Skip to content

feat: add Bun support #1531

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sujitaw wants to merge 17 commits into
base: main
Choose a base branch
from
Open

feat: add Bun support #1531

Show file tree
Hide file tree
Changes from 12 commits
Commits
Show all changes
17 commits
Select commit Hold shift + click to select a range
29e4b04
feat/update package for bun
sujitaw Dec 4, 2025
5e6a2c3
feat/add bun files
sujitaw Dec 4, 2025
89b5d55
feat/resolve code rabbit comments
sujitaw Dec 4, 2025
fc884d2
feat: implement bun
KambleSahil3 Dec 18, 2025
c3a662c
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
764a872
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
79fd9ce
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
3f50e23
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
34de9a1
feat: implement bun - update docker agent-provisioning
KambleSahil3 Dec 18, 2025
a696931
fix/type errors for bun buld in docker
sujitaw Dec 19, 2025
dcae694
feat: update dockerfiles to use bun instead of pnpm
KambleSahil3 Dec 19, 2025
7f15b01
feat: update dockerfiles to use bun instead of pnpm
KambleSahil3 Dec 19, 2025
3fc3c78
fix: agent-service dockerfile to run bun
KambleSahil3 Dec 19, 2025
dfa8b5e
merge of main
sujitaw Dec 31, 2025
6cb498a
fix:fixing minor issues
shitrerohit Jan 15, 2026
29780a0
merge of main branch
sujitaw May 5, 2026
f41357a
feat/wip
sujitaw Jun 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 21 additions & 26 deletions Dockerfiles/Dockerfile.agent-provisioning
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,57 +1,52 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine AS build
# Install OpenSSL
RUN apk update && apk upgrade
RUN apk add --no-cache openssl
RUN set -eux \
&& apk --no-cache add \
openssh-client \
aws-cli \
docker \
docker-compose \
jq \
&& npm install -g pnpm --ignore-scripts \
&& export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
&& rm -rf /var/cache/apk/*
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
jq
Comment on lines 4 to +12

@coderabbitai coderabbitai Bot Dec 18, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands.

Lines 4-5 are redundant since lines 6-12 perform another apk update && apk upgrade and also install openssl. This creates unnecessary image layers and duplicates the openssl installation.

🔎 Apply this diff to consolidate: 
 # Stage 1: Build the application
 FROM oven/bun:1.1-alpine AS build
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around lines 4 to 12, the first two
RUN lines are redundant because the subsequent RUN repeats apk update && apk
upgrade and installs openssl again; remove the initial two RUN lines and
consolidate into the single RUN that performs apk update && apk upgrade && apk
add --no-cache with the full package list (openssl, openssh-client, aws-cli,
docker, docker-compose, jq) to eliminate duplicate layers and duplicate openssl
installation.


# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install

# Copy the rest of the application code
COPY . .

# Generate Prisma client
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

@coderabbitai coderabbitai Bot Dec 19, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

Verify Node.js availability in the Dockerfile build environment.

Prisma works out of the box with Bun, and Node.js must be installed in the environment where you're running bunx prisma commands. While bunx prisma generate is the official approach, Docker builds with Bun have reported compatibility issues. Ensure your build image includes Node.js, or consider pre-generating the Prisma client locally and shipping it with the image. If using a Bun-only base image (e.g., oven/bun), Node.js installation may be necessary for bunx prisma generate to succeed.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around line 32, the RUN command
calls "bunx prisma generate" but the build image may not have Node.js available
(Bun-only bases can fail), so either ensure Node.js is installed in the image
before this step (install Node runtime + npm/node binaries or use a base image
that includes Node), or avoid running prisma generation in the container by
pre-generating the Prisma client locally and copying the generated client into
the image (or switch the build stage to a Node-based stage to run prisma
generate). Make the change by adding a step to install Node.js (or changing the
base stage) before RUN cd libs/prisma-service && bunx prisma generate, or remove
that RUN and COPY the pre-generated client into the image.

