mirror of
https://github.com/KeygraphHQ/shannon.git
synced 2026-05-13 13:25:03 +02:00
ajmallesh
cbb2b4acc0
- Install uv instead of deprecated uvx package - Add mcp-server and configs directories to container - Mount target repo dynamically via TARGET_REPO env variable
46 lines
976 B
Docker
46 lines
976 B
Docker
# Wolfi-based worker for Shannon AI pentester
|
|
FROM cgr.dev/chainguard/wolfi-base:latest
|
|
|
|
# Install Node.js 22, Python 3.12, Chromium, and dependencies
|
|
RUN apk add --no-cache \
|
|
nodejs-22 \
|
|
npm \
|
|
python-3.12 \
|
|
py3.12-pip \
|
|
chromium \
|
|
git \
|
|
bash \
|
|
curl
|
|
|
|
# Install uv (includes uvx command) for browser-use
|
|
RUN pip install uv --break-system-packages
|
|
|
|
# Create non-root user
|
|
RUN adduser -D -u 1000 pentest
|
|
WORKDIR /app
|
|
|
|
# Copy package files first for better caching
|
|
COPY package*.json ./
|
|
|
|
# Install dependencies
|
|
RUN npm ci --omit=dev
|
|
|
|
# Copy application code
|
|
COPY dist/ ./dist/
|
|
COPY prompts/ ./prompts/
|
|
COPY mcp-server/ ./mcp-server/
|
|
COPY configs/ ./configs/
|
|
|
|
# Set ownership
|
|
RUN chown -R pentest:pentest /app
|
|
|
|
# Switch to non-root user
|
|
USER pentest
|
|
|
|
# Set Chromium path for Playwright
|
|
ENV CHROME_PATH=/usr/bin/chromium-browser
|
|
ENV PLAYWRIGHT_CHROMIUM_EXECUTABLE_PATH=/usr/bin/chromium-browser
|
|
|
|
# Entry point
|
|
CMD ["node", "dist/temporal/worker.js"]
|