298 lines
8.9 KiB
Docker
298 lines
8.9 KiB
Docker
# Multi-stage Dockerfile for Attune workers
|
|
# Supports building different worker variants with different runtime capabilities
|
|
#
|
|
# Usage:
|
|
# docker build --target worker-base -t attune-worker:base -f docker/Dockerfile.worker .
|
|
# docker build --target worker-python -t attune-worker:python -f docker/Dockerfile.worker .
|
|
# docker build --target worker-node -t attune-worker:node -f docker/Dockerfile.worker .
|
|
# docker build --target worker-full -t attune-worker:full -f docker/Dockerfile.worker .
|
|
#
|
|
# BuildKit cache mounts are used to speed up incremental builds.
|
|
|
|
ARG RUST_VERSION=1.92
|
|
ARG DEBIAN_VERSION=bookworm
|
|
ARG NODE_VERSION=20
|
|
|
|
# ============================================================================
|
|
# Stage 1: Builder - Compile the worker binary
|
|
# ============================================================================
|
|
FROM rust:${RUST_VERSION}-${DEBIAN_VERSION} AS builder
|
|
|
|
# Install build dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
pkg-config \
|
|
libssl-dev \
|
|
ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
WORKDIR /build
|
|
|
|
# Copy workspace manifests and source code
|
|
COPY Cargo.toml Cargo.lock ./
|
|
COPY crates/ ./crates/
|
|
COPY migrations/ ./migrations/
|
|
COPY .sqlx/ ./.sqlx/
|
|
|
|
# Build the worker binary with BuildKit cache mounts
|
|
# sharing=locked prevents race conditions during parallel builds
|
|
RUN --mount=type=cache,target=/usr/local/cargo/registry,sharing=locked \
|
|
--mount=type=cache,target=/usr/local/cargo/git,sharing=locked \
|
|
--mount=type=cache,target=/build/target,sharing=locked \
|
|
cargo build --release --bin attune-worker && \
|
|
cp /build/target/release/attune-worker /build/attune-worker
|
|
|
|
# Verify the binary was built
|
|
RUN ls -lh /build/attune-worker && \
|
|
file /build/attune-worker && \
|
|
/build/attune-worker --version || echo "Version check skipped"
|
|
|
|
# ============================================================================
|
|
# Stage 2a: Base Worker (Shell only)
|
|
# Runtime capabilities: shell
|
|
# Use case: Lightweight workers for shell scripts and basic automation
|
|
# ============================================================================
|
|
FROM debian:${DEBIAN_VERSION}-slim AS worker-base
|
|
|
|
# Install runtime dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
libssl3 \
|
|
curl \
|
|
bash \
|
|
procps \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create worker user and directories
|
|
RUN useradd -m -u 1000 attune && \
|
|
mkdir -p /opt/attune/packs /opt/attune/logs && \
|
|
chown -R attune:attune /opt/attune
|
|
|
|
WORKDIR /opt/attune
|
|
|
|
# Copy worker binary from builder
|
|
COPY --from=builder /build/attune-worker /usr/local/bin/attune-worker
|
|
|
|
# Copy configuration template
|
|
COPY config.docker.yaml ./config.yaml
|
|
|
|
# Copy packs directory
|
|
COPY packs/ ./packs/
|
|
|
|
# Set ownership
|
|
RUN chown -R attune:attune /opt/attune
|
|
|
|
# Switch to non-root user
|
|
USER attune
|
|
|
|
# Environment variables
|
|
ENV ATTUNE_WORKER_RUNTIMES="shell"
|
|
ENV ATTUNE_WORKER_TYPE="container"
|
|
ENV RUST_LOG=info
|
|
ENV ATTUNE_CONFIG=/opt/attune/config.yaml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD pgrep -f attune-worker || exit 1
|
|
|
|
# Run the worker
|
|
CMD ["/usr/local/bin/attune-worker"]
|
|
|
|
# ============================================================================
|
|
# Stage 2b: Python Worker (Shell + Python)
|
|
# Runtime capabilities: shell, python
|
|
# Use case: Python actions and scripts with dependencies
|
|
#
|
|
# Uses debian-slim + apt python3 (NOT the python: Docker image) so that
|
|
# python3 lives at /usr/bin/python3 — the same path as worker-full.
|
|
# This avoids broken venv symlinks when multiple workers share the
|
|
# runtime_envs volume.
|
|
# ============================================================================
|
|
FROM debian:${DEBIAN_VERSION}-slim AS worker-python
|
|
|
|
# Install system dependencies including Python
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
libssl3 \
|
|
curl \
|
|
build-essential \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
procps \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create python symlink for convenience
|
|
RUN ln -sf /usr/bin/python3 /usr/bin/python
|
|
|
|
# Install common Python packages
|
|
# Use --break-system-packages for Debian 12+ pip-in-system-python restrictions
|
|
RUN pip3 install --no-cache-dir --break-system-packages \
|
|
requests>=2.31.0 \
|
|
pyyaml>=6.0 \
|
|
jinja2>=3.1.0 \
|
|
python-dateutil>=2.8.0
|
|
|
|
# Create worker user and directories
|
|
RUN useradd -m -u 1000 attune && \
|
|
mkdir -p /opt/attune/packs /opt/attune/logs /opt/attune/runtime_envs && \
|
|
chown -R attune:attune /opt/attune
|
|
|
|
WORKDIR /opt/attune
|
|
|
|
# Copy worker binary from builder
|
|
COPY --from=builder /build/attune-worker /usr/local/bin/attune-worker
|
|
|
|
# Copy configuration template
|
|
COPY config.docker.yaml ./config.yaml
|
|
|
|
# Copy packs directory
|
|
COPY packs/ ./packs/
|
|
|
|
# Set ownership
|
|
RUN chown -R attune:attune /opt/attune
|
|
|
|
# Switch to non-root user
|
|
USER attune
|
|
|
|
# Environment variables
|
|
ENV ATTUNE_WORKER_RUNTIMES="shell,python"
|
|
ENV ATTUNE_WORKER_TYPE="container"
|
|
ENV RUST_LOG=info
|
|
ENV ATTUNE_CONFIG=/opt/attune/config.yaml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD pgrep -f attune-worker || exit 1
|
|
|
|
# Run the worker
|
|
CMD ["/usr/local/bin/attune-worker"]
