mirror of
https://github.com/tiennm99/goclaw.git
synced 2026-06-09 20:13:24 +00:00
viettranx
166 lines
6.6 KiB
Docker
166 lines
6.6 KiB
Docker
# syntax=docker/dockerfile:1
|
|
|
|
# ── Stage 0: Build Web UI (conditional) ──
|
|
FROM node:22-alpine AS web-builder
|
|
RUN corepack enable && corepack prepare pnpm@10.28.2 --activate
|
|
WORKDIR /app
|
|
# Copy .npmrc first so pnpm resolves musl native bindings (needed on Alpine).
|
|
# The lockfile already includes musl entries thanks to supportedArchitectures in .npmrc.
|
|
COPY ui/web/.npmrc ui/web/package.json ui/web/pnpm-lock.yaml ./
|
|
RUN pnpm install --frozen-lockfile
|
|
COPY ui/web/ .
|
|
RUN pnpm build
|
|
|
|
# ── Stage 1: Build Go ──
|
|
FROM golang:1.26-bookworm AS builder
|
|
|
|
WORKDIR /src
|
|
|
|
# Cache dependencies
|
|
COPY go.mod go.sum ./
|
|
RUN go mod download
|
|
|
|
# Copy source
|
|
COPY . .
|
|
|
|
# Build args
|
|
ARG ENABLE_OTEL=false
|
|
ARG ENABLE_TSNET=false
|
|
ARG ENABLE_REDIS=false
|
|
ARG ENABLE_EMBEDUI=false
|
|
ARG VERSION=
|
|
|
|
# Copy web UI dist for embedding (only used when ENABLE_EMBEDUI=true)
|
|
COPY --from=web-builder /app/dist /src/internal/webui/dist
|
|
|
|
# Build static binary (CGO disabled for scratch/alpine compatibility)
|
|
# Version: build arg > VERSION file (auto-generated by Makefile) > "dev"
|
|
RUN set -eux; \
|
|
if [ -z "$VERSION" ] && [ -f VERSION ]; then VERSION=$(cat VERSION); fi; \
|
|
if [ -z "$VERSION" ]; then VERSION="dev"; fi; \
|
|
TAGS=""; \
|
|
if [ "$ENABLE_EMBEDUI" = "true" ]; then TAGS="embedui"; fi; \
|
|
if [ "$ENABLE_OTEL" = "true" ]; then \
|
|
if [ -n "$TAGS" ]; then TAGS="$TAGS,otel"; else TAGS="otel"; fi; \
|
|
fi; \
|
|
if [ "$ENABLE_TSNET" = "true" ]; then \
|
|
if [ -n "$TAGS" ]; then TAGS="$TAGS,tsnet"; else TAGS="tsnet"; fi; \
|
|
fi; \
|
|
if [ "$ENABLE_REDIS" = "true" ]; then \
|
|
if [ -n "$TAGS" ]; then TAGS="$TAGS,redis"; else TAGS="redis"; fi; \
|
|
fi; \
|
|
if [ -n "$TAGS" ]; then TAGS="-tags $TAGS"; fi; \
|
|
CGO_ENABLED=0 GOOS=linux \
|
|
go build -ldflags="-s -w -X github.com/nextlevelbuilder/goclaw/cmd.Version=${VERSION}" \
|
|
${TAGS} -o /out/goclaw . && \
|
|
CGO_ENABLED=0 GOOS=linux \
|
|
go build -ldflags="-s -w" -o /out/pkg-helper ./cmd/pkg-helper
|
|
|
|
# ── Stage 2: Runtime ──
|
|
FROM alpine:3.22
|
|
|
|
ARG ENABLE_SANDBOX=false
|
|
ARG ENABLE_PYTHON=false
|
|
ARG ENABLE_NODE=false
|
|
ARG ENABLE_FULL_SKILLS=false
|
|
ARG ENABLE_CLAUDE_CLI=false
|
|
|
|
# Copy pinned Python deps (cleaned up after install).
|
|
# requirements-base.txt: shared deps for ENABLE_PYTHON and ENABLE_FULL_SKILLS.
|
|
# requirements-skills.txt: additional deps only for ENABLE_FULL_SKILLS.
|
|
COPY docker/requirements-base.txt docker/requirements-skills.txt /tmp/
|
|
|
|
# Install ca-certificates + wget (healthcheck) + optional runtimes.
|
|
# ENABLE_FULL_SKILLS=true pre-installs all skill deps (larger image, no on-demand install needed).
|
|
# Otherwise, skill packages are installed on-demand via the admin UI.
|
|
RUN set -eux; \
|
|
apk add --no-cache ca-certificates wget su-exec; \
|
|
if [ "$ENABLE_SANDBOX" = "true" ]; then \
|
|
apk add --no-cache docker-cli; \
|
|
fi; \
|
|
if [ "$ENABLE_FULL_SKILLS" = "true" ]; then \
|
|
apk add --no-cache python3 py3-pip nodejs npm pandoc github-cli poppler-utils bash; \
|
|
pip3 install --no-cache-dir --break-system-packages \
|
|
-r /tmp/requirements-base.txt -r /tmp/requirements-skills.txt; \
|
|
npm install -g --cache /tmp/npm-cache docx@^9.6.1 pptxgenjs@^4.0.1; \
|
|
rm -rf /tmp/npm-cache /root/.cache /var/cache/apk/*; \
|
|
else \
|
|
if [ "$ENABLE_PYTHON" = "true" ]; then \
|
|
apk add --no-cache python3 py3-pip; \
|
|
pip3 install --no-cache-dir --break-system-packages \
|
|
-r /tmp/requirements-base.txt; \
|
|
fi; \
|
|
if [ "$ENABLE_NODE" = "true" ] || [ "$ENABLE_CLAUDE_CLI" = "true" ]; then \
|
|
apk add --no-cache nodejs npm; \
|
|
fi; \
|
|
fi; \
|
|
if [ "$ENABLE_CLAUDE_CLI" = "true" ]; then \
|
|
npm install -g --cache /tmp/npm-cache @anthropic-ai/claude-code@^2.1.91; \
|
|
rm -rf /tmp/npm-cache; \
|
|
fi; \
|
|
rm -f /tmp/requirements-base.txt /tmp/requirements-skills.txt
|
|
|
|
# Non-root user
|
|
RUN adduser -D -u 1000 -h /app goclaw
|
|
WORKDIR /app
|
|
|
|
# Copy binary, migrations, and bundled skills
|
|
COPY --from=builder /out/goclaw /app/goclaw
|
|
COPY --from=builder /out/pkg-helper /app/pkg-helper
|
|
COPY --from=builder /src/migrations/ /app/migrations/
|
|
COPY --from=builder /src/skills/ /app/bundled-skills/
|
|
COPY docker-entrypoint.sh /app/docker-entrypoint.sh
|
|
|
|
# Fix Windows git clone issues:
|
|
# 1. CRLF line endings in shell scripts (Windows git adds \r)
|
|
# 2. Broken symlinks: On Windows (core.symlinks=false), git creates text files
|
|
# or skips symlinks entirely. Skills like docx/pptx/xlsx need _shared/office
|
|
# module in their scripts/ dir (originally symlinked as scripts/office -> ../../_shared/office).
|
|
RUN set -eux; \
|
|
sed -i 's/\r$//' /app/docker-entrypoint.sh; \
|
|
cd /app/bundled-skills; \
|
|
for skill in docx pptx xlsx; do \
|
|
if [ -d "${skill}/scripts" ] && [ ! -d "${skill}/scripts/office" ]; then \
|
|
rm -f "${skill}/scripts/office"; \
|
|
cp -r _shared/office "${skill}/scripts/office"; \
|
|
fi; \
|
|
done
|
|
|
|
RUN chmod +x /app/docker-entrypoint.sh && \
|
|
chmod 755 /app/pkg-helper && chown root:root /app/pkg-helper
|
|
|
|
# Create data directories.
|
|
# .runtime has split ownership: root owns the dir (so pkg-helper can write apk-packages),
|
|
# while pip/npm subdirs are goclaw-owned (runtime installs by the app process).
|
|
# Symlink .claude → data volume so Claude CLI credentials persist across container recreates.
|
|
RUN mkdir -p /app/workspace /app/data/.runtime/pip /app/data/.runtime/npm-global/lib \
|
|
/app/data/.runtime/pip-cache /app/data/.claude /app/skills /app/tsnet-state /app/.goclaw \
|
|
&& ln -s /app/data/.claude /app/.claude \
|
|
&& touch /app/data/.runtime/apk-packages \
|
|
&& chown -R goclaw:goclaw /app/workspace /app/skills /app/tsnet-state /app/.goclaw \
|
|
&& chown goclaw:goclaw /app/bundled-skills /app/data \
|
|
&& chown root:goclaw /app/data/.runtime /app/data/.runtime/apk-packages \
|
|
&& chmod 0750 /app/data/.runtime \
|
|
&& chmod 0640 /app/data/.runtime/apk-packages \
|
|
&& chown -R goclaw:goclaw /app/data/.runtime/pip /app/data/.runtime/npm-global /app/data/.runtime/pip-cache /app/data/.claude
|
|
|
|
# Default environment
|
|
ENV GOCLAW_CONFIG=/app/config.json \
|
|
GOCLAW_WORKSPACE=/app/workspace \
|
|
GOCLAW_DATA_DIR=/app/data \
|
|
GOCLAW_SKILLS_DIR=/app/skills \
|
|
GOCLAW_MIGRATIONS_DIR=/app/migrations \
|
|
GOCLAW_HOST=0.0.0.0 \
|
|
GOCLAW_PORT=18790
|
|
|
|
# Entrypoint runs as root to install persisted packages and start pkg-helper,
|
|
# then drops to goclaw user via su-exec before starting the app.
|
|
|
|
EXPOSE 18790
|
|
|
|
HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
CMD wget -qO- http://localhost:18790/health || exit 1
|
|
|
|
ENTRYPOINT ["/app/docker-entrypoint.sh"]
|
|
CMD ["serve"]
|