Remove Node.js/npm from Dockerfile and use workflow-built client artifacts instead

Co-authored-by: mimartin12 <77340197+mimartin12@users.noreply.github.com>

.github/workflows/build-unified.yml

@@ -176,6 +176,36 @@ jobs:
           ref: ${{ steps.server-branch-name.outputs.server_ref }}
           path: "server"
 
+      - name: Checkout client repo (if client branch specified)
+        if: steps.client-branch-name.outputs.use_client_build_arg == 'true'
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+        with:
+          repository: bitwarden/clients
+          token: ${{ steps.app-token.outputs.token }}
+          ref: ${{ steps.client-branch-name.outputs.client_ref }}
+          path: "clients"
+
+      - name: Setup Node.js (if building client from branch)
+        if: steps.client-branch-name.outputs.use_client_build_arg == 'true'
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
+        with:
+          node-version: '20'
+
+      - name: Setup client build directory
+        run: |
+          # Always create web-build directory for Docker context
+          mkdir -p web-build
+
+      - name: Build web client (if building from branch)
+        if: steps.client-branch-name.outputs.use_client_build_arg == 'true'
+        run: |
+          cd clients
+          npm ci
+          cd apps/web
+          npm run build:bit:selfhost:prod
+          # Copy built files to Docker build context
+          cp -r build/* ../../../web-build/
+
       - name: Build and push Docker image
         id: build-docker
         uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0

docker-unified/Dockerfile

@@ -12,16 +12,17 @@ RUN apk add --no-cache \
     curl \
     jq \
     unzip \
-    git \
-    nodejs \
-    npm
+    git
 
 WORKDIR /tmp
 
+# Copy potential pre-built web files from build context
+COPY web-build /tmp/web-build
+
 # Check if CLIENT_BRANCH looks like a release tag (starts with 'web-v' and contains version pattern)
 # If it's a release tag, download the pre-built artifact
 # If CLIENT_BRANCH is the default sentinel value, use latest release (backward compatibility)
-# Otherwise, build from the specified branch
+# Otherwise, expect pre-built client files from workflow in /context/web-build
 RUN if [ "$CLIENT_BRANCH" = "__LATEST_RELEASE__" ]; then \
       echo "Using default behavior - getting latest release for backward compatibility" \
       && git ls-remote --tags https://github.com/bitwarden/clients.git | grep refs/tags/web | cut -d/ -f3 | sort -Vr | head -1 > tag.txt \
@@ -34,9 +35,8 @@ RUN if [ "$CLIENT_BRANCH" = "__LATEST_RELEASE__" ]; then \
       && cat tag.txt | grep -o -E "[0-9]{4}\.[0-9]{1,2}\.[0-9]+" > version.txt \
       && echo "release" > build_mode.txt; \
     else \
-      echo "Building from branch: $CLIENT_BRANCH" \
-      && echo "$CLIENT_BRANCH" > branch.txt \
-      && echo "branch" > build_mode.txt; \
+      echo "Using pre-built client from workflow for branch: $CLIENT_BRANCH" \
+      && echo "workflow" > build_mode.txt; \
     fi
 
 # Download release artifact if in release mode
@@ -48,17 +48,16 @@ RUN if [ "$(cat build_mode.txt)" = "release" ]; then \
       && unzip web-$VERSION-selfhosted-COMMERCIAL.zip; \
     fi
 
-# Build from source if in branch mode
-RUN if [ "$(cat build_mode.txt)" = "branch" ]; then \
-      BRANCH=$(cat branch.txt) \
-      && echo "Cloning and building from branch: $BRANCH" \
-      && git clone --depth 1 --branch "$BRANCH" https://github.com/bitwarden/clients.git \
-      && cd clients \
-      && npm ci \
-      && cd apps/web \
-      && npm run build:bit:selfhost:prod \
+# Copy pre-built client files if in workflow mode
+RUN if [ "$(cat build_mode.txt)" = "workflow" ]; then \
+      echo "Using pre-built client files from workflow" \
       && mkdir -p /tmp/build \
-      && cp -r build/* /tmp/build/; \
+      && if [ -d "/tmp/web-build" ] && [ "$(ls -A /tmp/web-build 2>/dev/null)" ]; then \
+        cp -r /tmp/web-build/* /tmp/build/; \
+        echo "Successfully copied pre-built client files"; \
+      else \
+        echo "Warning: No pre-built client files found, using empty build directory"; \
+      fi; \
     fi
 
 # Ensure build directory exists for the copy step in final stage