RUN ls -R /app/apps/agent-provisioning/AFJ/

# Build the user service
RUN pnpm run build agent-provisioning
RUN bun --bun run build agent-provisioning

@coderabbitai coderabbitai Bot Dec 18, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Check packageManager configuration
echo "=== Package Manager Configuration ==="
head -20 package.json | grep -A2 '"packageManager"'
echo ""

# Check build-related scripts in package.json
echo "=== Build Scripts ==="
grep -A30 '"scripts"' package.json | grep -i build
echo ""

# Look for Dockerfile and related build context
echo "=== Checking Dockerfile structure ==="
head -50 Dockerfiles/Dockerfile.agent-provisioning
echo ""

# Search for agent-provisioning build configuration
echo "=== Looking for agent-provisioning build config ==="
find . -path ./node_modules -prune -o -name "tsconfig.json" -o -name "nx.json" -o -name "project.json" 2>/dev/null | head -20
echo ""

# Check if there are any build or monorepo configuration files
ls -la | grep -E 'nx\.json|turbo\.json|lerna\.json|pnpm-workspace|workspace' 2>/dev/null
echo ""

# Search for Node-specific APIs in agent-provisioning
echo "=== Searching for Node.js-specific patterns ==="
rg 'process\.(binding|_rawDebug|_tickCallback|env|argv|versions\[|_eval)|require\.extensions|module\._compile|Buffer\.|stream\.|crypto\.|fs\.|path\.|url\.' apps/agent-provisioning --type ts --type js -c 2>/dev/null | head -20

Repository: credebl/platform

Length of output: 1948

🏁 Script executed:

#!/bin/bash
# Get more details about the Node-specific API usage
echo "=== Checking actual imports in agent-provisioning ==="
head -20 apps/agent-provisioning/src/agent-provisioning.service.ts
head -20 apps/agent-provisioning/src/main.ts
head -20 apps/agent-provisioning/src/agent-provisioning.module.ts
echo ""

# Check the actual build script definition
echo "=== Complete package.json scripts section ==="
sed -n '/"scripts"/,/^[[:space:]]*}/p' package.json | grep -E '(build|test)' | head -30
echo ""

# Check if there's a nest config or build config for agent-provisioning
echo "=== NestJS configuration files ==="
find apps/agent-provisioning -maxdepth 2 -name "*.json" -o -name "*.config.*" 2>/dev/null | head -20
echo ""

# Check package.json for agent-provisioning workspace
echo "=== Package.json structure ==="
grep -n '"name"' package.json | head -5
echo ""

# Check if there's a workspace for agent-provisioning
cat pnpm-workspace.yaml

Repository: credebl/platform

Length of output: 4147

🏁 Script executed:

#!/bin/bash
# Check if there's a specific build script for agent-provisioning in its own package.json
echo "=== Checking agent-provisioning package.json if exists ==="
if [ -f "apps/agent-provisioning/package.json" ]; then
  cat apps/agent-provisioning/package.json | grep -A50 '"scripts"' | head -60
else
  echo "No separate package.json in agent-provisioning"
fi
echo ""

# Check the complete tsconfig for agent-provisioning
echo "=== agent-provisioning tsconfig ==="
cat apps/agent-provisioning/tsconfig.app.json
echo ""

# Verify what "build agent-provisioning" command refers to in root package.json
echo "=== Root package.json complete content (around build scripts) ==="
sed -n '1,100p' package.json | grep -A2 '"build"'
echo ""

# Check if there are any Bun-specific configurations
echo "=== Checking for bunfig.toml or bun config ==="
ls -la bunfig.toml bun.config.* 2>/dev/null || echo "No bun config files found"
echo ""

# Check if the Dockerfile.agent-provisioning is the only one or if there's a pattern
echo "=== Checking all Dockerfiles ==="
ls -la Dockerfiles/

Repository: credebl/platform

Length of output: 2038

🏁 Script executed:

#!/bin/bash
# Check if "build agent-provisioning" is a NestJS CLI command or if it's supposed to be "nest build agent-provisioning"
echo "=== Checking NestJS nest-cli.json for project config ==="
if [ -f "nest-cli.json" ]; then
  cat nest-cli.json
else
  echo "No nest-cli.json found"
fi
echo ""

# Check all Dockerfiles to see how other services handle build
echo "=== Comparing build commands across Dockerfiles ==="
grep -h "RUN.*run build\|RUN.*run nest build" Dockerfiles/* 2>/dev/null || echo "No matching build commands found in other Dockerfiles"
echo ""