|
|
|
|
# ============================================================================
|
|
# Stage 2c: Node Worker (Shell + Node.js)
|
|
# Runtime capabilities: shell, node
|
|
# Use case: JavaScript/TypeScript actions and npm packages
|
|
#
|
|
# Uses debian-slim + NodeSource apt repo (NOT the node: Docker image) so that
|
|
# node lives at /usr/bin/node — the same path as worker-full.
|
|
# This avoids path mismatches when multiple workers share volumes.
|
|
# ============================================================================
|
|
FROM debian:${DEBIAN_VERSION}-slim AS worker-node
|
|
|
|
# Install system dependencies
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
libssl3 \
|
|
curl \
|
|
procps \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install Node.js from NodeSource (same method as worker-full)
|
|
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - && \
|
|
apt-get install -y nodejs && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create worker user and directories
|
|
RUN useradd -m -u 1000 attune && \
|
|
mkdir -p /opt/attune/packs /opt/attune/logs /opt/attune/runtime_envs && \
|
|
chown -R attune:attune /opt/attune
|
|
|
|
WORKDIR /opt/attune
|
|
|
|
# Copy worker binary from builder
|
|
COPY --from=builder /build/attune-worker /usr/local/bin/attune-worker
|
|
|
|
# Copy configuration template
|
|
COPY config.docker.yaml ./config.yaml
|
|
|
|
# Copy packs directory
|
|
COPY packs/ ./packs/
|
|
|
|
# Set ownership
|
|
RUN chown -R attune:attune /opt/attune
|
|
|
|
# Switch to non-root user
|
|
USER attune
|
|
|
|
# Environment variables
|
|
ENV ATTUNE_WORKER_RUNTIMES="shell,node"
|
|
ENV ATTUNE_WORKER_TYPE="container"
|
|
ENV RUST_LOG=info
|
|
ENV ATTUNE_CONFIG=/opt/attune/config.yaml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD pgrep -f attune-worker || exit 1
|
|
|
|
# Run the worker
|
|
CMD ["/usr/local/bin/attune-worker"]
|
|
|
|
# ============================================================================
|
|
# Stage 2d: Full Worker (All runtimes)
|
|
# Runtime capabilities: shell, python, node, native
|
|
# Use case: General-purpose automation with multi-language support
|
|
# ============================================================================
|
|
FROM debian:${DEBIAN_VERSION} AS worker-full
|
|
|
|
# Install system dependencies including Python and Node.js
|
|
RUN apt-get update && apt-get install -y \
|
|
ca-certificates \
|
|
libssl3 \
|
|
curl \
|
|
build-essential \
|
|
python3 \
|
|
python3-pip \
|
|
python3-venv \
|
|
procps \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install Node.js from NodeSource (same method and version as worker-node)
|
|
RUN curl -fsSL https://deb.nodesource.com/setup_${NODE_VERSION}.x | bash - && \
|
|
apt-get install -y nodejs && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# Create python symlink for convenience
|
|
RUN ln -sf /usr/bin/python3 /usr/bin/python
|
|
|
|
# Install common Python packages
|
|
# Use --break-system-packages for Debian 12+ pip-in-system-python restrictions
|
|
RUN pip3 install --no-cache-dir --break-system-packages \
|
|
requests>=2.31.0 \
|
|
pyyaml>=6.0 \
|
|
jinja2>=3.1.0 \
|
|
python-dateutil>=2.8.0
|
|
|
|
# Create worker user and directories
|
|
RUN useradd -m -u 1000 attune && \
|
|
mkdir -p /opt/attune/packs /opt/attune/logs /opt/attune/runtime_envs && \
|
|
chown -R attune:attune /opt/attune
|
|
|
|
WORKDIR /opt/attune
|
|
|
|
# Copy worker binary from builder
|
|
COPY --from=builder /build/attune-worker /usr/local/bin/attune-worker
|
|
|
|
# Copy configuration template
|
|
COPY config.docker.yaml ./config.yaml
|
|
|
|
# Copy packs directory
|
|
COPY packs/ ./packs/
|
|
|
|
# Set ownership
|
|
RUN chown -R attune:attune /opt/attune
|
|
|
|
# Switch to non-root user
|
|
USER attune
|
|
|
|
# Environment variables
|
|
ENV ATTUNE_WORKER_RUNTIMES="shell,python,node,native"
|
|
ENV ATTUNE_WORKER_TYPE="container"
|
|
ENV RUST_LOG=info
|
|
ENV ATTUNE_CONFIG=/opt/attune/config.yaml
|
|
|
|
# Health check
|
|
HEALTHCHECK --interval=30s --timeout=3s --start-period=10s --retries=3 \
|
|
CMD pgrep -f attune-worker || exit 1
|
|
|
|
# Run the worker
|
|
CMD ["/usr/local/bin/attune-worker"]
|