-
Notifications
You must be signed in to change notification settings - Fork 52
Expand file tree
/
Copy pathDockerfile.sandbox
More file actions
48 lines (38 loc) · 1.83 KB
/
Dockerfile.sandbox
File metadata and controls
48 lines (38 loc) · 1.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# Dockerfile.sandbox -- lightweight sandbox for ductor CLI execution.
# Based on Node 22 (Debian bookworm) with Python 3, Claude Code CLI,
# and Codex CLI pre-installed. The container runs "sleep infinity" so
# ductor can `docker exec` into it on demand.
FROM node:22-bookworm-slim
ENV DEBIAN_FRONTEND=noninteractive \
LANG=en_US.UTF-8 \
LC_ALL=en_US.UTF-8 \
PIP_BREAK_SYSTEM_PACKAGES=1
# System packages: Python, build tools, Git, locale support
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
python3 python3-pip python3-venv python3-dev \
build-essential git curl ca-certificates sudo locales \
&& sed -i '/en_US.UTF-8/s/^# //' /etc/locale.gen && locale-gen \
&& rm -rf /var/lib/apt/lists/*
# Chrome/Chromium runtime dependencies for browser-based skills
# (e.g. patchright, playwright). Only shared libraries -- no browser binary.
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
libasound2 libatk-bridge2.0-0 libatk1.0-0 libcairo2 libcups2 \
libdbus-1-3 libdrm2 libexpat1 libgbm1 libglib2.0-0 libnspr4 \
libnss3 libpango-1.0-0 libx11-6 libx11-xcb1 libxcb1 \
libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 \
libxrandr2 libxshmfence1 \
fonts-liberation fonts-noto-color-emoji \
&& rm -rf /var/lib/apt/lists/*
# Allow pip installs without the "externally managed" guard
RUN rm -f /usr/lib/python*/EXTERNALLY-MANAGED
# Install Claude Code CLI and Codex CLI
RUN npm install -g @anthropic-ai/claude-code @openai/codex @google/gemini-cli
# Prepare a writable data directory
RUN mkdir -p /data && chown node:node /data
# Let the `node` user run sudo without a password (useful for apt inside sandbox)
RUN echo "node ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/node
USER node
WORKDIR /workspace
CMD ["sleep", "infinity"]