Revert "Merge pull request #163 from blooop/claude/npm-pixi-installat…

[blooop]

…ion-GvBL8"

This reverts commit 2896319, reversing changes made to 38bc59a.

Summary by Sourcery

Switch npm-related extensions from pixi-based installation to an nvm- and npm-based Dockerfile workflow and clean up obsolete artifacts.

New Features:

• Provide Dockerfile snippets to install Node.js and npm via nvm and expose npm in the image PATH.
• Add Dockerfile snippets for installing the OpenAI Codex and Google Gemini CLI tools globally via npm.

Enhancements:

• Update the npm extension to depend on curl and related apt packages and to parameterize Node.js and npm versions via template arguments.
• Standardize test scripts for npm, codex, and gemini extensions to use a non-login bash shell.

Chores:

• Remove legacy user Dockerfile snippets and specs tied to the previous pixi-based npm installation flow.

[sourcery-ai]

Reviewer's Guide

Switches the npm extension from pixi-based installation to an nvm (Node Version Manager)–based installation, wires npm-dependent extensions (codex, gemini) to use the new global npm, and simplifies their test scripts to use a standard non-login shell while removing now-obsolete pixi/npm user snippet and spec files.

Class diagram for updated Npm extension configuration

classDiagram
    class SimpleRockerExtension

    class Npm {
        +string name
        +tuple depends_on_extension
        +list builder_apt_packages
        +dict empy_args
    }

    SimpleRockerExtension <|-- Npm

    Npm : name = npm
    Npm : depends_on_extension = (curl)
    Npm : builder_apt_packages = [curl, ca-certificates, git]
    Npm : empy_args[NODE_VERSION] = 24.9.0
    Npm : empy_args[NPM_VERSION] = 11.6.1

Loading

File-Level Changes

Change	Details	Files
Change npm installation strategy from pixi/conda-forge to nvm-based installation with configurable Node and npm versions.	Update Npm extension metadata to depend on curl instead of pixi and declare additional required apt packages Introduce templated Dockerfile snippet that builds and caches an nvm-based Node.js installation in a dedicated builder stage Introduce runtime Dockerfile snippet that wires NVM_DIR, NODE_VERSION, and PATH so node and npm are available from the built nvm installation Define default NODE_VERSION and NPM_VERSION via empy arguments for template substitution	deps_rocker/extensions/npm/npm.py deps_rocker/extensions/npm/npm_builder_snippet.Dockerfile deps_rocker/extensions/npm/npm_snippet.Dockerfile
Align codex and gemini extensions to use the global npm CLI installed via the new npm extension.	Add Dockerfile snippets that install the OpenAI Codex CLI and Google Gemini CLI globally via npm with BuildKit cache mounts for npm cache reuse Remove older user snippet Dockerfiles that previously handled per-user npm installs for codex, gemini, and npm	deps_rocker/extensions/codex/codex_snippet.Dockerfile deps_rocker/extensions/gemini/gemini_snippet.Dockerfile deps_rocker/extensions/codex/codex_user_snippet.Dockerfile deps_rocker/extensions/gemini/gemini_user_snippet.Dockerfile deps_rocker/extensions/npm/npm_user_snippet.Dockerfile
Standardize test scripts to non-login bash shells and drop obsolete pixi-based npm install specs.	Update npm, codex, and gemini test scripts to use #!/bin/bash instead of #!/bin/bash -l while keeping set -e behavior Remove pixi-based npm installation plan/spec files that no longer apply to the nvm-based installation flow	deps_rocker/extensions/npm/test.sh deps_rocker/extensions/codex/test.sh deps_rocker/extensions/gemini/test.sh specs/01/npm-pixi-install/plan.md specs/01/npm-pixi-install/spec.md

