In version 1.4 we introduced a breaking change for the Docker behaviour since we removed the pwuser completely. In this PR I add this user again and create a symlink so that root uses the browser of the pwuser. This has also the benefit, that the users who wants to use the seccomp profile that they don't have to create this user. Reference: https://playwright.slack.com/archives/CSUHZPVLM/p1600240776120400 Tested on root and on pwuser. Works. References #4084
4.3 KiB
Running Playwright in Docker
Dockerfile.bionic can be used to run Playwright scripts in Docker environments. This image includes all the dependencies needed to run browsers in a Docker container, including browsers.
Usage
This image is published on Docker Hub.
Pull the image
$ docker pull mcr.microsoft.com/playwright:bionic
Run the image
By default, the Docker image will use the root
user to run the browsers. This will disable the Chromium sandbox which is not available with root. If you run trusted code (e.g. End-to-end tests) and want to avoid the hassle of managing separate user then the root user may be fine. For web scraping or crawling, we recommend to create a separate user inside the Docker container and use the seccomp profile.
End-to-end tests
On trusted websites, you can avoid creating a separate user and use root for it since you trust the code which will run on the browsers.
docker run -it --rm --ipc=host mcr.microsoft.com/playwright:bionic /bin/bash
Crawling and scraping
On untrusted websites, it's recommended to use a separate user for launching the browsers in combination with the seccomp profile. Inside the container or if you are using the Docker image as a base image you have to use adduser
for it.
$ docker run -it --rm --ipc=host --user pwuser --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash
seccomp_profile.json
is needed to run Chromium with sandbox. This is
a default Docker seccomp profile with extra user namespace cloning permissions:
[
{
"comment": "Allow create user namespaces",
"names": [
"clone",
"setns",
"unshare"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"includes": {},
"excludes": {}
}
]
Note
: Using
--ipc=host
is recommended when using Chrome (Docker docs). Chrome can run out of memory without this flag.
Using on CI
See our Continuous Integration guides for sample configs.
Image tags
Development
Build the image
Use //docs/docker/build.sh
to build the image.
$ ./docs/docker/build.sh bionic playwright:localbuild-bionic
The image will be tagged as playwright:localbuild-bionic
and could be run as:
$ docker run --rm -it playwright:localbuild /bin/bash
Push
Docker images are published automatically by GitHub Actions. We currently publish the following images:
mcr.microsoft.com/playwright:next
- tip-of-tree image version.mcr.microsoft.com/playwright:bionic
- last Playwright release docker image.mcr.microsoft.com/playwright:sha-XXXXXXX
- docker image for every commit that changed docker files or browsers, marked with a short sha (first 7 digits of the SHA commit).
Status of push to MCR can be verified here (internal link).
Base images
Ubuntu 20
mcr.microsoft.com/playwright:focal
is based on Ubuntu 20.04 LTS (Focal Fossa).
Ubuntu 18
mcr.microsoft.com/playwright:bionic
is based on Ubuntu 18.04 LTS (Bionic Beaver).
Alpine
Browser builds for Firefox and WebKit are built for the glibc library. Alpine Linux and other distributions that are based on the musl standard library are not supported.