diff --git a/.gcp/Dockerfile.maintainer b/.gcp/Dockerfile.maintainer new file mode 100644 index 0000000000..074df8441f --- /dev/null +++ b/.gcp/Dockerfile.maintainer @@ -0,0 +1,52 @@ +# --- STAGE 1: Base Runtime --- +FROM docker.io/library/node:20-slim AS base + +ARG CLI_VERSION_ARG +ENV CLI_VERSION=$CLI_VERSION_ARG + +RUN apt-get update && apt-get install -y --no-install-recommends \ + python3 \ + curl \ + dnsutils \ + less \ + jq \ + ca-certificates \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# --- STAGE 2: Maintainer --- +FROM base AS maintainer + +# Install "Maintainer Bloat" - tools needed for development and offloading +RUN apt-get update && apt-get install -y --no-install-recommends \ + make \ + g++ \ + gh \ + git \ + unzip \ + rsync \ + ripgrep \ + procps \ + psmisc \ + lsof \ + socat \ + build-essential \ + libsecret-1-dev \ + libkrb5-dev \ + && apt-get clean \ + && rm -rf /var/lib/apt/lists/* + +# Install global dev tools +RUN npm install -g tsx vitest + +# Set up npm global package folder +RUN mkdir -p /usr/local/share/npm-global \ + && chown -R node:node /usr/local/share/npm-global +ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global +ENV PATH=$PATH:/usr/local/share/npm-global/bin + +# Switch to non-root user node +USER node + +# Default entrypoint +CMD ["/bin/bash"] diff --git a/.gcp/release-docker.yml b/.gcp/release-docker.yml index cdf5a489a7..00780f7477 100644 --- a/.gcp/release-docker.yml +++ b/.gcp/release-docker.yml @@ -47,7 +47,7 @@ steps: env: - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' - # Step 6: Build maintainer container image (Maintainer stage) + # Step 6: Build maintainer container image (Dedicated Maintainer Dockerfile) - name: 'us-west1-docker.pkg.dev/gemini-code-dev/gemini-code-containers/gemini-code-builder' id: 'Build maintainer Docker image' entrypoint: 'bash' @@ -56,7 +56,7 @@ steps: - |- export TAG=$$(cat /workspace/image_tag.txt) IMAGE_BASE="us-docker.pkg.dev/gemini-code-dev/gemini-cli/maintainer" - docker build --target maintainer -t "$${IMAGE_BASE}:$${TAG}" . + docker build -f .gcp/Dockerfile.maintainer -t "$${IMAGE_BASE}:$${TAG}" . docker push "$${IMAGE_BASE}:$${TAG}" env: - 'GEMINI_SANDBOX=$_CONTAINER_TOOL' diff --git a/Dockerfile b/Dockerfile index b3a1edce40..25d27d46c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,26 +1,21 @@ -# --- STAGE 1: Base Runtime --- -FROM docker.io/library/node:20-slim AS base +FROM docker.io/library/node:20-slim +ARG SANDBOX_NAME="gemini-cli-sandbox" ARG CLI_VERSION_ARG +ENV SANDBOX="$SANDBOX_NAME" ENV CLI_VERSION=$CLI_VERSION_ARG +# install minimal set of packages, then clean up RUN apt-get update && apt-get install -y --no-install-recommends \ python3 \ + make \ + g++ \ + man-db \ curl \ dnsutils \ less \ jq \ - ca-certificates \ - && apt-get clean \ - && rm -rf /var/lib/apt/lists/* - -# --- STAGE 2: Maintainer (Parent of Sandbox) --- -FROM base AS maintainer - -# Install "Maintainer Bloat" - tools needed for development and offloading -RUN apt-get update && apt-get install -y --no-install-recommends \ - make \ - g++ \ + bc \ gh \ git \ unzip \ @@ -30,31 +25,21 @@ RUN apt-get update && apt-get install -y --no-install-recommends \ psmisc \ lsof \ socat \ - build-essential \ - libsecret-1-dev \ - libkrb5-dev \ + ca-certificates \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* -# Install global dev tools -RUN npm install -g tsx vitest - -# Set up npm global package folder +# set up npm global package folder under /usr/local/share +# give it to non-root user node, already set up in base image RUN mkdir -p /usr/local/share/npm-global \ && chown -R node:node /usr/local/share/npm-global ENV NPM_CONFIG_PREFIX=/usr/local/share/npm-global ENV PATH=$PATH:/usr/local/share/npm-global/bin -# --- STAGE 3: Sandbox (Final CLI Image) --- -FROM maintainer AS sandbox - -ARG SANDBOX_NAME="gemini-cli-sandbox" -ENV SANDBOX="$SANDBOX_NAME" - -# Switch to non-root user node +# switch to non-root user node USER node -# Install gemini-cli and clean up +# install gemini-cli and clean up COPY packages/cli/dist/google-gemini-cli-*.tgz /tmp/gemini-cli.tgz COPY packages/core/dist/google-gemini-cli-core-*.tgz /tmp/gemini-core.tgz RUN npm install -g /tmp/gemini-core.tgz \ @@ -64,5 +49,5 @@ RUN npm install -g /tmp/gemini-core.tgz \ && npm cache clean --force \ && rm -f /tmp/gemini-{cli,core}.tgz -# Default entrypoint +# default entrypoint when none specified CMD ["gemini"]