-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathDockerfile.base
More file actions
102 lines (84 loc) · 4.34 KB
/
Dockerfile.base
File metadata and controls
102 lines (84 loc) · 4.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# syntax=docker/dockerfile:1
# ============================================================
# OpenClaw Foundation Image (base)
# ============================================================
FROM debian:bookworm-slim
ARG BROWSER_DEPS=1
ARG APT_MIRROR=deb.debian.org
ARG NODE_VERSION=22
# === Locked tool versions for stability ===
# Update these manually when upgrading tools
# Last updated: 2026-03-16
ARG YQ_VERSION=v4.52.2
ARG JUST_VERSION=1.47.0
ARG GH_VERSION=2.67.0
ARG LAZYGIT_VERSION=0.49.0
ENV DEBIAN_FRONTEND=noninteractive
ENV LANG=zh_CN.UTF-8
ENV LC_ALL=zh_CN.UTF-8
ENV PATH="/usr/local/bin:${PATH}"
# Configure Apt with retries and mirror
RUN echo 'Acquire::Retries "5";' > /etc/apt/apt.conf.d/80-retries && \
printf "deb http://$APT_MIRROR/debian bookworm main contrib non-free non-free-firmware\n\
deb http://$APT_MIRROR/debian-security bookworm-security main contrib non-free\n\
deb http://$APT_MIRROR/debian bookworm-updates main contrib non-free\n" > /etc/apt/sources.list
# Install essential system utilities (including locales for Chinese charset)
RUN apt-get update && apt-get install -y --no-install-recommends \
curl ca-certificates gnupg git jq ripgrep fd-find build-essential pkg-config \
unzip file sqlite3 zip wget procps openssl less vim tree \
fzf zoxide tldr locales && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Generate Chinese locale (UTF-8)
RUN sed -i '/^#.*zh_CN.UTF-8/s/^#//' /etc/locale.gen && \
locale-gen
# Install yq (YAML processor) - locked version with retry
RUN ARCH=$(dpkg --print-architecture) && \
curl --retry 3 --retry-delay 2 -fsSL \
"https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_${ARCH}" \
-o /usr/local/bin/yq && chmod +x /usr/local/bin/yq
# Install just (command runner) - locked version with retry
RUN ARCH=$(dpkg --print-architecture) && \
if [ "$ARCH" = "amd64" ]; then JUST_ARCH="x86_64"; \
elif [ "$ARCH" = "arm64" ]; then JUST_ARCH="aarch64"; \
else JUST_ARCH="${ARCH}"; fi && \
curl --retry 3 --retry-delay 2 -fsSL \
"https://github.com/casey/just/releases/download/${JUST_VERSION}/just-${JUST_VERSION}-${JUST_ARCH}-unknown-linux-musl.tar.gz" \
| tar -xz -C /usr/local/bin just
# Install GitHub CLI - locked version with retry (use .deb for reliability)
RUN ARCH=$(dpkg --print-architecture) && \
curl --retry 3 --retry-delay 2 -fsSL \
"https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_${ARCH}.deb" \
-o /tmp/gh.deb && \
apt-get update && apt-get install -y /tmp/gh.deb && \
rm /tmp/gh.deb && apt-get clean
# Install lazygit - locked version with retry
RUN ARCH=$(dpkg --print-architecture) && \
if [ "$ARCH" = "arm64" ]; then LAZYGIT_ARCH="arm64"; \
else LAZYGIT_ARCH="x86_64"; fi && \
curl --retry 3 --retry-delay 2 -fsSL \
"https://github.com/jesseduffield/lazygit/releases/download/v${LAZYGIT_VERSION}/lazygit_${LAZYGIT_VERSION}_Linux_${LAZYGIT_ARCH}.tar.gz" \
| tar -xz -C /usr/local lazygit
# Install Node.js 22 LTS
RUN mkdir -p /etc/apt/keyrings && \
curl -fsSL "https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key" | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg && \
echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_$NODE_VERSION.x nodistro main" > /etc/apt/sources.list.d/nodesource.list && \
apt-get update && apt-get install -y nodejs && \
npm install -g pnpm@latest && \
apt-get clean && rm -rf /var/lib/apt/lists/*
# Install Bun (global installation)
RUN curl -fsSL https://bun.sh/install | BUN_INSTALL=/usr/local bash
# Install uv (Python package manager)
RUN curl -fsSL https://astral.sh/uv/install.sh | env UV_INSTALL_DIR=/usr/local/bin sh
# notebooklm-py moved to Dockerfile (app layer) for persistence via volume
# Install Browser dependencies (LibreOffice and Playwright need these)
RUN if [ "$BROWSER_DEPS" = "1" ]; then \
apt-get update && apt-get install -y --no-install-recommends \
xvfb libnss3 libatk-bridge2.0-0 libdrm2 libxkbcommon0 \
libgbm1 libasound2 libatspi2.0-0 libxshmfence1 libxcomposite1 libxdamage1 libxfixes3 libxrandr2 \
libdbus-1-3 libgtk-3-0 fonts-liberation fonts-noto-color-emoji && \
apt-get clean && rm -rf /var/lib/apt/lists/*; \
fi
# Create non-root user (Standard UID 1000)
RUN useradd --create-home --shell /bin/bash node || true
WORKDIR /app
CMD ["bash"]