perso/opencode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: cleanup docker
perso/opencode/pipeline/head Something is wrong with the build of this commit
Details

Browse Source
This commit is contained in:
Julien Cabillot
2026-04-15 12:47:27 -04:00
parent 6cbb8d9989
commit 7a7162180a
3 changed files with 9 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files
AGENTS.md
+6 -4
View File
@@ -10,16 +10,18 @@ This repository builds and publishes a Docker image for [OpenCode](https://openc
. .
├── Dockerfile # Image definition ├── Dockerfile # Image definition
├── Jenkinsfile # CI/CD pipeline (nightly build + Docker Hub push) ├── Jenkinsfile # CI/CD pipeline (nightly build + Docker Hub push)
├── opencode-attach # Helper script for attaching to a running server
└── README.md # Usage documentation └── README.md # Usage documentation
``` ```
## Dockerfile conventions ## Dockerfile conventions
- **Base image**: `node:24-alpine` — use the latest Node.js LTS Alpine image. - **Base image**: `node:24` — Debian-based Node.js image (not Alpine, needed for apt packages).
- **Install**: `npm i -g opencode-ai` — installs OpenCode globally. - **Install**: `npm i -g opencode-ai n2-soul@<version>` — installs OpenCode and Soul globally.
- **Version check**: `RUN opencode --version` after install to validate the build and record the installed version in build logs. - **Version check**: `RUN opencode --version` after install to validate the build and record the installed version in build logs.
- **Dedicated user**: a non-root `opencode` user and group are created with `addgroup`/`adduser`. All runtime steps run as this user. - **Dedicated user**: a non-root `opencode` user and group are created with `groupadd`/`useradd` (UID/GID 1000). All runtime steps run as this user.
- **Entrypoint**: `["opencode", "serve"]` — the container always starts the HTTP server. - **Cluster tooling**: `kubectl` is copied from the official `registry.k8s.io/kubectl` image (multi-stage COPY).
- **Entrypoint**: `["opencode"]` — arguments are passed at runtime (e.g. `serve`).
## Jenkinsfile conventions ## Jenkinsfile conventions
Dockerfile
+2 -26
View File
@@ -1,48 +1,24 @@
FROM node:24 FROM node:24
RUN apt-get update && apt-get upgrade -y && \ RUN apt-get update && apt-get upgrade -y && \
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends ca-certificates && \
podman \
uidmap \
slirp4netns \
fuse-overlayfs \
dbus-user-session \
containernetworking-plugins \
netavark \
aardvark-dns \
iptables \
ca-certificates && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
RUN set -eux; \ RUN set -eux; \
userdel -r node; \ userdel -r node; \
groupadd -g 1000 opencode; \ groupadd -g 1000 opencode; \
useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \ useradd -m -u 1000 -g 1000 -s /usr/bin/bash opencode; \
awk -F: '!seen[$1":"$2":"$3]++' /etc/subuid > /etc/subuid.tmp; \
mv /etc/subuid.tmp /etc/subuid; \
awk -F: '!seen[$1":"$2":"$3]++' /etc/subgid > /etc/subgid.tmp; \
mv /etc/subgid.tmp /etc/subgid; \
mkdir -p /home/opencode/.config/containers /home/opencode/.local/share/containers; \
printf '%s\n' '[storage]' 'driver = "vfs"' > /home/opencode/.config/containers/storage.conf; \
printf '%s\n' '[engine]' 'cgroup_manager = "cgroupfs"' 'events_logger = "file"' > /home/opencode/.config/containers/containers.conf; \
chown -R 1000:1000 /home/opencode/.config /home/opencode/.local; \
npm update -g && \ npm update -g && \
npm install -g opencode-ai n2-soul@9.0.8 && \ npm install -g opencode-ai n2-soul@9.0.9 && \
chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/ && \ chown -R 1000:1000 /usr/local/lib/node_modules/n2-soul/ && \
npm cache clean --force npm cache clean --force
COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach COPY --chmod=755 opencode-attach /usr/local/bin/opencode-attach
COPY --from=registry.k8s.io/kubectl:v1.35.3 /bin/kubectl /usr/local/bin/kubectl COPY --from=registry.k8s.io/kubectl:v1.35.3 /bin/kubectl /usr/local/bin/kubectl
ENV XDG_RUNTIME_DIR=/tmp/run-user/1000
ENV _CONTAINERS_USERNS_CONFIGURED=""
RUN mkdir -p /tmp/run-user/1000 && chown -R 1000:1000 /tmp/run-user
USER opencode USER opencode
WORKDIR /home/opencode WORKDIR /home/opencode
RUN opencode --version RUN opencode --version
RUN podman --version
ENTRYPOINT ["opencode"] ENTRYPOINT ["opencode"]
README.md
+1 -20
View File
@@ -66,25 +66,6 @@ export OPENCODE_API_URL=http://127.0.0.1:4096
opencode-attach opencode-attach
``` ```
## Podman rootless (ready-to-use)
The image now includes Podman configured for rootless usage with the `opencode` user (`/etc/subuid`, `/etc/subgid`, `fuse-overlayfs`, `slirp4netns`).
When running this image, add runtime options required by Podman-in-container:
```bash
docker run -it -p 4096:4096 \
--security-opt seccomp=unconfined \
--device /dev/fuse \
jcabillot/opencode
```
Quick check inside the container:
```bash
podman info
```
## API ## API
Once running, the server exposes an OpenAPI 3.1 spec at: Once running, the server exposes an OpenAPI 3.1 spec at:
@@ -110,6 +91,6 @@ See the [OpenCode server docs](https://opencode.ai/docs/server/) for the full AP
- **Base image**: `node:24` (Debian) - **Base image**: `node:24` (Debian)
- **Install**: `opencode-ai` via npm global install - **Install**: `opencode-ai` via npm global install
- **User**: dedicated non-root `opencode` user - **User**: dedicated non-root `opencode` user
- **Container tooling**: Podman rootless (`podman`, `uidmap`, `slirp4netns`, `fuse-overlayfs`) - **Cluster tooling**: `kubectl` (copied from official registry image)
- **Entrypoint**: `opencode serve` - **Entrypoint**: `opencode serve`
- **Default port**: `4096` - **Default port**: `4096`