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• The nvm clone step in npm_builder_snippet.Dockerfile uses git fetch --tags && git checkout v0.40.3 in the cached branch and git checkout v0.40.0 in the fresh-clone branch; these should be made consistent to avoid nondeterministic behavior between builds.
• Node/NPM versions are defined both in Npm.empy_args and hard-coded as ENV NODE_VERSION=24.9.0 in npm_snippet.Dockerfile; consider wiring the Dockerfile snippet to use the template variables to prevent version drift.
• Given that builder_apt_packages for the npm extension already includes git, you may be able to drop the explicit apt-get install git in npm_builder_snippet.Dockerfile to avoid duplication unless there is a build-stage–specific reason for re-installing it.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The nvm clone step in `npm_builder_snippet.Dockerfile` uses `git fetch --tags && git checkout v0.40.3` in the cached branch and `git checkout v0.40.0` in the fresh-clone branch; these should be made consistent to avoid nondeterministic behavior between builds.
- Node/NPM versions are defined both in `Npm.empy_args` and hard-coded as `ENV NODE_VERSION=24.9.0` in `npm_snippet.Dockerfile`; consider wiring the Dockerfile snippet to use the template variables to prevent version drift.
- Given that `builder_apt_packages` for the npm extension already includes `git`, you may be able to drop the explicit `apt-get install git` in `npm_builder_snippet.Dockerfile` to avoid duplication unless there is a build-stage–specific reason for re-installing it.

## Individual Comments

### Comment 1
<location> `deps_rocker/extensions/npm/npm.py:11-13` </location>
<code_context>
+    depends_on_extension = ("curl",)
+    builder_apt_packages = ["curl", "ca-certificates", "git"]
+
+    empy_args = {
+        "NODE_VERSION": "24.9.0",
+        "NPM_VERSION": "11.6.1",
+    }
</code_context>

<issue_to_address>
**suggestion:** Clarify usage of `NPM_VERSION` and keep node/npm versions sourced from a single place.

`NPM_VERSION` is defined but not used in the Dockerfiles, so npm will default to the version bundled with Node. If you intend to pin npm, please pass this through to the Dockerfiles (e.g., `npm install -g npm@${NPM_VERSION}`); otherwise, remove `NPM_VERSION` to avoid confusion. Likewise, `NODE_VERSION` is defined here but the runtime snippet hardcodes `ENV NODE_VERSION=24.9.0`; it would be more robust to source that value from `empy_args` to prevent version drift.

Suggested implementation:

```python
class Npm(SimpleRockerExtension):
    """Install Node and npm using nvm (Node Version Manager).

    The Node and npm versions are controlled via ``empy_args`` and should be
    treated as the single source of truth for the Docker templates.
    """

    name = "npm"
    depends_on_extension = ("curl",)
    builder_apt_packages = ["curl", "ca-certificates", "git"]

    # These values are consumed by the builder/runtime Dockerfile templates.
    # Do not hardcode Node/npm versions in the templates; instead, reference
    # these variables (e.g. NODE_VERSION, NPM_VERSION).
    empy_args = {
        "NODE_VERSION": "24.9.0",
        "NPM_VERSION": "11.6.1",
    }

```

To fully implement your review comment, the following changes are also needed in the Docker/empy templates (filenames may differ slightly in your repo):

1. In the *runtime* Docker snippet for this extension (e.g. `deps_rocker/extensions/npm/Dockerfile.npm.runtime.em`):
   - Replace any hardcoded `ENV NODE_VERSION=24.9.0` (or similar) with a reference to the `NODE_VERSION` template variable, e.g.:
     - `ENV NODE_VERSION=@NODE_VERSION@` or `${NODE_VERSION}` depending on your existing empy/template style.
   - Ensure the Node install step uses that template variable instead of a literal version.

2. If you intend to pin npm:
   - In the same runtime/builder Docker template, after Node is installed, add:
     - `RUN npm install -g npm@${NPM_VERSION}` (or the equivalent in your template language, referencing the `NPM_VERSION` variable from `empy_args`).
   - If you choose *not* to pin npm, remove `"NPM_VERSION": "11.6.1",` from `empy_args` above instead, and update any references accordingly.

