From 0be20f91662e2a95b6863d4593264dc1d1b7b8cb Mon Sep 17 00:00:00 2001 From: GuanYuankai Date: Thu, 13 Nov 2025 15:30:33 +0800 Subject: [PATCH] =?UTF-8?q?=E8=BF=81=E7=A7=BB=E5=88=B0drone=E5=88=86?= =?UTF-8?q?=E6=94=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .drone.yml | 4 +- docker/Dockerfile.prod | 90 +++++++++++++++++++++++------------------- 2 files changed, 51 insertions(+), 43 deletions(-) diff --git a/.drone.yml b/.drone.yml index b78cd75..b01d1fc 100644 --- a/.drone.yml +++ b/.drone.yml @@ -8,7 +8,7 @@ platform: arch: arm64 trigger: branch: - - main + - drone event: - push @@ -26,7 +26,7 @@ steps: from_secret: gitea_password repo: 192.168.0.75:3000/guanyuankai/bonus-edge-proxy insecure: true - mirror: "https://docker.m.daocloud.io" + mirror: "https://docker.m.daocloud.io" tags: - latest diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 7e89ae0..dc0b375 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -44,24 +44,18 @@ RUN cmake --build /app/build --target edge_proxy --parallel $(nproc) RUN ls -l /app/build/ -# ---------------------------------------------------- +## ---------------------------------------------------- # 阶段 2: "Production" # 目标: 构建包含所有运行时库和您应用的精简镜像 # ---------------------------------------------------- -FROM 192.168.0.75:3000/guanyuankai/ubuntu-arm64:22.04 +FROM 192.168.0.75:3000/guanyuankai/ubuntu-arm64:22.04 ENV DEBIAN_FRONTEND=noninteractive - +# 1. (作为 root) 安装所有系统依赖 RUN apt-get update && \ apt-get install -y --no-install-recommends \ - sudo unzip software-properties-common gpg-agent \ - && \ - add-apt-repository -y ppa:jjriek/panfork-mesa && \ - add-apt-repository -y ppa:jjriek/rockchip && \ - add-apt-repository -y ppa:jjriek/rockchip-multimedia && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ + unzip software-properties-common gpg-agent \ espeak-ng-data libespeak1 python3 python3-pip \ libssl-dev libspdlog-dev libsqlite3-dev libboost-all-dev \ librockchip-mpp-dev librga-dev gstreamer1.0-rockchip \ @@ -72,53 +66,67 @@ RUN apt-get update && \ gstreamer1.0-libav gstreamer1.0-tools gstreamer1.0-x \ gstreamer1.0-pulseaudio gstreamer1.0-rtsp \ libopencv-dev nmap \ - && rm -rf /var/lib/apt/lists/* - -COPY --from=build_env /usr/local/lib/ /usr/local/lib/ -COPY --from=build_env /usr/local/include/ /usr/local/include/ -COPY --from=build_env /app/build/edge_proxy /app/edge_proxy -WORKDIR /app + && \ + add-apt-repository -y ppa:jjriek/panfork-mesa && \ + add-apt-repository -y ppa:jjriek/rockchip && \ + add-apt-repository -y ppa:jjriek/rockchip-multimedia && \ + apt-get update && \ + rm -rf /var/lib/apt/lists/* [cite: 5, 6] +# 2. (作为 root) 创建用户和组 RUN groupadd -r developers && \ - useradd -ms /bin/bash -g developers -G sudo dev && \ + useradd -ms /bin/bash -g developers dev && \ + # (移除了 -G sudo) [cite: 7] groupadd -g 20 dialout || true && \ groupadd -g 44 video || true && \ groupadd -g 110 render || true && \ - groupadd -g 29 render || true && \ + # (移除了 g 29 render,因为它和 110 重复) [cite: 9, 10] usermod -a -G dialout dev && \ usermod -a -G video dev && \ usermod -a -G render dev && \ - usermod -a -G audio dev && \ - echo "dev ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/dev-nopasswd + usermod -a -G audio dev + # (移除了 sudoers 的 echo) -COPY rknn_sdk/librknn_api/include/rknn_api.h /usr/local/include/ -COPY rknn_sdk/rknn_server/aarch64/usr/bin/rknn_server /usr/bin/rknn_server -COPY rknn_sdk/librknn_api/aarch64/librknnrt.so /usr/lib/librknnrt.so -COPY rknn_sdk/librknn_api/aarch64/librknn_api.so /usr/lib/librknn_api.so -COPY rknn_sdk/whl/*.whl /tmp/rknn_wheels/ +# 3. (作为 root) 复制所有文件 +COPY --from=build_env /usr/local/lib/ /usr/local/lib/ +COPY --from=build_env /usr/local/include/ /usr/local/include/ +COPY --from=build_env /app/build/edge_proxy /app/edge_proxy +WORKDIR /app + +COPY rknn_sdk/librknn_api/include/rknn_api.h /usr/local/include/ +COPY rknn_sdk/rknn_server/aarch64/usr/bin/rknn_server /usr/bin/rknn_server +COPY rknn_sdk/librknn_api/aarch64/librknnrt.so /usr/lib/librknnrt.so +COPY rknn_sdk/librknn_api/aarch64/librknn_api.so /usr/lib/librknn_api.so +COPY rknn_sdk/whl/*.whl /tmp/rknn_wheels/ RUN pip3 install /tmp/rknn_wheels/*.whl && \ - rm -rf /tmp/rknn_wheels -RUN chmod +x /usr/bin/rknn_server -RUN ldconfig + rm -rf /tmp/rknn_wheels +RUN chmod +x /usr/bin/rknn_server +RUN ldconfig -COPY config/ /app/config/ -COPY models/ /app/models +COPY config/ /app/config/ +COPY models/ /app/models/ +COPY piper_models/ /app/piper_models/ -COPY piper_models/ /app/piper_models/ +# 4. (作为 root) 更改 /app 目录的所有权 +# 这是关键一步:在切换用户之前更改所有权 +RUN chown -R dev:developers /app +RUN chmod 775 /app/edge_proxy [cite: 12] -USER dev +# 5. 现在切换到 dev 用户 +USER dev + +# 6. (作为 dev) 为 pip 设置 PATH 环境变量 +ENV PATH="/home/dev/.local/bin:${PATH}" +# (移除了 echo 到 .bash_profile) [cite: 12] + +# 7. (作为 dev) 安装 Python 包 RUN pip install --no-cache-dir --user -i https://mirrors.aliyun.com/pypi/simple/ \ piper-tts \ onvif-zeep \ python-nmap \ psutil \ - paramiko -RUN echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bash_profile + paramiko [cite: 11, 12] +# (移除了所有 sudo chown 和 chmod 命令) [cite: 12] -RUN sudo chown -R dev:developers /app -RUN sudo chown dev:developers /app/edge_proxy -RUN sudo chmod 775 /app/edge_proxy - -USER dev - -CMD ["/app/edge_proxy"] \ No newline at end of file +# 8. (作为 dev) 设置默认命令 +CMD ["/app/edge_proxy"] [cite: 12] \ No newline at end of file