kunthawat/consentos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
7e6f78e2fafff0b0f7b584cf7ad66a1c2151468a
consentos/Dockerfile
Kunthawat Greethong 7e6f78e2fa
Some checks failed
CI / Scanner Lint (push) Has been cancelled
Details
CI / Scanner Tests (push) Has been cancelled
Details
CI / Detect changes (push) Has been cancelled
Details
CI / API Lint (push) Has been cancelled
Details
CI / API Tests (push) Has been cancelled
Details
CI / Banner Lint & Typecheck (push) Has been cancelled
Details
CI / Banner Tests (push) Has been cancelled
Details
CI / Banner Build (push) Has been cancelled
Details
CI / Admin UI Typecheck (push) Has been cancelled
Details
CI / Admin UI Tests (push) Has been cancelled
Details
CI / Admin UI Build (push) Has been cancelled
Details
fix: include Playwright system deps and Chromium binaries in combined image 
The root Dockerfile's builder stage runs playwright install chromium
--with-deps, but these deps and the browser cache were not persisted
to the runtime stage. The scanner process could never start because
Playwright/Chromium libraries were missing.

Add the same shared-library dependencies that the standalone scanner
Dockerfile lists, copy the Chromium browser cache from the builder,
and set PLAYWRIGHT_BROWSERS_PATH so Playwright finds the browsers.

Fixes the ConnectError: the scanner can now launch Chromium and respond
to scan requests on http://127.0.0.1:8001.
2026-06-15 22:46:02 +07:00

88 lines
3.4 KiB
Docker
Raw Blame History

# ── Build stage: Python deps ────────────────────────────────────────────
FROM python:3.12-slim AS builder
WORKDIR /build
RUN apt-get update && apt-get install -y --no-install-recommends \
gcc libpq-dev curl \
&& rm -rf /var/lib/apt/lists/*
COPY apps/api/pyproject.toml ./api/pyproject.toml
COPY apps/scanner/pyproject.toml ./scanner/pyproject.toml
RUN pip install --no-cache-dir --prefix=/install api/.
RUN pip install --no-cache-dir --prefix=/install scanner/. \
&& PYTHONPATH=/install/lib/python3.12/site-packages \
/install/bin/playwright install chromium --with-deps
# ── Build stage: banner bundle ─────────────────────────────────────────
FROM node:20-slim AS banner-builder
WORKDIR /build/banner
COPY apps/banner/package.json apps/banner/package-lock.json ./
RUN npm ci
COPY apps/banner/ .
RUN npm run build
# ── Build stage: admin UI ──────────────────────────────────────────────
FROM node:20-slim AS admin-builder
WORKDIR /build/admin
COPY apps/admin-ui/package.json apps/admin-ui/package-lock.json ./
RUN npm ci
COPY apps/admin-ui/ .
COPY --from=banner-builder /build/banner/dist/ ./public/
RUN npx vite build
# ── Runtime stage ──────────────────────────────────────────────────────
FROM python:3.12-slim
WORKDIR /app
RUN apt-get update && apt-get install -y --no-install-recommends \
libpq5 postgresql-client curl tini supervisor nginx \
libnss3 libatk1.0-0 libatk-bridge2.0-0 libcups2 libdbus-1-3 \
libdrm2 libgbm1 libgtk-3-0 libnspr4 libxcomposite1 libxdamage1 \
libxfixes3 libxrandr2 libxshmfence1 libpango-1.0-0 libcairo2 \
libasound2 libatspi2.0-0 libx11-xcb1 fonts-liberation \
&& rm -rf /var/lib/apt/lists/* \
&& apt-get clean
# Copy Python deps and Playwright/Chromium browser from builder
COPY --from=builder /install /usr/local
COPY --from=builder /root/.cache/ms-playwright /root/.cache/ms-playwright
# Tell Playwright where to find Chromium (baked from builder)
ENV PLAYWRIGHT_BROWSERS_PATH=/root/.cache/ms-playwright
# Copy application code
COPY apps/api/src ./src
COPY apps/api/alembic ./alembic
COPY apps/api/alembic.ini ./alembic.ini
COPY apps/scanner/src ./src_scanner
RUN if [ -d src_scanner ]; then \
cp -r src_scanner/* src/ 2>/dev/null || true; \
fi
# Copy built Admin UI static files
COPY --from=admin-builder /build/admin/dist /var/www/html
# Copy configs
COPY apps/admin-ui/nginx.conf /etc/nginx/conf.d/default.conf
COPY supervisord.conf /etc/supervisord.conf
COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
# Bake defaults that worker/beat/scanner need at runtime into the image
# so EasyPanel deploys and local docker compose behave the same. Values
# can still be overridden at deploy time with environment variables.
RUN { \
echo 'SCANNER_SERVICE_URL=http://127.0.0.1:8001'; \
echo 'PYTHONUNBUFFERED=1'; \
} > /etc/profile.d/consentos.sh
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
CMD curl -f http://localhost/health || exit 1
ENTRYPOINT ["/entrypoint.sh"]
CMD ["/usr/bin/tini", "--", "supervisord", "-c", "/etc/supervisord.conf"]
Reference in New Issue View Git Blame Copy Permalink