diff --git a/.drone.yml b/.drone.yml index b78cd75..fd02c7b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -7,10 +7,8 @@ platform: os: linux arch: arm64 trigger: - branch: - - main event: - - push + - tag steps: @@ -26,7 +24,7 @@ steps: from_secret: gitea_password repo: 192.168.0.75:3000/guanyuankai/bonus-edge-proxy insecure: true - mirror: "https://docker.m.daocloud.io" + mirror: "https://docker.m.daocloud.io" tags: - latest diff --git a/docker/Dockerfile.prod b/docker/Dockerfile.prod index 7e89ae0..269c9e8 100644 --- a/docker/Dockerfile.prod +++ b/docker/Dockerfile.prod @@ -45,24 +45,28 @@ RUN ls -l /app/build/ # ---------------------------------------------------- -# 阶段 2: "Production" -# 目标: 构建包含所有运行时库和您应用的精简镜像 +# 阶段 2: "Production" (修正版) # ---------------------------------------------------- FROM 192.168.0.75:3000/guanyuankai/ubuntu-arm64:22.04 ENV DEBIAN_FRONTEND=noninteractive - +# 1. (作为 root) 安装系统依赖 +# *** 修正:严格遵循原始 PPA 逻辑 *** RUN apt-get update && \ apt-get install -y --no-install-recommends \ - sudo unzip software-properties-common gpg-agent \ + unzip software-properties-common gpg-agent \ + python3 python3-pip \ && \ + # *** 先添加 PPA *** add-apt-repository -y ppa:jjriek/panfork-mesa && \ add-apt-repository -y ppa:jjriek/rockchip && \ add-apt-repository -y ppa:jjriek/rockchip-multimedia && \ + # *** 再次 Update,使 PPA 生效 *** apt-get update && \ + # *** 现在才安装 PPA 中的包 *** apt-get install -y --no-install-recommends \ - espeak-ng-data libespeak1 python3 python3-pip \ + espeak-ng-data libespeak1 \ libssl-dev libspdlog-dev libsqlite3-dev libboost-all-dev \ librockchip-mpp-dev librga-dev gstreamer1.0-rockchip \ libgstreamer1.0-dev libgstreamer-plugins-base1.0-dev \ @@ -74,23 +78,23 @@ RUN apt-get update && \ libopencv-dev nmap \ && rm -rf /var/lib/apt/lists/* +# 2. (作为 root) 创建用户和组 (已移除 sudo) +RUN groupadd -r developers && \ + useradd -ms /bin/bash -g developers dev && \ + groupadd -g 20 dialout || true && \ + groupadd -g 44 video || true && \ + groupadd -g 110 render || true && \ + usermod -a -G dialout dev && \ + usermod -a -G video dev && \ + usermod -a -G render dev && \ + usermod -a -G audio dev + +# 3. (作为 root) 复制所有文件 COPY --from=build_env /usr/local/lib/ /usr/local/lib/ COPY --from=build_env /usr/local/include/ /usr/local/include/ COPY --from=build_env /app/build/edge_proxy /app/edge_proxy WORKDIR /app -RUN groupadd -r developers && \ - useradd -ms /bin/bash -g developers -G sudo dev && \ - groupadd -g 20 dialout || true && \ - groupadd -g 44 video || true && \ - groupadd -g 110 render || true && \ - groupadd -g 29 render || true && \ - usermod -a -G dialout dev && \ - usermod -a -G video dev && \ - usermod -a -G render dev && \ - usermod -a -G audio dev && \ - echo "dev ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/dev-nopasswd - COPY rknn_sdk/librknn_api/include/rknn_api.h /usr/local/include/ COPY rknn_sdk/rknn_server/aarch64/usr/bin/rknn_server /usr/bin/rknn_server COPY rknn_sdk/librknn_api/aarch64/librknnrt.so /usr/lib/librknnrt.so @@ -102,23 +106,26 @@ RUN chmod +x /usr/bin/rknn_server RUN ldconfig COPY config/ /app/config/ -COPY models/ /app/models - +COPY models/ /app/models/ COPY piper_models/ /app/piper_models/ +# 4. (作为 root) 更改 /app 目录的所有权 +RUN chown -R dev:developers /app +RUN chmod 775 /app/edge_proxy + +# 5. 现在切换到 dev 用户 USER dev + +# 6. (作为 dev) 为 pip 设置 PATH 环境变量 +ENV PATH="/home/dev/.local/bin:${PATH}" + +# 7. (作为 dev) 安装 Python 包 RUN pip install --no-cache-dir --user -i https://mirrors.aliyun.com/pypi/simple/ \ piper-tts \ onvif-zeep \ python-nmap \ psutil \ - paramiko -RUN echo 'export PATH="$HOME/.local/bin:$PATH"' >> ~/.bash_profile - -RUN sudo chown -R dev:developers /app -RUN sudo chown dev:developers /app/edge_proxy -RUN sudo chmod 775 /app/edge_proxy - -USER dev + paramiko +# 8. (作为 dev) 设置默认命令 CMD ["/app/edge_proxy"] \ No newline at end of file