Dockerfile

# ---- Stage 1: Builder ----
FROM docker.io/library/node:20-slim AS builder

# Install git (needed by generate-git-commit-info.js script)
RUN apt-get update && apt-get install -y --no-install-recommends git \
  && apt-get clean && rm -rf /var/lib/apt/lists/*

WORKDIR /build

# Copy only package.json files first for better layer caching
# Dependencies only re-install when package files change, not source files
COPY package*.json ./
COPY packages/cli/package*.json ./packages/cli/
COPY packages/core/package*.json ./packages/core/
COPY packages/vscode-ide-companion/package*.json ./packages/vscode-ide-companion/
COPY packages/vscode-ide-companion/scripts/ ./packages/vscode-ide-companion/scripts/
COPY packages/devtools/package*.json ./packages/devtools/
COPY packages/sdk/package*.json ./packages/sdk/
COPY packages/test-utils/package*.json ./packages/test-utils/
COPY packages/a2a-server/package*.json ./packages/a2a-server/

# Use npm ci for consistent, reliable builds (respects package-lock.json)
RUN HUSKY=0 npm ci --ignore-scripts

# Now copy the rest of the source (after install for better caching)
COPY packages/ ./packages/
COPY tsconfig*.json ./
COPY eslint.config.js ./
COPY scripts/ ./scripts/
COPY esbuild.config.js ./

# Pass git commit hash as build arg instead of copying entire .git directory
ARG GIT_COMMIT=unknown
ENV GIT_COMMIT=$GIT_COMMIT

# Build and pack artifacts
RUN HUSKY=0 npm run build && \
    npm pack -w packages/core --pack-destination packages/core/dist/ && \
    npm pack -w packages/cli --pack-destination packages/cli/dist/

# ---- Stage 2: Runtime ----
FROM docker.io/library/node:20-slim

ARG SANDBOX_NAME="gemini-cli-sandbox"
ARG CLI_VERSION_ARG
ENV SANDBOX="$SANDBOX_NAME"
ENV CLI_VERSION=$CLI_VERSION_ARG

# install minimal set of packages, then clean up
RUN apt-get update && apt-get install -y --no-install-recommends \
  python3 \
  make \
  g++ \
  man-db \
  curl \
  dnsutils \
  less \
  jq \
  bc \
  gh \
  git \
  unzip \
  rsync \
  ripgrep \
  procps \
  psmisc \
  lsof \
  socat \
  ca-certificates \
  && apt-get clean \
  && rm -rf /var/lib/apt/lists/*

# set up npm global package folder under /usr/local/share
# give it to non-root user node, already set up in base image
RUN mkdir -p /usr/local/share/npm-global \
  && chown -R node:node /usr/local/share/npm-global
ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global
ENV PATH=$PATH:/usr/local/share/npm-global/bin

# switch to non-root user node
USER node

# install gemini-cli and clean up
COPY --chown=node:node packages/cli/dist/google-gemini-cli-*.tgz /tmp/gemini-cli.tgz
COPY --chown=node:node packages/core/dist/google-gemini-cli-core-*.tgz /tmp/gemini-core.tgz
RUN npm install -g /tmp/gemini-core.tgz \
  && npm install -g /tmp/gemini-cli.tgz \
  && node -e "const fs=require('node:fs'); JSON.parse(fs.readFileSync('/usr/local/share/npm-global/lib/node_modules/@google/gemini-cli/package.json','utf8')); JSON.parse(fs.readFileSync('/usr/local/share/npm-global/lib/node_modules/@google/gemini-cli-core/package.json','utf8'));" \
  && gemini --version > /dev/null \
  && npm cache clean --force \
  && rm -f /tmp/gemini-{cli,core}.tgz

# default entrypoint when none specified
ENTRYPOINT ["/usr/local/share/npm-global/bin/gemini"]
Fix: make Dockerfile self-contained with multi-stage build (#24277 ) 2026-05-05 01:21:06 +05:30			`# ---- Stage 1: Builder ----`
			`FROM docker.io/library/node:20-slim AS builder`

			`# Install git (needed by generate-git-commit-info.js script)`
			`RUN apt-get update && apt-get install -y --no-install-recommends git \`
			`&& apt-get clean && rm -rf /var/lib/apt/lists/*`

			`WORKDIR /build`

			`# Copy only package.json files first for better layer caching`
			`# Dependencies only re-install when package files change, not source files`
			`COPY package*.json ./`
			`COPY packages/cli/package*.json ./packages/cli/`
			`COPY packages/core/package*.json ./packages/core/`
			`COPY packages/vscode-ide-companion/package*.json ./packages/vscode-ide-companion/`
			`COPY packages/vscode-ide-companion/scripts/ ./packages/vscode-ide-companion/scripts/`
			`COPY packages/devtools/package*.json ./packages/devtools/`
			`COPY packages/sdk/package*.json ./packages/sdk/`
			`COPY packages/test-utils/package*.json ./packages/test-utils/`
			`COPY packages/a2a-server/package*.json ./packages/a2a-server/`

			`# Use npm ci for consistent, reliable builds (respects package-lock.json)`
			`RUN HUSKY=0 npm ci --ignore-scripts`

