Work around NPM dependencies with fixed URL on company network

Question

I have to make a Dockerfile to build my decentraland world in a docker container. This requires to install the dcl package on NPM, and to do this on our company network with our company mirror for npm.

The issue is that the decentraland package have a dependency with a fixed URL and I can't reach it from the network for security reasons.

From the Package.json (issue on @dcl/protocol):

  "dependencies": {
    "@dcl/crypto": "^3.0.1",
    "@dcl/ecs-scene-utils": "^1.7.5",
    "@dcl/linker-dapp": "^0.8.0",
    "@dcl/mini-comms": "1.0.0",
    "@dcl/protocol": "https://sdk-team-cdn.decentraland.org/@dcl/protocol/branch//dcl-protocol-1.0.0-3130782694.commit-94713ab.tgz",

I tried to make a sidecar docker container with a web server that would serve this file. Then I thought I would modify the host file to redirect the traffic from sdk-team-cdn.decentraland.org to this docker, but I'm getting issues with the flows and the ports.

There should be an easier way.

Answer 1

I finally got the sidecar dirty fake npm repo working.

So, I did a second NodeJS/Express solution with a homemade certificate and with the dcl-protocol-1.0.0-3130782694.commit-94713ab.tgz file in the proper path

index.js

    const https = require('https');
    const fs = require('fs');
    const express = require('express');
    const app = express();
    
    app.use('/@dcl', express.static(__dirname + '/@dcl'))
    app.use('/@dcl/protocol', express.static(__dirname + '/@dcl/protocol'))
    app.use('/@dcl/protocol/branch', express.static(__dirname + '/@dcl/protocol/branch'))
    
    const privateKey = fs.readFileSync('./certificates/private_key.pem', 'utf8');
    const certificate = fs.readFileSync('./certificates/certificate.pem', 'utf8');
    const ca = fs.readFileSync('./certificates/ca.pem', 'utf8');
    
    const credentials = {
      key: privateKey,
      cert: certificate,
      ca: ca
    };
    const httpsServer = https.createServer(credentials, app);
    httpsServer.listen(443, () => {
      console.log('CDN server is running on port 443 (HTTPS)');
    });

Then, in my jenkinsfile, I built and ran this first "fake npm" docker before the real one. I had to use docker inspect to get the IP of the "fake npm" docker and --add-host to set this IP as sdk-team-cdn.decentraland.org

    docker build -f ./Dockerfile -t fake_npm:0.1.0 .
    docker run -d -p 443:443 --name fakenpm fake_npm:0.1.0
    sleep 4
    IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' fakenpm)
    echo $IP
    docker build --add-host=sdk-team-cdn.decentraland.org:$IP -f ../myWork/Dockerfile -t decentraland_demo:0.1.0 .
    docker stop fakenpm
    docker rm fakenpm

The last thing is to ignore the ssl errors on the Dockerfile when loading the files from my fake sdk-team-cdn.decentraland.org

    RUN npm config set strict-ssl false
    RUN npm install --global decentraland@next
    RUN npm config set strict-ssl true