# Check if there's a workspace or projects configuration
echo "=== Checking tsconfig root ==="
cat tsconfig.json | head -50
echo ""

# Verify the exact bun command syntax - does "bun --bun run build agent-provisioning" work?
echo "=== Checking Bun documentation reference in comments ==="
head -100 Dockerfiles/Dockerfile.agent-provisioning | grep -i "bun\|run\|build"

Repository: credebl/platform

Length of output: 11697

Remove --bun flag from build command to ensure Node.js API compatibility.

The --bun flag forces Bun's native runtime, bypassing Node.js compatibility. The agent-provisioning service uses Node.js-specific APIs (fs, child_process, process.env) and should use Bun's compatibility mode instead. Additionally, this is the only service in the repository using --bun—all others use pnpm run build (the primary package manager per the team's configuration). Change to RUN bun run build agent-provisioning to maintain consistency and compatibility.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around line 36, the build uses "RUN
bun --bun run build agent-provisioning" which forces Bun's native runtime and
breaks Node.js API compatibility; replace the command with "RUN bun run build
agent-provisioning" (or align with other services using "pnpm run build
agent-provisioning" if preferred) so the build runs in Bun's Node-compatibility
mode and matches repository conventions.


# Stage 2: Create the final image
FROM node:18-alpine as prod
FROM oven/bun:1.3-alpine AS prod
# Install OpenSSL
RUN apk update && apk upgrade
RUN apk add --no-cache openssl
RUN set -eux \
&& apk --no-cache add \
openssh-client \
aws-cli \
docker \
docker-compose \
jq \
&& npm install -g pnpm --ignore-scripts \
&& export PATH=$PATH:/usr/lib/node_modules/pnpm/bin \
&& rm -rf /var/cache/apk/*
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
jq
Comment on lines 41 to +49

@coderabbitai coderabbitai Bot Dec 18, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Remove redundant apk commands in prod stage.

Same issue as the build stage: lines 41-42 are redundant since lines 43-49 perform another apk update && apk upgrade and also install openssl.

🔎 Apply this diff to consolidate: 
 # Stage 2: Create the final image
 FROM oven/bun:1.1-alpine AS prod
-# Install OpenSSL
-RUN apk update && apk upgrade
-RUN apk add --no-cache openssl
+# Install required packages
 RUN apk update && apk upgrade && apk add --no-cache \
     openssl \
     openssh-client \
     aws-cli \
     docker \
     docker-compose \
     jq

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-provisioning around lines 41 to 49, the
Dockerfile runs redundant APK commands: lines 41-42 perform "apk update && apk
upgrade" and install openssl, but lines 43-49 repeat "apk update && apk upgrade"
and reinstall openssl along with other packages. Remove the duplicate RUN lines
(41-42) and keep a single consolidated RUN that performs update/upgrade and
installs the full set of packages (openssl, openssh-client, aws-cli, docker,
docker-compose, jq) to avoid extra layers and duplication.


WORKDIR /app

Expand Down Expand Up @@ -80,4 +75,4 @@ RUN chmod 777 /app/agent-provisioning/AFJ/token
COPY libs/ ./libs/

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-provisioning/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-provisioning/main.js"]
38 changes: 19 additions & 19 deletions Dockerfiles/Dockerfile.agent-service
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,45 +1,45 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine AS build

@coderabbitai coderabbitai Bot Dec 19, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

cat Dockerfiles/Dockerfile.agent-service

Repository: credebl/platform

Length of output: 1694

🏁 Script executed:

find . -name "Dockerfile.agent-service" -type f

Repository: credebl/platform

Length of output: 98

Consolidate Bun version and remove pnpm from final stage.

