Update Dockerfile.n8n to use n8n version 1.109.2 and install additional packages

[anatolyshipitz]

• Upgraded base image from n8nio/n8n:1.89.2 to n8nio/n8n:1.109.2.
• Added installation of showdown and slackify-markdown packages with specified versions.
• Combined package installations into a single layer for efficiency.
• Configured external modules allowlist for Code/Function nodes.

These changes enhance the n8n environment by ensuring compatibility with newer package versions and improving the installation process.

Summary by CodeRabbit

• New Features
  • Container now exposes a health endpoint for monitoring and automated recovery.
• Chores
  • Base runtime image updated to a newer n8n release with upstream fixes and improvements.
• Refactor
  • Container runs as a non-root user and uses a standardized working directory for improved security and stability.

[coderabbitai]

Warning

Rate limit exceeded

@anatolyshipitz has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 41 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between f1d6951 and c9051e3.

📒 Files selected for processing (1)

• Dockerfile.n8n (3 hunks)

Walkthrough

Updates the n8n Dockerfile: bumps base image to n8nio/n8n:1.109.2, switches npm installs to global with --legacy-peer-deps/--no-workspaces/--unsafe-perm, removes chown/local-prefix install, adds WORKDIR /home/node, USER node, and a HEALTHCHECK probing /healthz.

Changes

Cohort / File(s)

Summary of Changes

Dockerfile changes Dockerfile.n8n

- Base image: n8nio/n8n:1.89.2 → n8nio/n8n:1.109.2. - apk add git pin updated/adjusted. - npm install changed from local-prefix to global -g with --legacy-peer-deps --no-workspaces --unsafe-perm (packages like showdown, slackify-markdown installed globally). - Removed post-install chown and local-prefix paths. - Added WORKDIR /home/node and USER node. - Added HEALTHCHECK that probes http://0.0.0.0:${N8N_PORT}/healthz. - Minor formatting/newline hygiene.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Builder as Docker Build
  participant Image as n8n Image
  participant Container as Runtime Container
  participant N8N as n8n Process
  participant HC as Docker Healthcheck

  Builder->>Image: FROM n8nio/n8n:1.109.2
  Builder->>Image: apk add git (updated pin)
  Builder->>Image: npm i -g showdown slackify-markdown --legacy-peer-deps --no-workspaces --unsafe-perm
  Builder->>Image: WORKDIR /home/node
  Builder->>Image: USER node
  Builder->>Image: HEALTHCHECK CMD wget .../healthz

  Image->>Container: docker run
  Container->>N8N: start n8n (runs as node user)
  loop periodic
    HC->>Container: GET /healthz
    Container-->>HC: 200 OK / error
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• #65293: Update Dockerfile.n8n to install additional npm packages for markdown… #98 — Modifies Dockerfile.n8n to install markdown-related npm packages and adjusts Docker-level module installation/visibility.
• Refactor Dockerfile.n8n for improved npm package installation and env… #100 — Similar Dockerfile.n8n changes: global npm install, HEALTHCHECK, and switching runtime user to node.

Suggested reviewers

• killev

Poem

I hopped through layers, neat and spry,
Bumped the base and set health by,
Global packages snug and sound,
A WORKDIR burrow, node no longer crowned.
Thump-thump—containers wake, all green inside 🐇

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch issue/fix-docker-build

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore or @coderabbit ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile.n8n (1)

26-28: Healthcheck will 404 by default and may not expand ${N8N_PORT} at runtime — set enabling env and a default.

• /healthz is disabled unless QUEUE_HEALTH_CHECK_ACTIVE=true (metrics optional).
• N8N_PORT is only an ARG; if not provided as an ENV at runtime, the command expands to an empty port. Provide a runtime default and enable the endpoint.

Apply:

 ARG N8N_PORT=5678
+ENV N8N_PORT=${N8N_PORT}
+ENV QUEUE_HEALTH_CHECK_ACTIVE=true

 HEALTHCHECK --interval=30s --timeout=10s --retries=3 --start-period=30s \
-  CMD ["/bin/sh", "-c", "wget -q --spider http://0.0.0.0:${N8N_PORT}/healthz || exit 1"]
+  CMD ["/bin/sh", "-c", "wget -q --spider http://127.0.0.1:${N8N_PORT:-5678}/healthz || exit 1"]

Docs: health endpoints and enabling flags. (docs.n8n.io)

🧹 Nitpick comments (1)

Dockerfile.n8n (1)

33-35: Minor: simplify EXPOSE and remove self-referential comment.

EXPOSE is metadata; using a literal helps avoid build-time vs runtime confusion. The trailing comment adds little.

-EXPOSE ${N8N_PORT}
-# The entrypoint script is already defined in the base image
-# Don't override the CMD
+EXPOSE 5678

📜 Review details

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 54060c0 and 558714a.

