fix(docker): 优化基础镜像安装和用户配置

- 精简并使用 --no-install-recommends 以减少无用依赖安装 - 合并创建非root用户和目录设置命令，提升构建效率 - Playwright 安装路径由 .venv 调整为 /app/.venv，确保路径正确 - uv 同步结束后清理缓存，减小镜像体积 - 调整安装依赖注释，明确区分运行时与构建时依赖 - 确保切换用户顺序合理，提升安全性和镜像构建规范
2025-11-09 20:40:51 +08:00
parent dc22011d51
commit 617000ce04
1 changed files with 11 additions and 17 deletions
--- a/kami-spider-monorepo/Dockerfile.base
+++ b/kami-spider-monorepo/Dockerfile.base
@@ -12,15 +12,11 @@ ENV PYTHONUNBUFFERED=1 \
    PYCHARM_DEBUG="false" \
    PYTEST_CURRENT_TEST="false"

-# Install system dependencies for Playwright and build tools
-RUN apt-get update && apt-get install -y \
-    # Build tools
-    gcc \
-    g++ \
-    curl \
-    wget \
-    gnupg \
+# Install system dependencies for Playwright and runtime
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    # Core utilities
    ca-certificates \
+    curl \
    # Playwright runtime dependencies
    fonts-liberation \
    libnss3 \
@@ -36,17 +32,14 @@ RUN apt-get update && apt-get install -y \
    libxfixes3 \
    libcairo2 \
    libpango-1.0-0 \
-    # Cleanup
    && rm -rf /var/lib/apt/lists/*

 # Install UV package manager
 COPY --from=ghcr.io/astral-sh/uv:latest /uv /usr/local/bin/uv

-# Create non-root user with home directory
-RUN groupadd -r appuser && useradd -r -g appuser -d /home/appuser -m appuser
-
-# Set up directories with proper permissions
-RUN mkdir -p /app \
+# Create non-root user with home directory and set up directories
+RUN groupadd -r appuser && useradd -r -g appuser -d /home/appuser -m appuser \
+    && mkdir -p /app \
    && mkdir -p /home/appuser/.cache \
    && chown -R appuser:appuser /app /home/appuser

@@ -65,14 +58,15 @@ RUN if [ "$USE_PROXY" = "1" ]; then \
        uv sync --frozen --no-dev --no-install-project --index-url https://pypi.tuna.tsinghua.edu.cn/simple/; \
    else \
        uv sync --frozen --no-dev --no-install-project; \
-    fi
+    fi && \
+    rm -rf "$UV_CACHE_DIR"

 # Switch back to root user to install Playwright system dependencies
 USER root

 # Install Playwright browsers with dependencies (requires root)
-RUN .venv/bin/playwright install chromium --with-deps && \
-    .venv/bin/playwright install-deps chromium
+RUN /app/.venv/bin/playwright install chromium --with-deps && \
+    /app/.venv/bin/playwright install-deps chromium

 # Switch back to non-root user
 USER appuser