Bun 1.3 is current (latest 1.3.5), but address two critical issues:

  1. Pin Bun version to 1.3.5-alpine in both stages (lines 2, 33) instead of unpinned 1.3-alpine for reproducible builds
  2. Remove pnpm installation from final stage (lines 36-41): The application runs with Bun (see CMD), not pnpm. Installing pnpm contradicts the Bun migration and unnecessarily increases image size
  3. Consolidate redundant openssl in build stage: Lines 4 and 5-9 both install openssl—merge into a single apk add command
🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.agent-service around lines 2 to 41, pin both FROM
lines to oven/bun:1.3.5-alpine (replace unpinned 1.3-alpine at line 2 and the
second stage at line 33) to ensure reproducible builds; remove the pnpm
installation commands in the final stage (lines ~36-41) since the container runs
with Bun and pnpm is unnecessary and inflates image size; and consolidate
duplicate openssl APK installs in the build stage by merging the separate apk
add calls (lines ~4 and ~5-9) into a single apk add that installs all required
packages including openssl.

# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm --ignore-scripts \
&& apk update \
&& apk add openssh-client \
&& apk add aws-cli \
&& apk add docker \
&& apk add docker-compose
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Outdated

RUN npm install -g pnpm
# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install

# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the user service
RUN pnpm run build agent-service
RUN bun --bun run build agent-service

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm --ignore-scripts \
&& apk update \
&& apk add openssh-client \
&& apk add aws-cli \
&& apk add docker \
&& apk add docker-compose
RUN apk update && apk upgrade && apk add --no-cache \
openssl \
openssh-client \
aws-cli \
docker \
docker-compose \

# RUN npm install -g pnpm
# Set the working directory
Expand All @@ -54,4 +54,4 @@ COPY --from=build /app/libs/ ./libs/
COPY --from=build /app/node_modules ./node_modules

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/agent-service/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/agent-service/main.js"]
14 changes: 7 additions & 7 deletions Dockerfiles/Dockerfile.api-gateway
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine as build
Comment thread
coderabbitai[bot] marked this conversation as resolved.
# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm
# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
# COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install
Comment on lines +9 to +18

@coderabbitai coderabbitai Bot May 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop pnpm-workspace.yaml.

Consistent with the other Dockerfiles: pin install to the lockfile and remove the now-redundant pnpm workspace file (workspaces moved to root package.json).

🔧 Proposed fix 
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-# COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
-RUN bun install
+RUN bun install --frozen-lockfile
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
# COPY package-lock.json ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.api-gateway` around lines 9 - 18, Remove the
now-redundant COPY pnpm-workspace.yaml ./ line and pin installs to the lockfile
by changing the install command from RUN bun install to RUN bun install
--frozen-lockfile; specifically, delete the COPY pnpm-workspace.yaml ./ entry
and update the RUN bun install invocation so the build uses the lockfile
consistently.


# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the api-gateway service
RUN pnpm run build api-gateway
RUN bun --bun run build api-gateway

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk add --no-cache openssl

Expand All @@ -41,4 +41,4 @@ COPY --from=build /app/node_modules ./node_modules
# COPY --from=build /app/uploadedFiles ./uploadedFiles

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/api-gateway/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/api-gateway/main.js"]

@coderabbitai coderabbitai Bot May 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | 🏗️ Heavy lift

🧩 Analysis chain

🌐 Web query:

Is NestJS officially supported on the Bun runtime in 2025, including @nestjs/microservicesNATS transport,@nestjs/platform-socket.io, and @nestjs/bull? Any known incompatibilities?

💡 Result:

No, NestJS is not officially supported on the Bun runtime in 2025 or as of 2026-05-06. NestJS maintainers have explicitly stated they focus on Node.js and will not tweak the framework specifically for Bun, though it may work due to Bun's Node.js compatibility claims [1]. Bun maintainers confirm NestJS "works in Bun" for core functionality but advise filing issues for specific library incompatibilities [2]. For the specified packages: - @nestjs/microservices NATS transport: Potential issues with NATS client connections on Bun, including flaky or failed connects reported in open issues [3]. No official compatibility confirmation. - @nestjs/platform-socket.io: Socket.IO requires a Bun-specific engine (@socket.io/bun-engine) for optimal performance with Bun's native HTTP server; standard Node polyfill may cause disconnections [4][5][6]. - @nestjs/bull: No direct incompatibilities found; uses BullMQ which is Node-compatible, but untested specifically on Bun [7][8]. Known incompatibilities include build issues with optional requires (e.g., microservices/websockets) during bundling [9][10], reflector/DI resolution problems [11], dev mode flakiness [12], and runtime differences in crypto/TLS affecting related libs [13][3]. Community reports successful production use with workarounds, but expect testing and potential fixes [14][15]. Official NestJS docs specify Node.js [16][17].

