kunthawat/consentos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
master
consentos/Dockerfile
Kunthawat Greethong 4abb0138e6
Some checks failed
CI / Detect changes (push) Has been cancelled
Details
CI / API Lint (push) Has been cancelled
Details
CI / Admin UI Tests (push) Has been cancelled
Details
CI / API Tests (push) Has been cancelled
Details
CI / Scanner Lint (push) Has been cancelled
Details
CI / Scanner Tests (push) Has been cancelled
Details
CI / Banner Lint & Typecheck (push) Has been cancelled
Details
CI / Banner Tests (push) Has been cancelled
Details
CI / Banner Build (push) Has been cancelled
Details
CI / Admin UI Typecheck (push) Has been cancelled
Details
CI / Admin UI Build (push) Has been cancelled
Details
fix: bake Chromium browser into combined image 
The Dockerfile's builder stage runs 'playwright install chromium' which
downloads Chromium, but the runtime stage never copies the browser cache.
When the scanner service (python -m src.worker) tries to launch Playwright,
it crashes with 'Executable doesn't exist at /root/.cache/ms-playwright/...'

Copy the Playwright browser cache from the builder stage, set
PLAYWRIGHT_BROWSERS_PATH so Playwright finds it, and add the shared
libraries Chromium needs (libnss3, libgbm, etc.).
2026-06-15 23:23:57 +07:00

88 lines
3.4 KiB
Docker
Raw Permalink Blame History

# ── Build stage: Python deps ────────────────────────────────────────────
FROM python:3.12-slim AS builder
WORKDIR /build
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc libpq-dev curl \
&& rm -rf /var/lib/apt/lists/*
COPY apps/api/pyproject.toml ./api/pyproject.toml
COPY apps/scanner/pyproject.toml ./scanner/pyproject.toml
RUN pip install --no-cache-dir --prefix=/install api/.
RUN pip install --no-cache-dir --prefix=/install scanner/. \
&& PYTHONPATH=/install/lib/python3.12/site-packages \
/install/bin/playwright install chromium --with-deps
# ── Build stage: banner bundle ─────────────────────────────────────────
FROM node:20-slim AS banner-builder
WORKDIR /build/banner
COPY apps/banner/package.json apps/banner/package-lock.json ./
RUN npm ci
COPY apps/banner/ .
RUN npm run build
# ── Build stage: admin UI ──────────────────────────────────────────────
FROM node:20-slim AS admin-builder
WORKDIR /build/admin
COPY apps/admin-ui/package.json apps/admin-ui/package-lock.json ./
RUN npm ci
COPY apps/admin-ui/ .
COPY --from=banner-builder /build/banner/dist/ ./public/
RUN npx vite build
# ── Runtime stage ──────────────────────────────────────────────────────
FROM python:3.12-slim
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 postgresql-client curl tini supervisor nginx \
libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdbus-1-3 \
libdrm2 libgbm1 libgtk-3-0 libnspr4 libxcomposite1 libxdamage1 \
libxfixes3 libxrandr2 libxshmfence1 libpango-1.0-0 libcairo2 \
libasound2 libatspi2.0-0 libx11-xcb1 fonts-liberation \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Copy Python deps and Playwright/Chromium browser from builder
COPY --from=builder /install /usr/local
COPY --from=builder /root/.cache/ms-playwright /root/.cache/ms-playwright
# Tell Playwright where to find Chromium (baked from builder)
ENV PLAYWRIGHT_BROWSERS_PATH=/root/.cache/ms-playwright
# Copy application code
COPY apps/api/src ./src
COPY apps/api/alembic ./alembic
COPY apps/api/alembic.ini ./alembic.ini
COPY apps/scanner/src ./src_scanner
RUN if [ -d src_scanner ]; then \
cp -r src_scanner/* src/ 2>/dev/null || true; \
fi
# Copy built Admin UI static files
COPY --from=admin-builder /build/admin/dist /var/www/html
# Copy configs
COPY apps/admin-ui/nginx.conf /etc/nginx/conf.d/default.conf
COPY supervisord.conf /etc/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# Bake defaults that worker/beat/scanner need at runtime into the image
# so EasyPanel deploys and local docker compose behave the same. Values
# can still be overridden at deploy time with environment variables.
RUN { \
echo 'SCANNER_SERVICE_URL=http://127.0.0.1:8001'; \
echo 'PYTHONUNBUFFERED=1'; \
} > /etc/profile.d/consentos.sh
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD curl -f http://localhost/health || exit 1
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/tini", "--", "supervisord", "-c", "/etc/supervisord.conf"]
Reference in New Issue View Git Blame Copy Permalink