In version 1.4 we introduced a breaking change for the Docker behaviour since we removed the pwuser completely. In this PR I add this user again and create a symlink so that root uses the browser of the pwuser. This has also the benefit, that the users who wants to use the seccomp profile that they don't have to create this user.
Reference: https://playwright.slack.com/archives/CSUHZPVLM/p1600240776120400
Tested on root and on pwuser. Works.
References #4084
Each Ubuntu and Debian release has a code name. Ubuntu 18(bionic), Ubuntu 20(focal). This adds the Dockerfile for Ubuntu20.
Next steps and follow up changes:
- add it to the devops site, so we are sure all tests are passing, locally they did
- deploy it to the MCR, naming needs to be clarified, probably just as "focal".
This naming schema allows us in the future to add Debian support too. But we should wait until Headless WK is fixed.
Relates #3791
Relates #2758Closes#3338
As discussed offline other big images like Node.js or Nginx use root as the default user and the users in the end can base-off from our image to add their security features.
Not sure if follow up docs changes are required for that.
Fix#3703Fix#3681
It turns out that the new `docker push --all-tags` is not yet available
in the latest docker distribution on Ubuntu 20.04.
This provides a helper script to tag and publish the docker image.
It turns out Github Actions have docker pre-installed.
This patch unifies the codepaths that we use to build docker image
locally and to publish it from CI.
As a result, there's no extra `--prepare-context` argument in
`//docs/docker/build.sh` that was used solely on CI.
References #2926
This patch:
- updates docker seccomp profile to use a slightly modified default docker
profile
- removes SUID sandbox documentation since it doesn't seem to work
References #2745
This patch bakes browsers into docker image.
Important observations:
- We now re-build docker image everytime we roll browsers.
- Docker image size almost doubles: from `225MB` to `496MB`.
References #2926
This adds a new script to calculate docker image size with
all parent layers.
Note: take this metrics with a grain of salt, since in reality
docker compresses and reuses layers.
Some historic stats obtained with this script:
- **`208MB`** (-33MB) chore(docker): skip "recommended" dependencies (#2917) (1cebf8757c)
- **`241MB`** (-29MB) chore(docker): trim some of the gstreamer dependencies (#2897) (bce4b1aea9)
- **`272MB`** (-1MB) devops: do cache busting for APT (#2656) (bb34418095)
- **`273MB`** (+49MB) fix(webkit): update Docker file to include gstreamer (#2636) (5c6c65915c)
- **`224MB`** (+0MB) chore: fix emojis for CR and FF in Dockerfile (#2522) (24316ad261)
- **`224MB`** (-1MB) fix: Dockerfile for Firefox (#1937) (b516ac4fb2)
- **`225MB`** (+49MB) devops(docker): Install ffmpeg dependency, adding codecs necessary for video playback in Firefox (#1627) (222d01caaa)
- **`176MB`** (+32MB) chore(docs): optionally install XVFB in docker(ec3ee66043)
- **`144MB`** (+144MB) feat: add a playwright-ready docker image (#1161)(1781ae7006)
Has some overlaps with the troubleshooting doc, which I plan to clean up in a subsequent PR. This first version of the doc has a feel of "build-your-own" with our sample configurations. Over time we can tweak the level of hand-holding for the best user experience to get started with CI.
Fixes#1103
