43 lines
1.5 KiB
Text
43 lines
1.5 KiB
Text
# ──────────────────────────────────────────────
|
|
# SF Docker Sandbox Template
|
|
# Base: docker/sandbox-templates:shell
|
|
# Purpose: Isolated environment for SF auto mode
|
|
# Usage: docker sandbox create --template ./docker
|
|
# ──────────────────────────────────────────────
|
|
FROM node:26-bookworm-slim
|
|
|
|
# System dependencies required by SF
|
|
RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
git \
|
|
curl \
|
|
ca-certificates \
|
|
openssh-client \
|
|
gosu \
|
|
libsecret-1-0 \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Install SF globally — version controlled via build arg
|
|
ARG SF_VERSION=latest
|
|
RUN npm install -g singularity-forge@${SF_VERSION}
|
|
|
|
# Create non-root user for sandbox isolation
|
|
RUN groupadd --gid 1000 sf \
|
|
&& useradd --uid 1000 --gid sf --shell /bin/bash --create-home sf
|
|
|
|
# Persistent SF state directory
|
|
RUN mkdir -p /home/sf/.sf && chown -R sf:sf /home/sf/.sf
|
|
|
|
# Workspace directory — synced from host via Docker sandbox
|
|
WORKDIR /workspace
|
|
RUN chown sf:sf /workspace
|
|
|
|
# Entrypoint handles UID/GID remapping, bootstrap, and drops to sf user
|
|
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
|
COPY bootstrap.sh /usr/local/bin/bootstrap.sh
|
|
RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/bootstrap.sh
|
|
|
|
# Expose default SF web UI port
|
|
EXPOSE 3000
|
|
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
|
CMD ["sf", "--help"]
|