3. Verify that whatever mechanism wires `empy_args` into the Docker/empy templates correctly exposes `NODE_VERSION` and `NPM_VERSION` variables; if not, adjust that wiring so the templates see these values.
</issue_to_address>

### Comment 2
<location> `deps_rocker/extensions/npm/npm_builder_snippet.Dockerfile:18-21` </location>
<code_context>
+# Clone nvm from git with caching
+RUN --mount=type=cache,target=/tmp/nvm-git-cache,id=nvm-git-cache \
+    bash -c "set -e && \
+    if [ -d /tmp/nvm-git-cache/.git ]; then \
+        cd /tmp/nvm-git-cache && git fetch --tags && git checkout v0.40.3; \
+    else \
+        git clone https://github.com/nvm-sh/nvm.git /tmp/nvm-git-cache && \
+        cd /tmp/nvm-git-cache && git checkout v0.40.0; \
+    fi && \
</code_context>

<issue_to_address>
**issue (bug_risk):** Align the nvm tag between the cache-hit and fresh-clone paths.

Using v0.40.3 in the cache-hit path and v0.40.0 in the fresh-clone path means builds can produce different environments depending on cache state. Please use the same tag in both branches, ideally defined once (e.g., as a build arg or variable) to prevent future drift.
</issue_to_address>

### Comment 3
<location> `deps_rocker/extensions/npm/npm_snippet.Dockerfile:2-4` </location>
<code_context>
+
+ENV NODE_VERSION=24.9.0
+# Install nvm, node and npm
+ENV NVM_DIR=/usr/local/nvm
</code_context>

<issue_to_address>
**suggestion (bug_risk):** Avoid hardcoding NODE_VERSION in the runtime snippet to prevent drift from the builder configuration.

The builder uses `ARG NODE_VERSION=@NODE_VERSION@` with `NODE_VERSION` defined in `empy_args`, but this runtime snippet hardcodes `ENV NODE_VERSION=24.9.0`. If the version is updated in `empy_args` but not here, PATH will reference the wrong Node version. Please derive this `ENV` from the same `NODE_VERSION` value (e.g., via empy substitution) so there’s a single source of truth.

```suggestion
ENV NODE_VERSION=@NODE_VERSION@
# Install nvm, node and npm
ENV NVM_DIR=/usr/local/nvm
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Align the nvm tag between the cache-hit and fresh-clone paths.

Using v0.40.3 in the cache-hit path and v0.40.0 in the fresh-clone path means builds can produce different environments depending on cache state. Please use the same tag in both branches, ideally defined once (e.g., as a build arg or variable) to prevent future drift.

[sourcery-ai]

suggestion (bug_risk): Avoid hardcoding NODE_VERSION in the runtime snippet to prevent drift from the builder configuration.

The builder uses ARG NODE_VERSION=@NODE_VERSION@ with NODE_VERSION defined in empy_args, but this runtime snippet hardcodes ENV NODE_VERSION=24.9.0. If the version is updated in empy_args but not here, PATH will reference the wrong Node version. Please derive this ENV from the same NODE_VERSION value (e.g., via empy substitution) so there’s a single source of truth.

Suggested change

	ENV NODE_VERSION=24.9.0
	# Install nvm, node and npm
	ENV NVM_DIR=/usr/local/nvm
	ENV NODE_VERSION=@NODE_VERSION@
	# Install nvm, node and npm
	ENV NVM_DIR=/usr/local/nvm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 66.69%. Comparing base (74c8c05) to head (f770044).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #167      +/-   ##
==========================================
+ Coverage   66.63%   66.69%   +0.05%     
==========================================
  Files          41       41              
  Lines        1232     1234       +2     
==========================================
+ Hits          821      823       +2     
  Misses        411      411              

Files with missing lines	Coverage Δ
deps_rocker/extensions/npm/npm.py	100.00% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.