and any other traffic that doesn't match the expanded NO_PROXY list,
so unrelated egress continues through the provider-gateway.

Refs: #189
This commit is contained in:
Codex
2026-06-01 08:21:32 +00:00
parent 8ed0e57156
commit 0f62fa6d06
2 changed files with 4 additions and 4 deletions
@@ -447,7 +447,7 @@ spec:
--build-arg HTTP_PROXY=http://127.0.0.1:18789 \
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
--label "unidesk.ai/service-id=backend-core" \
--label "unidesk.ai/source-repo=$(params.repo-url)" \
--label "unidesk.ai/source-commit=$commit" \
@@ -715,7 +715,7 @@ spec:
--build-arg HTTP_PROXY=http://127.0.0.1:18789 \
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
--label "unidesk.ai/service-id=$service_id" \
--label "unidesk.ai/source-repo=$(params.repo-url)" \
--label "unidesk.ai/source-commit=$commit" \
@@ -447,7 +447,7 @@ spec:
--build-arg HTTP_PROXY=http://127.0.0.1:18789 \
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
--label "unidesk.ai/service-id=backend-core" \
--label "unidesk.ai/source-repo=$(params.repo-url)" \
--label "unidesk.ai/source-commit=$commit" \
@@ -715,7 +715,7 @@ spec:
--build-arg HTTP_PROXY=http://127.0.0.1:18789 \
--build-arg HTTPS_PROXY=http://127.0.0.1:18789 \
--build-arg ALL_PROXY=http://127.0.0.1:18789 \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal \
--build-arg NO_PROXY=localhost,127.0.0.1,::1,host.docker.internal,registry.npmjs.org,.registry.npmjs.org \
--label "unidesk.ai/service-id=$service_id" \
--label "unidesk.ai/source-repo=$(params.repo-url)" \
--label "unidesk.ai/source-commit=$commit" \