Citations:

Switch to Node runtime or comprehensively test Bun support before shipping.

Using bun --bun to run NestJS is not recommended: NestJS is not officially supported on Bun as of 2026, and its maintainers will not optimize for it. Known incompatibilities include:

  • @nestjs/microservices NATS transport: Flaky or failed connections reported on Bun; no official compatibility.
  • @nestjs/platform-socket.io: Requires Bun-specific @socket.io/bun-engine for stability; standard Node polyfill may cause disconnections.
  • @nestjs/bull: Untested on Bun.

If Bun runtime is intentional, verify the API gateway end-to-end (HTTP + WebSocket, microservice NATS transport, Bull jobs, persistence with PostgreSQL). Otherwise, use node dist/apps/api-gateway/main.js and keep Bun only for build and install steps.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.api-gateway` at line 44, The Docker CMD currently
launches the NestJS API gateway with Bun ("bun --bun
dist/apps/api-gateway/main.js"), which is unsupported; update the Docker CMD so
the runtime uses Node (e.g., replace "bun --bun dist/apps/api-gateway/main.js"
with "node dist/apps/api-gateway/main.js") and keep Bun only for build/install
steps (the earlier bunx prisma commands are fine), or if you intentionally want
Bun, run a comprehensive end-to-end test matrix (HTTP, WebSocket,
`@nestjs/microservices` NATS transport, `@nestjs/platform-socket.io`, `@nestjs/bull`,
Postgres persistence) before shipping and document that decision.

14 changes: 7 additions & 7 deletions Dockerfiles/Dockerfile.cloud-wallet
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# Stage 1: Build the application
FROM node:18-alpine AS build
FROM oven/bun:1.3-alpine AS build
# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm

# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install
Comment on lines +9 to +17

@coderabbitai coderabbitai Bot May 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop the obsolete pnpm-workspace.yaml copy.

Same concerns as Dockerfile.connection: bun install should run with --frozen-lockfile for reproducible images, and pnpm-workspace.yaml is redundant now that the root package.json declares "workspaces".

🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.cloud-wallet` around lines 9 - 17, The Dockerfile
currently copies pnpm-workspace.yaml unnecessarily and runs "bun install"
without locking; remove the "COPY pnpm-workspace.yaml ./" step and change the
"RUN bun install" invocation to use the frozen lock option (i.e., run bun
install --frozen-lockfile) so image builds are reproducible; keep the existing
ENV PUPPETEER_SKIP_DOWNLOAD setting and ensure bun.lock and package.json remain
copied as shown.


# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the user service
RUN pnpm run build cloud-wallet
RUN bun --bun run build cloud-wallet

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine

RUN apk add --no-cache openssl

Expand All @@ -43,4 +43,4 @@ COPY --from=build /app/node_modules ./node_modules


# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/cloud-wallet/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/cloud-wallet/main.js"]
14 changes: 7 additions & 7 deletions Dockerfiles/Dockerfile.connection
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine as build
Comment thread
coderabbitai[bot] marked this conversation as resolved.
# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm
# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install
Comment on lines +9 to +18

@coderabbitai coderabbitai Bot May 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify workspaces are declared in root package.json and pnpm-workspace.yaml is no longer authoritative
rg -nP '"workspaces"' package.json -C2
fd -HI -t f -d 2 '^pnpm-workspace\.yaml$'

Repository: credebl/platform

Length of output: 176

🏁 Script executed:

# Search for references to pnpm-workspace.yaml in the codebase
rg 'pnpm-workspace' --type-list | head -5
rg 'pnpm-workspace' -g '!node_modules' -g '!.git'

# Check the Dockerfile context - look for other Dockerfiles and build configuration
fd -HI -t f -name 'Dockerfile*' | head -20

# Check if --frozen-lockfile is referenced in relation to bun in the repo
rg 'frozen-lockfile|frozen.lock' -t dockerfile

Repository: credebl/platform

Length of output: 2000

🏁 Script executed:

# Get full content of Dockerfile.connection to understand the build context
cat Dockerfiles/Dockerfile.connection

# Check if there's any pnpm reference in Dockerfile.connection
rg 'pnpm' Dockerfiles/Dockerfile.connection

# Verify bun install --frozen-lockfile is correct syntax by checking if it's used elsewhere
rg 'frozen-lockfile' 
rg 'bun install' Dockerfiles/ -A1 -B1

# Check what pnpm-workspace.yaml contains
head -30 pnpm-workspace.yaml

Repository: credebl/platform

Length of output: 5519

🏁 Script executed:

# Verify bun install --frozen-lockfile syntax - check Bun documentation or existing usage
web_search "bun install --frozen-lockfile"

# Also check if there's a bun.lock pattern in any documentation or CI files
rg 'bun.lock' --type-list 2>/dev/null || rg 'bun.lock' -g '*.md' -g '*.yml' -g '*.yaml' -g '*.json'

# Check if there are any CI/build scripts that reference bun with frozen-lockfile
fd -HI -t f \( -name '*.yml' -o -name '*.yaml' -o -name '*.sh' \) | head -20

Repository: credebl/platform

Length of output: 340

🌐 Web query:

bun install --frozen-lockfile syntax and usage

💡 Result:

The syntax for using the --frozen-lockfile flag with bun install is: bun install --frozen-lockfile[1][2] This flag ensures reproducible installs by installing the exact versions of each package specified in the bun.lock lockfile. If the package.json disagrees with the lockfile (e.g., due to version range changes or other mismatches), Bun will exit with an error like "error: lockfile had changes, but lockfile is frozen" and will not update the lockfile[1][3][4]. It is particularly useful in CI/CD environments to verify that the lockfile is up-to-date and committed to version control. The bun.lock must be present and committed for this to work reliably[1]. Equivalent configuration in bunfig.toml: [install] frozenLockfile = true[1] Note: Some past bugs in monorepos or with pruned workspaces could cause false "changes" errors even when the lockfile was unchanged, but official docs confirm the intended behavior[1][3][4][5]. For lockfile-only generation with frozen check during migration: bun install --save-text-lockfile --frozen-lockfile --lockfile-only[6].

Citations:

Add --frozen-lockfile to bun install and remove pnpm-workspace.yaml copy from this Dockerfile.

Two issues in the dependency-install layer:

  1. bun install without --frozen-lockfile may regenerate bun.lock during the image build, breaking reproducibility for CI/CD. The flag ensures the exact versions in the lockfile are installed without modification.
  2. Workspaces are declared in package.json (via the "workspaces" field), making pnpm-workspace.yaml unnecessary for Bun. Copying it creates a misleading dependency on a pnpm-specific file.
🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.connection` around lines 9 - 18, Remove the line that
copies pnpm-workspace.yaml (do not copy pnpm-workspace.yaml into the image) and
modify the dependency install invocation so the RUN bun install command uses the
--frozen-lockfile flag to prevent lockfile regeneration; locate the COPY
pnpm-workspace.yaml statement and the RUN bun install statement in the
Dockerfile (near the PUPPETEER_SKIP_DOWNLOAD ENV) and update accordingly.


# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the connection service
RUN pnpm run build connection
RUN bun --bun run build connection

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk add --no-cache openssl
# RUN npm install -g pnpm
Expand All @@ -44,4 +44,4 @@ COPY --from=build /app/node_modules ./node_modules
#RUN npm i --only=production

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/connection/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/connection/main.js"]
16 changes: 8 additions & 8 deletions Dockerfiles/Dockerfile.geolocation
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine as build
Comment thread
coderabbitai[bot] marked this conversation as resolved.
# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm
# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install
Comment on lines +9 to +18

@coderabbitai coderabbitai Bot May 6, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Use --frozen-lockfile and drop the obsolete pnpm-workspace.yaml copy.

Same as the other service Dockerfiles in this PR. Pin the install to the lockfile and remove the now-redundant pnpm-workspace.yaml (workspaces are in root package.json).

