123 lines
6.6 KiB
Docker
123 lines
6.6 KiB
Docker
# KollectAI CI - Frontend Builder Image
|
|
#
|
|
# Pre-baked build environment for SvelteKit frontend CI jobs and
|
|
# protobuf TypeScript code generation.
|
|
# Contains: Node.js, pnpm, buf CLI, @bufbuild/protoc-gen-es plugin
|
|
# (global so buf 'local: protoc-gen-es' resolves via PATH), Playwright
|
|
# (chromium browser binary + system deps), ORAS CLI, common build tools.
|
|
#
|
|
# Build:
|
|
# docker build -t 192.168.1.72/kollect-tools/ci/frontend-builder:latest ci/frontend-builder/
|
|
#
|
|
# Usage in CI:
|
|
# container:
|
|
# image: 192.168.1.72/kollect-tools/ci/frontend-builder:latest
|
|
|
|
ARG NODE_MAJOR=24
|
|
FROM node:${NODE_MAJOR}-bookworm-slim
|
|
|
|
ARG PNPM_VERSION=10.15.0
|
|
ARG BUF_VERSION=1.55.0
|
|
# Pin protoc-gen-es to a known-good version. The KollectAI-ETL CI
|
|
# workflow doesn't actually use this global install (it does
|
|
# `pnpm install` from proto/ to pick up the lockfile-pinned version)
|
|
# but we still bake it for ad-hoc use inside the container.
|
|
ARG PROTOC_GEN_ES_VERSION=2.12.0
|
|
ARG ORAS_VERSION=1.2.2
|
|
# Pin Playwright in lockstep with frontend/svelte/package.json's
|
|
# @playwright/test version. If the project uses a different patch level,
|
|
# Playwright re-downloads the right browser at runtime; matching here
|
|
# means CI hits the prebaked browser cache and skips the download.
|
|
ARG PLAYWRIGHT_VERSION=1.59.1
|
|
|
|
# Install Playwright browsers under a known global path so they survive
|
|
# across containers and so `pnpm exec playwright install` reuses them.
|
|
ENV PLAYWRIGHT_BROWSERS_PATH=/ms-playwright
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# System dependencies (Playwright chromium runtime libs included so the
|
|
# browser launches without `playwright install --with-deps`)
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
ca-certificates \
|
|
curl \
|
|
git \
|
|
jq \
|
|
unzip \
|
|
# Playwright chromium runtime libs
|
|
libasound2 \
|
|
libatk1.0-0 \
|
|
libatk-bridge2.0-0 \
|
|
libcups2 \
|
|
libdbus-1-3 \
|
|
libdrm2 \
|
|
libgbm1 \
|
|
libnspr4 \
|
|
libnss3 \
|
|
libxcomposite1 \
|
|
libxdamage1 \
|
|
libxfixes3 \
|
|
libxkbcommon0 \
|
|
libxrandr2 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# pnpm via corepack (ships with Node.js)
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN corepack enable \
|
|
&& corepack prepare "pnpm@${PNPM_VERSION}" --activate
|
|
|
|
# Make pnpm's global-install bin dir authoritative on PATH so `pnpm add -g`
|
|
# installs land in a known location and their binaries resolve without
|
|
# extra setup. (pnpm setup is interactive — this is the non-interactive
|
|
# equivalent.)
|
|
ENV PNPM_HOME=/root/.local/share/pnpm
|
|
ENV PATH="${PNPM_HOME}:${PATH}"
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# buf CLI - single static binary, used for `buf lint` and `buf generate`
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN curl -fsSL "https://github.com/bufbuild/buf/releases/download/v${BUF_VERSION}/buf-Linux-x86_64" \
|
|
-o /usr/local/bin/buf \
|
|
&& chmod +x /usr/local/bin/buf
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# protoc-gen-es - TypeScript codegen plugin for buf 'local:' references.
|
|
# Installed via pnpm into $PNPM_HOME so the binary lands on PATH; buf v2
|
|
# resolves `local: protoc-gen-es` via PATH lookup.
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN pnpm add -g "@bufbuild/protoc-gen-es@${PROTOC_GEN_ES_VERSION}"
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# ORAS CLI - for uploading artifacts (test reports, audit logs) to Harbor
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN curl -fsSL "https://github.com/oras-project/oras/releases/download/v${ORAS_VERSION}/oras_${ORAS_VERSION}_linux_amd64.tar.gz" \
|
|
| tar -xz -C /usr/local/bin oras
|
|
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
# Playwright + chromium browser binary
|
|
#
|
|
# Browsers go to /ms-playwright (PLAYWRIGHT_BROWSERS_PATH set above) so
|
|
# CI's `pnpm exec playwright install chromium` finds the prebaked binary
|
|
# and skips the ~170MB download. System libs are already installed at
|
|
# the top of the file, so we use bare `playwright install chromium`
|
|
# (no --with-deps).
|
|
#
|
|
# `pnpm dlx` is a one-shot — pnpm fetches the package into its store,
|
|
# executes the install command, and cleans up. The browser binary
|
|
# itself persists at PLAYWRIGHT_BROWSERS_PATH, which is the only piece
|
|
# we actually need at runtime.
|
|
# ─────────────────────────────────────────────────────────────────────
|
|
RUN pnpm dlx "playwright@${PLAYWRIGHT_VERSION}" install chromium
|
|
|
|
WORKDIR /workspace
|
|
|
|
# Verify installation
|
|
RUN node --version \
|
|
&& pnpm --version \
|
|
&& buf --version \
|
|
&& protoc-gen-es --version \
|
|
&& oras version \
|
|
&& jq --version \
|
|
&& ls "${PLAYWRIGHT_BROWSERS_PATH}"
|