From 373e6c1e203114b0a0faa65a0e099dba6ce6d942 Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Wed, 6 May 2026 19:35:03 +0200 Subject: [PATCH 01/10] Fix entrypoint.sh permission --- images/layered/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/layered/Containerfile b/images/layered/Containerfile index 7482280c..18511c61 100644 --- a/images/layered/Containerfile +++ b/images/layered/Containerfile @@ -47,7 +47,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +RUN chmod ugo+rx /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] From c302af9dd5f3bcccfdcee62f54693fb7120199ce Mon Sep 17 00:00:00 2001 From: jslocomotor <210083531+jslocomotor@users.noreply.github.com> Date: Wed, 6 May 2026 20:30:52 +0200 Subject: [PATCH 02/10] feat(images): toggle chromium installation --- docs/02-setup/02-build-setup.md | 1 + images/bench/Dockerfile | 8 ++++++-- images/custom/Containerfile | 9 +++++++-- images/production/Containerfile | 9 +++++++-- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/docs/02-setup/02-build-setup.md b/docs/02-setup/02-build-setup.md index 326de9bf..09cef899 100644 --- a/docs/02-setup/02-build-setup.md +++ b/docs/02-setup/02-build-setup.md @@ -96,6 +96,7 @@ See [Automated Builds and Deployment](../03-production/06-automated-builds-and-d | PYTHON_VERSION | Python version for the base image | | NODE_VERSION | Node.js version | | WKHTMLTOPDF_VERSION | wkhtmltopdf version | +| INSTALL_CHROMIUM | Configure chromium installation, defaults to `true` - needed for Frappe Workbench version >15 | | **bench only** | | | DEBIAN_BASE | Debian base version for the bench image, defaults to `bookworm` | | WKHTMLTOPDF_DISTRO | use the specified distro for debian package. Default is `bookworm` | diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 9c21345d..1cb0b278 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -4,6 +4,7 @@ LABEL author=frappé ARG GIT_REPO=https://github.com/frappe/bench.git ARG GIT_BRANCH=v5.x +ARG INSTALL_CHROMIUM=true RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ @@ -23,8 +24,6 @@ RUN apt-get update \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # to work inside the container locales \ build-essential \ @@ -75,6 +74,11 @@ RUN apt-get update \ file \ # For MIME type detection media-types \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ && rm -rf /var/lib/apt/lists/* RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 2ecb06d7..5f8072f6 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -8,6 +8,8 @@ COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_hea ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm +ARG INSTALL_CHROMIUM=true + ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -26,8 +28,6 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # For backups restic \ gpg \ @@ -62,6 +62,11 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ diff --git a/images/production/Containerfile b/images/production/Containerfile index f95a9703..e2a2f3ee 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -4,6 +4,8 @@ FROM python:${PYTHON_VERSION}-slim-${DEBIAN_BASE} AS base ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm +ARG INSTALL_CHROMIUM=true + ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -22,8 +24,6 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # For backups restic \ gpg \ @@ -58,6 +58,11 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ From 0a04e5ecd26b89382a8c3c81685b928359c90e5d Mon Sep 17 00:00:00 2001 From: jslocomotor <210083531+jslocomotor@users.noreply.github.com> Date: Thu, 7 May 2026 14:03:12 +0200 Subject: [PATCH 03/10] feat(images): permissive boolean check for INSTALL_CHROMIUM --- images/bench/Dockerfile | 2 +- images/custom/Containerfile | 2 +- images/production/Containerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 1cb0b278..2b2540b5 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -75,7 +75,7 @@ RUN apt-get update \ # For MIME type detection media-types \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 5f8072f6..084104b3 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -63,7 +63,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/production/Containerfile b/images/production/Containerfile index e2a2f3ee..983dc2ea 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -59,7 +59,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ From c7ac6b7666eb4ae9bd40e9665c23f27a2cedb3d9 Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Thu, 7 May 2026 21:27:16 +0200 Subject: [PATCH 04/10] fix all entrypoint.sh permissions to 755 --- images/custom/Containerfile | 2 +- images/layered/Containerfile | 2 +- images/production/Containerfile | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 084104b3..9528688b 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -163,7 +163,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/layered/Containerfile b/images/layered/Containerfile index 18511c61..c3326ddd 100644 --- a/images/layered/Containerfile +++ b/images/layered/Containerfile @@ -47,7 +47,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod ugo+rx /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/production/Containerfile b/images/production/Containerfile index 983dc2ea..7ad4089d 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -82,6 +82,7 @@ RUN useradd -ms /bin/bash frappe \ COPY resources/core/nginx/nginx-template.conf /templates/nginx/frappe.conf.template COPY resources/core/nginx/nginx-entrypoint.sh /usr/local/bin/nginx-entrypoint.sh COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_headers.conf +RUN chmod 755 /usr/local/bin/nginx-entrypoint.sh FROM base AS build @@ -153,7 +154,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] From 93ade44c6b5f25b409c41f04c18e22737e74d69b Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Thu, 7 May 2026 21:50:12 +0200 Subject: [PATCH 05/10] Revert "fix all entrypoint.sh permissions to 755" This reverts commit c7ac6b7666eb4ae9bd40e9665c23f27a2cedb3d9. --- images/custom/Containerfile | 2 +- images/layered/Containerfile | 2 +- images/production/Containerfile | 3 +-- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 9528688b..084104b3 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -163,7 +163,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod 755 /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/layered/Containerfile b/images/layered/Containerfile index c3326ddd..18511c61 100644 --- a/images/layered/Containerfile +++ b/images/layered/Containerfile @@ -47,7 +47,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod 755 /usr/local/bin/entrypoint.sh +RUN chmod ugo+rx /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/production/Containerfile b/images/production/Containerfile index 7ad4089d..983dc2ea 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -82,7 +82,6 @@ RUN useradd -ms /bin/bash frappe \ COPY resources/core/nginx/nginx-template.conf /templates/nginx/frappe.conf.template COPY resources/core/nginx/nginx-entrypoint.sh /usr/local/bin/nginx-entrypoint.sh COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_headers.conf -RUN chmod 755 /usr/local/bin/nginx-entrypoint.sh FROM base AS build @@ -154,7 +153,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod 755 /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] From 8f4130b5d33d015bbdf6aab50d6a6210e4084862 Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Thu, 7 May 2026 21:50:36 +0200 Subject: [PATCH 06/10] Revert "feat(images): permissive boolean check for INSTALL_CHROMIUM" This reverts commit 0a04e5ecd26b89382a8c3c81685b928359c90e5d. --- images/bench/Dockerfile | 2 +- images/custom/Containerfile | 2 +- images/production/Containerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 2b2540b5..1cb0b278 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -75,7 +75,7 @@ RUN apt-get update \ # For MIME type detection media-types \ # Chromium - && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 084104b3..5f8072f6 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -63,7 +63,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/production/Containerfile b/images/production/Containerfile index 983dc2ea..e2a2f3ee 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -59,7 +59,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ From 09fcd3e83b6327d27afd174d23ec116917adf000 Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Thu, 7 May 2026 21:50:56 +0200 Subject: [PATCH 07/10] Revert "feat(images): toggle chromium installation" This reverts commit c302af9dd5f3bcccfdcee62f54693fb7120199ce. --- docs/02-setup/02-build-setup.md | 1 - images/bench/Dockerfile | 8 ++------ images/custom/Containerfile | 9 ++------- images/production/Containerfile | 9 ++------- 4 files changed, 6 insertions(+), 21 deletions(-) diff --git a/docs/02-setup/02-build-setup.md b/docs/02-setup/02-build-setup.md index 09cef899..326de9bf 100644 --- a/docs/02-setup/02-build-setup.md +++ b/docs/02-setup/02-build-setup.md @@ -96,7 +96,6 @@ See [Automated Builds and Deployment](../03-production/06-automated-builds-and-d | PYTHON_VERSION | Python version for the base image | | NODE_VERSION | Node.js version | | WKHTMLTOPDF_VERSION | wkhtmltopdf version | -| INSTALL_CHROMIUM | Configure chromium installation, defaults to `true` - needed for Frappe Workbench version >15 | | **bench only** | | | DEBIAN_BASE | Debian base version for the bench image, defaults to `bookworm` | | WKHTMLTOPDF_DISTRO | use the specified distro for debian package. Default is `bookworm` | diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 1cb0b278..9c21345d 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -4,7 +4,6 @@ LABEL author=frappé ARG GIT_REPO=https://github.com/frappe/bench.git ARG GIT_BRANCH=v5.x -ARG INSTALL_CHROMIUM=true RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ @@ -24,6 +23,8 @@ RUN apt-get update \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ + #Chromium + chromium-headless-shell \ # to work inside the container locales \ build-essential \ @@ -74,11 +75,6 @@ RUN apt-get update \ file \ # For MIME type detection media-types \ - # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - chromium-headless-shell; \ - fi \ && rm -rf /var/lib/apt/lists/* RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 5f8072f6..2ecb06d7 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -8,8 +8,6 @@ COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_hea ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm -ARG INSTALL_CHROMIUM=true - ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -28,6 +26,8 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ + #Chromium + chromium-headless-shell \ # For backups restic \ gpg \ @@ -62,11 +62,6 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ - # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - chromium-headless-shell; \ - fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ diff --git a/images/production/Containerfile b/images/production/Containerfile index e2a2f3ee..f95a9703 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -4,8 +4,6 @@ FROM python:${PYTHON_VERSION}-slim-${DEBIAN_BASE} AS base ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm -ARG INSTALL_CHROMIUM=true - ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -24,6 +22,8 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ + #Chromium + chromium-headless-shell \ # For backups restic \ gpg \ @@ -58,11 +58,6 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ - # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ - DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ - chromium-headless-shell; \ - fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ From c363f459a46d4d1834027edf33f3092991db431a Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Fri, 8 May 2026 16:38:52 +0200 Subject: [PATCH 08/10] Reapply "feat(images): toggle chromium installation" This reverts commit 09fcd3e83b6327d27afd174d23ec116917adf000. --- docs/02-setup/02-build-setup.md | 1 + images/bench/Dockerfile | 8 ++++++-- images/custom/Containerfile | 9 +++++++-- images/production/Containerfile | 9 +++++++-- 4 files changed, 21 insertions(+), 6 deletions(-) diff --git a/docs/02-setup/02-build-setup.md b/docs/02-setup/02-build-setup.md index 326de9bf..09cef899 100644 --- a/docs/02-setup/02-build-setup.md +++ b/docs/02-setup/02-build-setup.md @@ -96,6 +96,7 @@ See [Automated Builds and Deployment](../03-production/06-automated-builds-and-d | PYTHON_VERSION | Python version for the base image | | NODE_VERSION | Node.js version | | WKHTMLTOPDF_VERSION | wkhtmltopdf version | +| INSTALL_CHROMIUM | Configure chromium installation, defaults to `true` - needed for Frappe Workbench version >15 | | **bench only** | | | DEBIAN_BASE | Debian base version for the bench image, defaults to `bookworm` | | WKHTMLTOPDF_DISTRO | use the specified distro for debian package. Default is `bookworm` | diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 9c21345d..1cb0b278 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -4,6 +4,7 @@ LABEL author=frappé ARG GIT_REPO=https://github.com/frappe/bench.git ARG GIT_BRANCH=v5.x +ARG INSTALL_CHROMIUM=true RUN apt-get update \ && DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ @@ -23,8 +24,6 @@ RUN apt-get update \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # to work inside the container locales \ build-essential \ @@ -75,6 +74,11 @@ RUN apt-get update \ file \ # For MIME type detection media-types \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ && rm -rf /var/lib/apt/lists/* RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 2ecb06d7..5f8072f6 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -8,6 +8,8 @@ COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_hea ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm +ARG INSTALL_CHROMIUM=true + ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -26,8 +28,6 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # For backups restic \ gpg \ @@ -62,6 +62,11 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ diff --git a/images/production/Containerfile b/images/production/Containerfile index f95a9703..e2a2f3ee 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -4,6 +4,8 @@ FROM python:${PYTHON_VERSION}-slim-${DEBIAN_BASE} AS base ARG WKHTMLTOPDF_VERSION=0.12.6.1-3 ARG WKHTMLTOPDF_DISTRO=bookworm +ARG INSTALL_CHROMIUM=true + ARG NODE_VERSION=24.13.0 ENV NVM_DIR=/home/frappe/.nvm ENV PATH=${NVM_DIR}/versions/node/v${NODE_VERSION}/bin/:${PATH} @@ -22,8 +24,6 @@ RUN useradd -ms /bin/bash frappe \ libharfbuzz0b \ libpangoft2-1.0-0 \ libpangocairo-1.0-0 \ - #Chromium - chromium-headless-shell \ # For backups restic \ gpg \ @@ -58,6 +58,11 @@ RUN useradd -ms /bin/bash frappe \ && curl -sLO https://github.com/wkhtmltopdf/packaging/releases/download/$WKHTMLTOPDF_VERSION/$downloaded_file \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ + # Chromium + && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ + chromium-headless-shell; \ + fi \ # Clean up && rm -rf /var/lib/apt/lists/* \ && rm -fr /etc/nginx/sites-enabled/default \ From 37e91a2db231b9f76864295928eda9ce0313389d Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Fri, 8 May 2026 16:39:31 +0200 Subject: [PATCH 09/10] Reapply "feat(images): permissive boolean check for INSTALL_CHROMIUM" This reverts commit 8f4130b5d33d015bbdf6aab50d6a6210e4084862. --- images/bench/Dockerfile | 2 +- images/custom/Containerfile | 2 +- images/production/Containerfile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/images/bench/Dockerfile b/images/bench/Dockerfile index 1cb0b278..2b2540b5 100644 --- a/images/bench/Dockerfile +++ b/images/bench/Dockerfile @@ -75,7 +75,7 @@ RUN apt-get update \ # For MIME type detection media-types \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 5f8072f6..084104b3 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -63,7 +63,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ diff --git a/images/production/Containerfile b/images/production/Containerfile index e2a2f3ee..983dc2ea 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -59,7 +59,7 @@ RUN useradd -ms /bin/bash frappe \ && apt-get install -y ./$downloaded_file \ && rm $downloaded_file \ # Chromium - && if [ "$INSTALL_CHROMIUM" = "true" ]; then \ + && if [ "$INSTALL_CHROMIUM" != "false" ]; then \ DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -y \ chromium-headless-shell; \ fi \ From 004b27a5a7f144c1974544978a4d08c8d7d14629 Mon Sep 17 00:00:00 2001 From: Ingo Schuck Date: Fri, 8 May 2026 16:41:30 +0200 Subject: [PATCH 10/10] Reapply "fix all entrypoint.sh permissions to 755" This reverts commit 93ade44c6b5f25b409c41f04c18e22737e74d69b. --- images/custom/Containerfile | 2 +- images/layered/Containerfile | 2 +- images/production/Containerfile | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/images/custom/Containerfile b/images/custom/Containerfile index 084104b3..9528688b 100644 --- a/images/custom/Containerfile +++ b/images/custom/Containerfile @@ -163,7 +163,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/layered/Containerfile b/images/layered/Containerfile index 18511c61..c3326ddd 100644 --- a/images/layered/Containerfile +++ b/images/layered/Containerfile @@ -47,7 +47,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod ugo+rx /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/images/production/Containerfile b/images/production/Containerfile index 983dc2ea..7ad4089d 100644 --- a/images/production/Containerfile +++ b/images/production/Containerfile @@ -82,6 +82,7 @@ RUN useradd -ms /bin/bash frappe \ COPY resources/core/nginx/nginx-template.conf /templates/nginx/frappe.conf.template COPY resources/core/nginx/nginx-entrypoint.sh /usr/local/bin/nginx-entrypoint.sh COPY resources/core/nginx/security_headers.conf /etc/nginx/snippets/security_headers.conf +RUN chmod 755 /usr/local/bin/nginx-entrypoint.sh FROM base AS build @@ -153,7 +154,7 @@ VOLUME [ \ USER root # This entrypoint script link build assets of the image to the mounted sites volume at container initialization COPY resources/core/main-entrypoint.sh /usr/local/bin/entrypoint.sh -RUN chmod +x /usr/local/bin/entrypoint.sh +RUN chmod 755 /usr/local/bin/entrypoint.sh USER frappe ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]