🔧 Proposed fix 
 # Copy package.json and package-lock.json
 COPY package.json ./
 COPY bun.lock ./
-COPY pnpm-workspace.yaml ./
-#COPY package-lock.json ./
 
 ENV PUPPETEER_SKIP_DOWNLOAD=true
 
 # Install dependencies while ignoring scripts (including Puppeteer's installation)
-RUN bun install
+RUN bun install --frozen-lockfile
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
RUN pnpm i --frozen-lockfile --ignore-scripts
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install
# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
ENV PUPPETEER_SKIP_DOWNLOAD=true
# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN bun install --frozen-lockfile
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfiles/Dockerfile.geolocation` around lines 9 - 18, Remove the obsolete
workspace copy and pin installs to the lockfile: delete the COPY
pnpm-workspace.yaml ./ line and update the RUN bun install invocation (the RUN
bun install statement) to use the frozen-lockfile flag (e.g., RUN bun install
--frozen-lockfile) so installs are locked to bun.lock; keep ENV
PUPPETEER_SKIP_DOWNLOAD as-is.


# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the connection service
RUN pnpm run build geo-location
# Build the geo-location service
RUN bun --bun run build geo-location

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk add --no-cache openssl
# RUN npm install -g pnpm
Expand All @@ -44,4 +44,4 @@ COPY --from=build /app/node_modules ./node_modules
#RUN npm i --only=production

# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/geo-location/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/geo-location/main.js"]
14 changes: 7 additions & 7 deletions Dockerfiles/Dockerfile.issuance
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,31 +1,31 @@
# Stage 1: Build the application
FROM node:18-alpine as build
FROM oven/bun:1.3-alpine as build

@coderabbitai coderabbitai Bot Dec 19, 2025

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

Use a specific Bun patch version instead of floating 1.3 tag.

The latest Bun version is v1.3.5, while the Dockerfile uses the generic 1.3 tag. Using a floating minor version tag means the image will auto-update to new patch releases within the 1.3.x series without explicit updates.

For production, pin to a specific patch version (e.g., oven/bun:1.3.5-alpine) for reproducible builds and deliberate version upgrades. Version 1.3.0 had a TLS regression that was resolved in 1.3.2, and 1.3.5 addressed a security issue where default trusted dependencies list could be spoofed.

Also applies to: 28-28

🤖 Prompt for AI Agents 
In Dockerfiles/Dockerfile.issuance around line 2 (and also at line 28), the FROM
uses a floating minor tag "oven/bun:1.3-alpine" which allows automatic patch
upgrades; change it to a pinned patch tag (for example "oven/bun:1.3.5-alpine")
to ensure reproducible builds and explicit upgrades. Update both occurrences to
the chosen specific patch version, rebuild and verify the image works with that
pinned Bun release.

# Install OpenSSL
RUN apk add --no-cache openssl
RUN npm install -g pnpm
# Set the working directory
WORKDIR /app

# Copy package.json and package-lock.json
COPY package.json ./
COPY bun.lock ./
COPY pnpm-workspace.yaml ./
#COPY package-lock.json ./

ENV PUPPETEER_SKIP_DOWNLOAD=true

# Install dependencies while ignoring scripts (including Puppeteer's installation)
RUN pnpm i --ignore-scripts
RUN bun install

# Copy the rest of the application code
COPY . .
# RUN cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate
RUN cd libs/prisma-service && npx prisma generate
RUN cd libs/prisma-service && bunx prisma generate

# Build the issuance service
RUN pnpm run build issuance
RUN bun --bun run build issuance

# Stage 2: Create the final image
FROM node:18-alpine
FROM oven/bun:1.3-alpine
# Install OpenSSL
RUN apk add --no-cache openssl
# RUN npm install -g pnpm
Expand All @@ -43,4 +43,4 @@ COPY --from=build /app/node_modules ./node_modules


# Set the command to run the microservice
CMD ["sh", "-c", "cd libs/prisma-service && npx prisma migrate deploy && npx prisma generate && cd ../.. && node dist/apps/issuance/main.js"]
CMD ["sh", "-c", "cd libs/prisma-service && bunx prisma migrate deploy && bunx prisma generate && cd ../.. && bun --bun dist/apps/issuance/main.js"]
Loading