microsoft/playwright
1
1
Fork 0
mirror of https://github.com/microsoft/playwright.git synced 2024-12-15 14:11:50 +03:00
Code Issues Projects Releases Wiki Activity
f232f34dae
playwright/docs/docker
History
Max Schmitt 5f6441e6df
chore(docker): use root user in Docker image (#3739) 
As discussed offline other big images like Node.js or Nginx use root as the default user and the users in the end can base-off from our image to add their security features.

Not sure if follow up docs changes are required for that.

Fix #3703
Fix #3681
2020-09-02 14:42:01 -07:00
..
build.sh devops: switch docker publishing to a bash script (#3704) 2020-09-01 11:33:19 -07:00
Dockerfile.bionic chore(docker): use root user in Docker image (#3739) 2020-09-02 14:42:01 -07:00
README.md docs(docker): add link to mcr status ui (#3679) 2020-08-28 14:30:51 -07:00
seccomp_profile.json docs: update documentation on Chromium sandbox (#3077) 2020-07-21 17:43:41 -07:00
tag_and_push.sh devops: use a helper script to tag and push docker images (#3737) 2020-09-02 14:28:01 -07:00

README.md

Running Playwright in Docker

Dockerfile.bionic is a playwright-ready image of playwright. This image includes all the dependencies needed to run browsers in a Docker container, including browsers.

Usage

docker hub

This image is published on Docker Hub.

Pull the image

$ docker pull mcr.microsoft.com/playwright:bionic

Run the image

$ docker container run -it --rm --ipc=host --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash

seccomp_profile.json is needed to run Chromium with sandbox. This is a default Docker seccomp profile with extra user namespace cloning permissions:

[
  {
    "comment": "Allow create user namespaces",
    "names": [
      "clone",
      "setns",
      "unshare"
    ],
    "action": "SCMP_ACT_ALLOW",
    "args": [],
    "includes": {},
    "excludes": {}
  }
]

Note

: Using --ipc=host is recommended when using Chrome (Docker docs). Chrome can run out of memory without this flag.

Using on CI

See our Continuous Integration guides for sample configs.

Image tags

See all available image tags.

Development

Build the image

Use //docs/docker/build.sh to build the image.

$ ./docs/docker/build.sh

The image will be tagged as playwright:localbuild and could be run as:

$ docker run --rm -it playwright:localbuild /bin/bash

Push

Docker images are published automatically by Github Actions. We currently publish the following images:

  • mcr.microsoft.com/playwright:next - tip-of-tree image version.
  • mcr.microsoft.com/playwright:bionic - last Playwright release docker image.
  • mcr.microsoft.com/playwright:sha-XXXXXXX - docker image for every commit that changed docker files or browsers, marked with a short sha (first 7 digits of the SHA commit).

Status of push to MCR can be verified here (internal link).

Base images

playwright:bionic is based on Ubuntu 18.04 LTS (Bionic Beaver).

Alpine

Browser builds for Firefox and WebKit are built for the glibc library. Alpine Linux and other distributions that are based on the musl standard library are not supported.