playwright/docs/docker
2020-09-09 11:43:15 -07:00
..
build.sh devops: switch docker publishing to a bash script (#3704) 2020-09-01 11:33:19 -07:00
Dockerfile.bionic chore(docker): use root user in Docker image (#3739) 2020-09-02 14:42:01 -07:00
README.md docs(docker): add note how to use chromium sandbox (#3779) 2020-09-09 11:43:15 -07:00
seccomp_profile.json docs: update documentation on Chromium sandbox (#3077) 2020-07-21 17:43:41 -07:00
tag_and_push.sh devops: use a helper script to tag and push docker images (#3737) 2020-09-02 14:28:01 -07:00

Running Playwright in Docker

Dockerfile.bionic can be used to run Playwright scripts in Docker environments. This image includes all the dependencies needed to run browsers in a Docker container, including browsers.

Usage

docker hub

This image is published on Docker Hub.

Pull the image

$ docker pull mcr.microsoft.com/playwright:bionic

Run the image

By default, the Docker image will use the root user to run the browsers. This will disable the Chromium sandbox which is not available with root. If you run trusted code (e.g. End-to-end tests) and want to avoid the hassle of managing separate user then the root user may be fine. For web scraping or crawling, we recommend to create a separate user inside the Docker container and use the seccomp profile.

End-to-end tests

On trusted websites, you can avoid creating a separate user and use root for it since you trust the code which will run on the browsers.

docker run -it --rm --ipc=host mcr.microsoft.com/playwright:bionic /bin/bash

Crawling and scraping

On untrusted websites, it's recommended to use a separate user for launching the browsers in combination with the seccomp profile. Inside the container or if you are using the Docker image as a base image you have to use adduser for it.

$ docker run -it --rm --ipc=host --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash

seccomp_profile.json is needed to run Chromium with sandbox. This is a default Docker seccomp profile with extra user namespace cloning permissions:

[
  {
    "comment": "Allow create user namespaces",
    "names": [
      "clone",
      "setns",
      "unshare"
    ],
    "action": "SCMP_ACT_ALLOW",
    "args": [],
    "includes": {},
    "excludes": {}
  }
]

Note

: Using --ipc=host is recommended when using Chrome (Docker docs). Chrome can run out of memory without this flag.

Since the seccomp profile is now in use, you have to create a separate user with adduser pwuser which you use to run your browsers with Playwright.

Using on CI

See our Continuous Integration guides for sample configs.

Image tags

See all available image tags.

Development

Build the image

Use //docs/docker/build.sh to build the image.

$ ./docs/docker/build.sh

The image will be tagged as playwright:localbuild and could be run as:

$ docker run --rm -it playwright:localbuild /bin/bash

Push

Docker images are published automatically by Github Actions. We currently publish the following images:

  • mcr.microsoft.com/playwright:next - tip-of-tree image version.
  • mcr.microsoft.com/playwright:bionic - last Playwright release docker image.
  • mcr.microsoft.com/playwright:sha-XXXXXXX - docker image for every commit that changed docker files or browsers, marked with a short sha (first 7 digits of the SHA commit).

Status of push to MCR can be verified here (internal link).

Base images

playwright:bionic is based on Ubuntu 18.04 LTS (Bionic Beaver).

Alpine

Browser builds for Firefox and WebKit are built for the glibc library. Alpine Linux and other distributions that are based on the musl standard library are not supported.