Skip to content

fix(build): pin nodejs to TOOLS_NODE_VERSION in golang-adk-full Dockerfile#2139

Closed
jsonmp-k8 wants to merge 1 commit into
kagent-dev:mainfrom
jsonmp-k8:fix/infra-pin-nodejs
Closed

fix(build): pin nodejs to TOOLS_NODE_VERSION in golang-adk-full Dockerfile#2139
jsonmp-k8 wants to merge 1 commit into
kagent-dev:mainfrom
jsonmp-k8:fix/infra-pin-nodejs

Conversation

@jsonmp-k8

Copy link
Copy Markdown
Contributor

Summary

Fixes the qemu: uncaught target signal 4 (Illegal instruction) crash that has been breaking every arm64 image build on main since ~14:40 UTC on 2026-07-02.

Root cause

go/Dockerfile.full installs nodejs unpinned in two stages:

# srt-builder (line 30):
apk add --no-cache bash git ca-certificates nodejs npm node-gyp ...

# final runtime (line 49):
apk add --no-cache bash ca-certificates curl nodejs bubblewrap ...

TOOLS_NODE_VERSION=24 is passed as a --build-arg from the Makefile but is never actually referenced inside these Dockerfile stages. So when Wolfi published nodejs-26.4.0-r1, apk add nodejs silently upgraded to a Node 26 binary whose arm64 instructions QEMU 10.2.3 (from docker/setup-qemu-action@v4) cannot emulate — every cross-arch build now crashes at Dockerfile.full:35 during npm install.

Evidence this is drift, not something in a recent PR:

  • #2133 merged at 14:39 UTC → CI SUCCESS
  • #2132 merged at 14:40 UTC → same QEMU crash, same line
  • Every PR pushed since then hits the same failure

Fix

Match the pattern that ui/Dockerfile (lines 13 and 50) already uses: "nodejs~${TOOLS_NODE_VERSION}", and declare ARG TOOLS_NODE_VERSION=24 in both stages that need it. The ~ operator is Wolfi's fuzzy version match — pins the major line but still allows patch updates within nodejs-24.x.

Changes

File Change
go/Dockerfile.full Add ARG TOOLS_NODE_VERSION=24 to srt-builder and final stages; replace nodejs with "nodejs~${TOOLS_NODE_VERSION}" in both apk add commands

Test plan

  • build (golang-adk-full) passes on arm64
  • All other build (*) jobs (which were cascade-cancelling because of the fail-fast matrix) pass again
  • Verify installed nodejs is 24.x, not 26.x, in the resulting image

…rfile

The srt-builder and final stages install `nodejs` unpinned via `apk add`,
even though `TOOLS_NODE_VERSION=24` is threaded through as a build arg.
When Wolfi published nodejs-26.4.0-r1, arm64 builds started crashing with
`qemu: uncaught target signal 4 (Illegal instruction) - core dumped`
because the newer binary uses CPU instructions the docker/setup-qemu-action
version cannot emulate.

Pin nodejs to "nodejs~${TOOLS_NODE_VERSION}" to match the pattern already
used in ui/Dockerfile:13 and :50, so the version arg actually constrains
the installed package and Wolfi upgrades to a new major don't silently
break builds.

Signed-off-by: Jaison Paul <paul.jaison@gmail.com>
Copilot AI review requested due to automatic review settings July 2, 2026 15:50
@github-actions github-actions Bot added the bug Something isn't working label Jul 2, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes arm64 cross-arch image build failures for golang-adk-full by preventing Wolfi apk from silently upgrading nodejs to a newer major version that QEMU cannot emulate during npm install.

Changes:

  • Add ARG TOOLS_NODE_VERSION=24 to the srt-builder and final runtime stages in go/Dockerfile.full.
  • Pin apk add to the Node major line via "nodejs~${TOOLS_NODE_VERSION}" in both stages to avoid major-version drift.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jsonmp-k8

Copy link
Copy Markdown
Contributor Author

Superseded — folded this commit into #2138 so the security fix and the infra fix land together (the security PR can't go green on its own without this pin).

@jsonmp-k8 jsonmp-k8 closed this Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants