copaw-docker/Dockerfile at main · log-z/copaw-docker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# ==================== QwenPaw Docker 镜像 ====================
#
# 构建参数说明:
#   QWENPAW_VERSION  - QwenPaw 版本 (默认: latest)
#   QWENPAW_EXTRAS   - 可选扩展，用逗号分隔 (例如: llamacpp,mlx,ollama)
#
# 使用示例:
#   # 基础镜像（仅云端模型，包含 Node.js 用于 MCP）
#   docker build --build-arg QWENPAW_VERSION=latest -t qwenpaw:latest .
#
#   # 带本地模型支持 (llama.cpp)
#   docker build --build-arg QWENPAW_VERSION=latest --build-arg QWENPAW_EXTRAS=llamacpp -t qwenpaw:local .
#
#   # 带多个本地模型支持
#   docker build --build-arg QWENPAW_EXTRAS=llamacpp,ollama -t qwenpaw:full .
#
# 注意:
#   - 本地模型支持会显著增加镜像大小，请按需选择
#   - Node.js 24.x LTS 已预装用于 MCP 功能，约增加 150MB

# ==================== 构建阶段 ====================
FROM python:3.13-slim AS builder

# 设置构建参数
ARG QWENPAW_VERSION="latest"
ARG QWENPAW_EXTRAS=""

# 设置工作目录
WORKDIR /build

# 安装构建依赖和升级 pip
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        gcc \
        g++ \
        && rm -rf /var/lib/apt/lists/* \
    && python -m pip install --no-cache-dir --upgrade pip setuptools wheel

# 安装 QwenPaw 及其依赖（支持动态版本指定和扩展）
RUN if [ "$QWENPAW_VERSION" = "latest" ]; then \
      if [ -z "$QWENPAW_EXTRAS" ]; then \
        pip install --no-cache-dir qwenpaw; \
      else \
        pip install --no-cache-dir "qwenpaw[$QWENPAW_EXTRAS]"; \
      fi \
    else \
      if [ -z "$QWENPAW_EXTRAS" ]; then \
        pip install --no-cache-dir qwenpaw==${QWENPAW_VERSION}; \
      else \
        pip install --no-cache-dir "qwenpaw[$QWENPAW_EXTRAS]==${QWENPAW_VERSION}"; \
      fi \
    fi

# ==================== 运行阶段 ====================
FROM python:3.13-slim

# 重新声明构建参数，使其可用于 LABEL
ARG QWENPAW_VERSION="latest"

# 设置标签
LABEL maintainer="log-z@github.com"
LABEL description="QwenPaw - Personal Assistant based on AgentScope"
LABEL version="${QWENPAW_VERSION}"

# 设置环境变量
ENV PYTHONUNBUFFERED=1 \
    PYTHONDONTWRITEBYTECODE=1 \
    PIP_NO_CACHE_DIR=1 \
    PIP_DISABLE_PIP_VERSION_CHECK=1 \
    # QwenPaw 特定环境变量
    QWENPAW_WORKING_DIR="/data/qwenpaw" \
    QWENPAW_CONFIG_FILE="config.json" \
    QWENPAW_LOG_LEVEL="INFO" \
    QWENPAW_RUNNING_IN_CONTAINER=1 \
    QWENPAW_PORT=8088 \
    TZ=Asia/Shanghai

# 创建非 root 用户（在安装软件之前创建，避免 GID 被占用）
# 固定 UID/GID 为 999
RUN groupadd -r -g 999 qwenpaw && \
    useradd -r -u 999 -g 999 -d /data/qwenpaw -s /sbin/nologin -c "QwenPaw user" qwenpaw

# 安装运行时依赖
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        curl \
        ca-certificates \
        && rm -rf /var/lib/apt/lists/*

# 安装 Node.js 24.x LTS (用于 MCP 功能支持) 并升级 npm 修复漏洞
RUN install -m 0755 -d /etc/apt/keyrings && \
    curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key -o /etc/apt/keyrings/nodesource.gpg && \
    echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_24.x nodistro main" > /etc/apt/sources.list.d/nodesource.list && \
    apt-get update && \
    apt-get install -y --no-install-recommends nodejs && \
    npm install -g npm@latest && \
    npm cache clean --force && \
    rm -rf /var/lib/apt/lists/*

# 安装 Chromium 及依赖（无头模式，用于 MCP 浏览器功能）
RUN apt-get update && \
    apt-get install -y --no-install-recommends \
        chromium \
        chromium-driver \
        fonts-liberation \
        fonts-noto-color-emoji \
        fonts-wqy-zenhei \
        fonts-wqy-microhei \
        && rm -rf /var/lib/apt/lists/* \
        && sed -i 's/^CHROMIUM_FLAGS=""/CHROMIUM_FLAGS="--no-sandbox"/' /usr/bin/chromium

# 设置 Chromium 相关环境变量
ENV CHROME_BIN=/usr/bin/chromium \
    CHROME_PATH=/usr/bin/chromium \
    PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium \
    PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD=1

# 从构建阶段复制 Python 包
COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin

# 通过软链接实现持久化设置和备份
# SECRET_DIR: {WORKING_DIR}.secret → 卷内 .runtime 目录
# BACKUP_DIR: {WORKING_DIR}.backups → 卷内 .backups 目录
RUN mkdir -p /data/qwenpaw/.runtime /data/qwenpaw/.backups && \
    ln -sf /data/qwenpaw/.runtime /data/qwenpaw.secret && \
    ln -sf /data/qwenpaw/.backups /data/qwenpaw.backups

# 兼容旧版 CoPaw 命名（因为从 v1.1.0 开始 CoPaw 改名为 QwenPaw）
RUN ln -sf /usr/local/bin/qwenpaw /usr/local/bin/copaw && \
    ln -sf /usr/local/lib/python3.13/site-packages/qwenpaw /usr/local/lib/python3.13/site-packages/copaw && \
    ln -sf /data/qwenpaw /data/copaw && \
    ln -sf /data/qwenpaw/.runtime /data/copaw.secret

# 设置目录所有权
RUN chown -R qwenpaw:qwenpaw /usr/local/lib/python3.13/site-packages/qwenpaw && \
    chown -R qwenpaw:qwenpaw /data/qwenpaw

# 设置工作目录
WORKDIR /data/qwenpaw

# 复制启动脚本和健康检查脚本
COPY --chown=qwenpaw:qwenpaw scripts/entrypoint.sh /usr/local/bin/entrypoint.sh
COPY --chown=qwenpaw:qwenpaw scripts/healthcheck.sh /usr/local/bin/healthcheck.sh
COPY --chown=qwenpaw:qwenpaw scripts/migrate-legacy-dir.sh /usr/local/bin/migrate-legacy-dir.sh

# 设置脚本权限
RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/healthcheck.sh /usr/local/bin/migrate-legacy-dir.sh

# 切换到非 root 用户
USER qwenpaw

# 暴露端口
EXPOSE 8088

# 设置数据卷
VOLUME ["/data/qwenpaw"]

# 入口点
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

# 默认命令（监听所有网络接口，使用 QWENPAW_PORT 环境变量）
CMD ["sh", "-c", "qwenpaw app --host 0.0.0.0 --port ${QWENPAW_PORT}"]