			`# Now copy the rest of the source (after install for better caching)`
			`COPY packages/ ./packages/`
			`COPY tsconfig*.json ./`
			`COPY eslint.config.js ./`
			`COPY scripts/ ./scripts/`
			`COPY esbuild.config.js ./`

			`# Pass git commit hash as build arg instead of copying entire .git directory`
			`ARG GIT_COMMIT=unknown`
			`ENV GIT_COMMIT=$GIT_COMMIT`

			`# Build and pack artifacts`
			`RUN HUSKY=0 npm run build && \`
			`npm pack -w packages/core --pack-destination packages/core/dist/ && \`
			`npm pack -w packages/cli --pack-destination packages/cli/dist/`

			`# ---- Stage 2: Runtime ----`
Revert "Update package.json in include git dependency on Ink fork." (#11365 ) 2025-10-17 07:48:29 -07:00			`FROM docker.io/library/node:20-slim`
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00
fix(sandbox): set default env var to 'gemini-cli-sandbox' (#620 ) 2025-05-30 18:02:27 +00:00			`ARG SANDBOX_NAME="gemini-cli-sandbox"`
fix version release for Dockerfile build (#1080 ) 2025-06-16 01:13:39 -05:00			`ARG CLI_VERSION_ARG`
fix(sandbox): set default env var to 'gemini-cli-sandbox' (#620 ) 2025-05-30 18:02:27 +00:00			`ENV SANDBOX="$SANDBOX_NAME"`
fix version release for Dockerfile build (#1080 ) 2025-06-16 01:13:39 -05:00			`ENV CLI_VERSION=$CLI_VERSION_ARG`
fix(sandbox): use CMD for default entrypoint (#601 ) 2025-05-29 22:16:39 +00:00
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00			`# install minimal set of packages, then clean up`
			`RUN apt-get update && apt-get install -y --no-install-recommends \`
Fix Build Failure - Build fails in sandbox due to missing build toolchain (#831 ) 2025-06-08 01:04:20 -04:00			`python3 \`
			`make \`
			`g++ \`
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00			`man-db \`
			`curl \`
			`dnsutils \`
			`less \`
			`jq \`
			`bc \`
			`gh \`
			`git \`
			`unzip \`
			`rsync \`
			`ripgrep \`
			`procps \`
			`psmisc \`
			`lsof \`
enable servers in sandbox to listen on localhost (127.0.0.1) instead of 0.0.0.0, ensuring servers can be container/host-agnostic (#207 ) 2025-04-28 18:40:24 -07:00			`socat \`
restricted networking for all sandboxing methods, new seatbelt profiles, updated docs, fixes to sandbox build, debugging through sandbox (#891 ) 2025-06-10 08:58:37 -07:00			`ca-certificates \`
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00			`&& apt-get clean \`
			`&& rm -rf /var/lib/apt/lists/*`

			`# set up npm global package folder under /usr/local/share`
			`# give it to non-root user node, already set up in base image`
			`RUN mkdir -p /usr/local/share/npm-global \`
			`&& chown -R node:node /usr/local/share/npm-global`
			`ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global`
			`ENV PATH=$PATH:/usr/local/share/npm-global/bin`

Revert "Update package.json in include git dependency on Ink fork." (#11365 ) 2025-10-17 07:48:29 -07:00			`# switch to non-root user node`
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00			`USER node`

Revert "Update package.json in include git dependency on Ink fork." (#11365 ) 2025-10-17 07:48:29 -07:00			`# install gemini-cli and clean up`
feat(voice): implement real-time voice mode with cloud and local backends (#24174 ) 2026-04-24 14:29:38 -07:00			`COPY --chown=node:node packages/cli/dist/google-gemini-cli-*.tgz /tmp/gemini-cli.tgz`
			`COPY --chown=node:node packages/core/dist/google-gemini-cli-core-*.tgz /tmp/gemini-core.tgz`
fix(sandbox): harden image packaging integrity checks (#19552 ) 2026-02-24 02:32:42 +05:30			`RUN npm install -g /tmp/gemini-core.tgz \`
			`&& npm install -g /tmp/gemini-cli.tgz \`
			`&& node -e "const fs=require('node:fs'); JSON.parse(fs.readFileSync('/usr/local/share/npm-global/lib/node_modules/@google/gemini-cli/package.json','utf8')); JSON.parse(fs.readFileSync('/usr/local/share/npm-global/lib/node_modules/@google/gemini-cli-core/package.json','utf8'));" \`
			`&& gemini --version > /dev/null \`
Minimal container setup. Install docker (or podman), build container with scripts/build_container.sh, then start with scripts/start_container.sh. Exit with ^C for now. (#61 ) 2025-04-20 08:22:17 -07:00			`&& npm cache clean --force \`
fix(ci): e2e workflow aligned with release (#9296 ) 2025-09-25 11:26:07 -07:00			`&& rm -f /tmp/gemini-{cli,core}.tgz`
feat: publish root Dockerfile to our image registry (#599 ) 2025-05-29 21:01:44 +00:00
fix(sandbox): use CMD for default entrypoint (#601 ) 2025-05-29 22:16:39 +00:00			`# default entrypoint when none specified`
Fix: make Dockerfile self-contained with multi-stage build (#24277 ) 2026-05-05 01:21:06 +05:30			`ENTRYPOINT ["/usr/local/share/npm-global/bin/gemini"]`