|
# ============================================
# OpenClaw Dockerfile - 多阶段构建(生产级)
# 优化点:减小镜像体积、分离构建和运行环境
# ============================================
# ===== 阶段1:构建阶段 =====
FROM node:20-alpine AS builder
WORKDIR /build
# 安装构建工具
RUN apk add --no-cache python3 py3-pip git make g++
# 安装 OpenClaw(含编译依赖)
RUN npm install -g openclaw@latest
# 安装 Python 依赖
RUN pip3 install --no-cache-dir \
requests \
aiohttp \
websockets
# ===== 阶段2:运行阶段 =====
FROM node:20-alpine AS runner
# 安装运行时依赖(不含编译工具)
RUN apk add --no-cache \
python3 \
py3-pip \
curl \
tini \
su-exec
# 创建非 root 用户
RUN addgroup -g 1000 openclaw && \
adduser -u 1000 -G openclaw -s /bin/sh -D openclaw
# 从构建阶段复制 OpenClaw
COPY --from=builder /usr/local/lib/node_modules /usr/local/lib/node_modules
COPY --from=builder /usr/local/bin/openclaw /usr/local/bin/openclaw
# 复制 Python 包
COPY --from=builder /usr/lib/python3* /usr/lib/python3*
COPY --from=builder /usr/local/lib/python3* /usr/local/lib/python3*
# 创建工作目录
WORKDIR /app
RUN mkdir -p /data/openclaw /etc/openclaw /app/workspace && \
chown -R openclaw:openclaw /data/openclaw /app/workspace
# 复制配置
COPY --chown=openclaw:openclaw openclaw.yaml /etc/openclaw/openclaw.yaml
# 切换到非 root 用户
USER openclaw
# 健康检查
HEALTHCHECK --interval=30s --timeout=10s --start-period=15s --retries=3 \
CMD curl -sf http://localhost:18789/health || exit 1
# 暴露端口
EXPOSE 18789
# 使用 tini 作为 init 进程(处理僵尸进程和信号转发)
ENTRYPOINT ["/sbin/tini", "--"]
CMD ["openclaw", "gateway", "start"]
|