-
Notifications
You must be signed in to change notification settings - Fork 50
Expand file tree
/
Copy pathDockerfile
More file actions
104 lines (87 loc) · 3.43 KB
/
Dockerfile
File metadata and controls
104 lines (87 loc) · 3.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
FROM docker.io/golang:1.25.0 AS server-builder
WORKDIR /workspace/server
# Allow cross-compilation when building with BuildKit platforms
ARG TARGETOS
ARG TARGETARCH
ENV CGO_ENABLED=0
# Go module dependencies first for better layer caching
COPY server/go.mod ./
COPY server/go.sum ./
RUN go mod download
# Copy the rest of the server source and build the binary
COPY server/ .
RUN GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH:-amd64} \
go build -ldflags="-s -w" -o /out/kernel-images-api ./cmd/api
FROM docker.io/ubuntu:22.04
RUN set -xe; \
apt-get -yqq update; \
apt-get -yqq install \
libcups2 \
libnss3 \
libatk1.0-0 \
libnspr4 \
libpango1.0-0 \
libasound2 \
libatspi2.0-0 \
libxdamage1 \
libatk-bridge2.0-0 \
libxkbcommon0 \
libdrm2 \
libxcomposite1 \
libxfixes3 \
libxrandr2 \
libgbm1 \
libnss3; \
apt-get -yqq install \
ca-certificates \
curl \
build-essential \
libssl-dev \
git \
dbus \
dbus-x11 \
xvfb \
x11-utils \
software-properties-common \
supervisor \
libnss3-tools \
unzip;
# Install Envoy proxy and BrightData certificates
COPY shared/envoy/install-proxy.sh /usr/local/bin/install-proxy.sh
RUN chmod +x /usr/local/bin/install-proxy.sh && /usr/local/bin/install-proxy.sh && rm /usr/local/bin/install-proxy.sh
# Copy Envoy configuration files
COPY shared/envoy/bootstrap.yaml /etc/envoy/templates/bootstrap.yaml
# Copy default config to bootstrap.yaml so supervisor can start envoy immediately
COPY shared/envoy/default.yaml /etc/envoy/bootstrap.yaml
COPY shared/envoy/init-envoy.sh /usr/local/bin/init-envoy.sh
RUN chmod +x /usr/local/bin/init-envoy.sh
# install chromium and sqlite3 for debugging the cookies file
RUN add-apt-repository -y ppa:xtradeb/apps
RUN apt update -y && apt install -y chromium sqlite3
# Install FFmpeg (latest static build) for the recording server
RUN set -eux; \
URL="https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz"; \
echo "Downloading FFmpeg static build from $URL"; \
curl -fsSL "$URL" -o /tmp/ffmpeg.tar.xz; \
tar -xJf /tmp/ffmpeg.tar.xz -C /tmp; \
install -m755 /tmp/ffmpeg-*/ffmpeg /usr/local/bin/ffmpeg; \
install -m755 /tmp/ffmpeg-*/ffprobe /usr/local/bin/ffprobe; \
rm -rf /tmp/ffmpeg*
# Remove upower to prevent spurious D-Bus activations and logs
RUN apt-get -yqq purge upower || true && rm -rf /var/lib/apt/lists/*
ENV WITHDOCKER=true
# Create a non-root user with a home directory
RUN useradd -m -s /bin/bash kernel
# Xvfb helper and supervisor-managed start scripts
COPY images/chromium-headless/image/start-chromium.sh /images/chromium-headless/image/start-chromium.sh
COPY images/chromium-headless/image/start-xvfb.sh /images/chromium-headless/image/start-xvfb.sh
RUN chmod +x /images/chromium-headless/image/start-chromium.sh /images/chromium-headless/image/start-xvfb.sh
# Wrapper script set environment
COPY images/chromium-headless/image/wrapper.sh /usr/bin/wrapper.sh
# Supervisord configuration
COPY images/chromium-headless/image/supervisord.conf /etc/supervisor/supervisord.conf
COPY images/chromium-headless/image/supervisor/services/ /etc/supervisor/conf.d/services/
COPY shared/envoy/supervisor-envoy.conf /etc/supervisor/conf.d/services/envoy.conf
# Copy the kernel-images API binary built in the builder stage
COPY --from=server-builder /out/kernel-images-api /usr/local/bin/kernel-images-api
ENTRYPOINT [ "/usr/bin/wrapper.sh" ]