📒 Files selected for processing (1)

• Dockerfile.n8n (3 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

Dockerfile.{n8n,temporal}

📄 CodeRabbit inference engine (.cursor/rules/docker-configuration.mdc)

Custom Docker images must be defined using Dockerfile.n8n and Dockerfile.temporal, each extending their respective official base images with custom configurations

Files:

• Dockerfile.n8n

Dockerfile.n8n

📄 CodeRabbit inference engine (.cursor/rules/project-structure.mdc)

Use Dockerfile.n8n for custom n8n image configuration.

Files:

• Dockerfile.n8n

🧠 Learnings (4)

📓 Common learnings

Learnt from: CR
PR: speedandfunction/automatization#0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-07-28T16:44:50.073Z
Learning: Applies to Dockerfile.n8n : Use Dockerfile.n8n for custom n8n image configuration.

Learnt from: anatolyshipitz
PR: speedandfunction/automatization#93
File: Dockerfile.n8n:7-9
Timestamp: 2025-08-10T17:34:18.486Z
Learning: The n8nio/n8n Docker images (including version 1.89.2) are Alpine Linux-based, not Debian-based. Therefore, the correct package manager to use is `apk`, not `apt-get`. Commands like `apk add --no-cache git` are appropriate for installing packages in n8nio/n8n Docker images.

Learnt from: CR
PR: speedandfunction/automatization#0
File: .cursor/rules/docker-configuration.mdc:0-0
Timestamp: 2025-07-28T16:44:24.081Z
Learning: Applies to Dockerfile.{n8n,temporal} : Custom Docker images must be defined using Dockerfile.n8n and Dockerfile.temporal, each extending their respective official base images with custom configurations

📚 Learning: 2025-07-28T16:44:50.073Z

Learnt from: CR
PR: speedandfunction/automatization#0
File: .cursor/rules/project-structure.mdc:0-0
Timestamp: 2025-07-28T16:44:50.073Z
Learning: Applies to Dockerfile.n8n : Use Dockerfile.n8n for custom n8n image configuration.

Applied to files:

• Dockerfile.n8n

📚 Learning: 2025-08-10T17:34:18.486Z

Learnt from: anatolyshipitz
PR: speedandfunction/automatization#93
File: Dockerfile.n8n:7-9
Timestamp: 2025-08-10T17:34:18.486Z
Learning: The n8nio/n8n Docker images (including version 1.89.2) are Alpine Linux-based, not Debian-based. Therefore, the correct package manager to use is `apk`, not `apt-get`. Commands like `apk add --no-cache git` are appropriate for installing packages in n8nio/n8n Docker images.

Applied to files:

• Dockerfile.n8n

📚 Learning: 2025-07-28T16:44:24.081Z

Learnt from: CR
PR: speedandfunction/automatization#0
File: .cursor/rules/docker-configuration.mdc:0-0
Timestamp: 2025-07-28T16:44:24.081Z
Learning: Applies to Dockerfile.{n8n,temporal} : Custom Docker images must be defined using Dockerfile.n8n and Dockerfile.temporal, each extending their respective official base images with custom configurations

Applied to files:

• Dockerfile.n8n

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Service Availability Check

🔇 Additional comments (3)

Dockerfile.n8n (3)

1-1: Base image bump looks good — please verify runtime OS and tag availability.

Upgrading to 1.109.2 is sensible. Just confirm the image tag exists in your registry mirror and that the base is still Alpine (apk-compatible) for this tag; n8n has occasionally adjusted image internals across releases.

---

20-22: Allowlist variable name is correct.

NODE_FUNCTION_ALLOW_EXTERNAL is the right env to enable external packages in Code/Function nodes. No change needed.

Reference: n8n configuration example. (docs.n8n.io)

---

23-25: WORKDIR is appropriate.

Setting /home/node aligns with n8n defaults and volume mounts. No change needed.

[github-actions]

🔍 Vulnerabilities of n8n-test:latest

📦 Image Reference n8n-test:latest

digest	sha256:eecf705e6423fbe033d303a96067c68fe43ddeb6c36cf7e3bf903328f6a73054
vulnerabilities
platform	linux/amd64
size	335 MB
packages	1843

📦 Base Image node:22-alpine

also known as	22-alpine3.22 22.19-alpine 22.19-alpine3.22 22.19.0-alpine 22.19.0-alpine3.22 jod-alpine jod-alpine3.22 lts-alpine lts-alpine3.22
digest	sha256:704b199e36b5c1bc505da773f742299dc1ee5a4c70b86d1eb406c334f63253c6
vulnerabilities

openssh 10.0_p1-r7 (apk) pkg:apk/alpine/[email protected]_p1-r7?os_name=alpine&os_version=3.22 Affected range <=10.0_p1-r7 Fixed version Not Fixed EPSS Score 0.005% EPSS Percentile 0th percentile Description

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[killev]

Looks good