fix(docker): link work-queue workspace deps in harness image#42
Merged
Conversation
The dependency-cache COPY block listed session-backend, k8s-sandbox, knative-server and harness package.json files but omitted packages/work-queue. `pnpm install --frozen-lockfile` therefore ran before work-queue existed in the build context, so its node_modules (including the `redis` package) were never linked. Since server.ts imports @sh/work-queue at top level, the published image crashed on startup: ERR_MODULE_NOT_FOUND: Cannot find package 'redis' imported from /app/packages/work-queue/src/queue.ts Copy work-queue's package.json alongside the others so pnpm links its dependencies. Verified by building the fixed image in-cluster on OpenShift 4.20 and deploying it: the harness starts and ksvc/serverless-harness reaches Ready (previously CrashLoopBackOff). Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com> Signed-off-by: Paolo Dettori <paolo.dettori@example.com>
pdettori
pushed a commit
that referenced
this pull request
Jul 1, 2026
Adds deploy/knative/setup-ocp.sh, the OpenShift-native sibling of setup-kind.sh (issue #41), plus a shared OCP kustomize overlay, a pre-baked sandbox image, docs, and CI to publish the sandbox image. Base bring-up on OpenShift 4.20+: - OpenShift Serverless Operator (OLM Subscription) + KnativeServing CR with the PVC/securityContext feature flags and autoscaler tuning set in the CR spec (the operator reverts direct ConfigMap patches). - Redis, sandbox, leaf-work PVC, LLM secret and the harness Knative Service applied via deploy/knative/overlays/ocp; OCP tweaks are kustomize patches, base YAMLs stay shared with Kind. - Sandbox image pre-baked (deploy/knative/sandbox.Dockerfile, sets USER 65532) and built in-cluster against the internal registry; also published to GHCR by build.yaml alongside the harness image. - Harness SA granted the nonroot-v2 SCC so its explicit non-root UID is admitted (the published image declares no USER) - issue #41 item #4b. - Ingress via the auto-created OpenShift Route (no Kourier port-forward). - Idempotent; --dry-run/--help and --image/--namespace/--skip-sandbox-build flags. KEDA (async leaf) and the optional Redis Enterprise Operator are deferred follow-ups (--skip-keda is the default). Verified end-to-end on OpenShift 4.20.8: operator install, KnativeServing Ready, SCC grant, in-cluster sandbox build, PVC bind (gp3-csi RWO), ksvc Ready, /health 200 over the Route, and an idempotent re-run. A full /turn inference needs LLM-gateway egress, which is environment-specific. Depends on #42 (harness image fix) for a runnable default image. Assisted-By: Claude (Anthropic AI) <noreply@anthropic.com> Signed-off-by: Paolo Dettori <paolo.dettori@example.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
The published
ghcr.io/kagenti/serverless-harnessimage crashes on startup:server.tsimports@sh/work-queueat top level, but theredispackage is never linked for that workspace package.Root cause
The
Dockerfiledependency-cacheCOPYblock copies each workspace'spackage.jsonbeforepnpm install --frozen-lockfile(for layer caching), but the list omittedpackages/work-queue:So
pnpm installran without work-queue in the tree and never createdpackages/work-queue/node_modules. Confirmed by inspecting the published image:packages/session-backend/node_modules/redisis linked,packages/work-queue/node_modulesdoes not exist (thoughredis@6.0.0is present in the pnpm store).Fix
Add the missing
COPY packages/work-queue/package.json ./packages/work-queue/line.Verification
Built the fixed image in-cluster on OpenShift 4.20.8 and deployed it — the harness starts cleanly and
ksvc/serverless-harnessreaches Ready (previouslyCrashLoopBackOffwith the module-not-found error). The existingbuild.yamlCI republishes the corrected image on merge.Found while implementing #41 (OpenShift setup script).
Assisted-By: Claude Code