ChatGPT/FastGPT
1
0
Fork 0
mirror of https://github.com/labring/FastGPT.git synced 2026-05-08 01:08:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
539f37f1b286e3d00d7ac99bc7c08495c1c17f97
FastGPT/projects/code-sandbox/Dockerfile
T
Archer 109a1f1898 perf: codex-sandbox check (#6851) 
* perf: codex-sandbox check

* perf: codex sandbox

* fix: build

* add log in httperror

* perf: sandbox

* package version
2026-04-29 14:53:45 +08:00

80 lines
2.8 KiB
Docker
Raw Blame History

# --------- Build Stage -----------
FROM node:24-alpine AS builder
WORKDIR /app
ARG proxy
# 安装 pnpm
RUN npm install -g pnpm@10.33.2
# 复制 workspace 配置和依赖包
COPY pnpm-lock.yaml pnpm-workspace.yaml package.json tsconfig.json ./
COPY packages/global ./packages/global
COPY packages/service ./packages/service
COPY sdk ./sdk
COPY projects/code-sandbox/ ./projects/code-sandbox/
RUN [ -z "$proxy" ] || sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
RUN apk add --no-cache curl ca-certificates && update-ca-certificates
# 安装所有依赖(包括 devDependencies 用于编译)
RUN if [ -z "$proxy" ]; then \
pnpm install --frozen-lockfile --ignore-scripts; \
else \
pnpm install --frozen-lockfile --ignore-scripts --registry=https://registry.npmmirror.com; \
fi
# 先构建 SDK workspace 包,确保 dist 入口可被打包工具解析
RUN pnpm --filter @fastgpt-sdk/logger --filter @fastgpt-sdk/otel --filter @fastgpt-sdk/storage build
# 编译主入口文件
RUN cd /app/projects/code-sandbox && pnpm build
# ===== Runner Stage =====
FROM node:24-alpine AS runner
WORKDIR /app/code-sandbox
ARG proxy
RUN [ -z "$proxy" ] || sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
# 安装 pnpm(用于 runner 阶段安装 prod 依赖)
RUN npm install -g pnpm@10.33.2
# 复制编译产物(index/worker 已 bundle 自身静态依赖,自包含)
COPY --from=builder /app/projects/code-sandbox/dist /app/code-sandbox
# 安装 worker 运行时白名单模块
# worker 通过 safeRequire(name) 按用户白名单动态加载(lodash/dayjs/moment/uuid/crypto-js/qs),
# 这是变量调用,bundler 无法静态分析,必须在 runner 中以 node_modules 形式存在。
# 单独的 runtime.package.json 与主 package.json 解耦,避免 catalog: 引用无法解析。
COPY projects/code-sandbox/runtime.package.json ./package.json
RUN if [ -z "$proxy" ]; then \
pnpm install --prod --no-frozen-lockfile --ignore-scripts; \
else \
pnpm install --prod --no-frozen-lockfile --ignore-scripts --registry=https://registry.npmmirror.com; \
fi && \
pnpm store prune || true
# 安装 Python、依赖包及工具
RUN apk add --no-cache python3 py3-pip libffi util-linux && \
apk add --no-cache --virtual .build-deps gcc g++ musl-dev python3-dev libffi-dev
COPY projects/code-sandbox/requirements.txt /tmp/requirements.txt
RUN pip3 install --no-cache-dir --break-system-packages -r /tmp/requirements.txt && \
rm /tmp/requirements.txt && \
apk del .build-deps
# 创建非 root 用户运行沙箱
RUN addgroup -S sandbox && adduser -S sandbox -G sandbox && \
chown -R sandbox:sandbox /app
USER sandbox
ENV NODE_ENV=production
ENV SANDBOX_PORT=3000
EXPOSE 3000
CMD ["node", "/app/code-sandbox/index.js"]
Reference in New Issue View Git Blame Copy Permalink