yujunjun/playwright
1
0
Fork 0
mirror of https://github.com/microsoft/playwright.git synced 2025-06-26 21:40:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(docker): add again pwuser (#3899)

Browse Source 
In version 1.4 we introduced a breaking change for the Docker behaviour since we removed the pwuser completely. In this PR I add this user again and create a symlink so that root uses the browser of the pwuser. This has also the benefit, that the users who wants to use the seccomp profile that they don't have to create this user.

Reference: https://playwright.slack.com/archives/CSUHZPVLM/p1600240776120400

Tested on root and on pwuser. Works.

References #4084
This commit is contained in:
Max Schmitt 2020-10-08 20:53:07 +02:00 committed by GitHub
parent b4ad6e79a4
commit e6a1a1c129
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
docs/docker/Dockerfile.bionic
View File

@ -61,6 +61,9 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
RUN apt-get update && apt-get install -y --no-install-recommends git ssh && \
npm install -g yarn
# 9. Create the pwuser (we internally create a symlink for the pwuser and the root user)
RUN adduser pwuser
# === BAKE BROWSERS INTO IMAGE ===
# 1. Add tip-of-tree Playwright package to install its browsers.
@ -68,7 +71,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends git ssh && \
COPY ./playwright.tar.gz /tmp/playwright.tar.gz
# 2. Install playwright and then delete the installation.
# Browsers will remain downloaded in `/root/.cache/ms-playwright`.
RUN mkdir /tmp/pw && cd /tmp/pw && npm init -y && \
npm i /tmp/playwright.tar.gz && \
# Browsers will remain downloaded in `/home/pwuser/.cache/ms-playwright`.
RUN su pwuser -c "mkdir /tmp/pw && cd /tmp/pw && npm init -y && \
npm i /tmp/playwright.tar.gz" && \
rm -rf /tmp/pw && rm /tmp/playwright.tar.gz
# 3. Symlink downloaded browsers for root user
RUN mkdir /root/.cache/ && \
ln -s /home/pwuser/.cache/ms-playwright/ /root/.cache/ms-playwright

3
docs/docker/README.md
View File

@ -48,7 +48,7 @@ docker run -it --rm --ipc=host mcr.microsoft.com/playwright:bionic /bin/bash
On untrusted websites, it's recommended to use a separate user for launching the browsers in combination with the seccomp profile. Inside the container or if you are using the Docker image as a base image you have to use `adduser` for it.
```
$ docker run -it --rm --ipc=host --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash
$ docker run -it --rm --ipc=host --user pwuser --security-opt seccomp=seccomp_profile.json mcr.microsoft.com/playwright:bionic /bin/bash
```
[`seccomp_profile.json`](seccomp_profile.json) is needed to run Chromium with sandbox. This is
@ -73,7 +73,6 @@ a [default Docker seccomp profile](https://github.com/docker/engine/blob/d0d99b0
> **NOTE**: Using `--ipc=host` is recommended when using Chrome ([Docker docs](https://docs.docker.com/engine/reference/run/#ipc-settings---ipc)). Chrome can run out of memory without this flag.
Since the seccomp profile is now in use, you have to create a separate user with `adduser pwuser` which you use to run your browsers with Playwright.
### Using on CI