cleanup

whoiskatrin · whoiskatrin · commit 365da5b4a220 · 2025-10-31T15:39:52.000Z
diff --git a/packages/sandbox/Dockerfile b/packages/sandbox/Dockerfile
@@ -65,6 +65,9 @@ FROM ubuntu:22.04 AS python-builder
 # Prevent interactive prompts during package installation
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Accept architecture from Docker BuildKit (for multi-arch builds)
+ARG TARGETARCH
+
 # Install minimal dependencies for downloading
 RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     --mount=type=cache,target=/var/lib/apt,sharing=locked \
@@ -75,15 +78,23 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
 
 # Download and extract pre-built Python 3.11.14 from python-build-standalone
 # Using PGO+LTO optimized builds for better performance
+# Supports multi-arch: amd64 (x86_64) and arm64 (aarch64)
 RUN --mount=type=cache,target=/tmp/python-cache \
+    # Map Docker TARGETARCH to python-build-standalone arch naming
+    if [ "$TARGETARCH" = "amd64" ]; then \
+        PYTHON_ARCH="x86_64-unknown-linux-gnu"; \
+    elif [ "$TARGETARCH" = "arm64" ]; then \
+        PYTHON_ARCH="aarch64-unknown-linux-gnu"; \
+    else \
+        echo "Unsupported architecture: $TARGETARCH" && exit 1; \
+    fi && \
     cd /tmp/python-cache && \
-    wget -nc https://github.com/indygreg/python-build-standalone/releases/download/20251028/cpython-3.11.14+20251028-aarch64-unknown-linux-gnu-install_only.tar.gz && \
+    wget -nc https://github.com/indygreg/python-build-standalone/releases/download/20251028/cpython-3.11.14+20251028-${PYTHON_ARCH}-install_only.tar.gz && \
     cd /tmp && \
-    tar -xzf /tmp/python-cache/cpython-3.11.14+20251028-aarch64-unknown-linux-gnu-install_only.tar.gz && \
+    tar -xzf /tmp/python-cache/cpython-3.11.14+20251028-${PYTHON_ARCH}-install_only.tar.gz && \
     mv python /usr/local/ && \
     # Create symlinks for standard Python locations
     ln -s /usr/local/python/bin/python3.11 /usr/local/bin/python3.11 && \
-    ln -s /usr/local/python/lib /usr/local/lib/python && \
     rm -rf /tmp/cpython-*
 
 # ============================================================================
@@ -106,7 +117,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
     rm -f /etc/apt/apt.conf.d/docker-clean && \
     echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >/etc/apt/apt.conf.d/keep-cache && \
     apt-get update && apt-get install -y --no-install-recommends \
-    ca-certificates curl wget procps git unzip zip jq file binutils \
+    ca-certificates curl wget procps git unzip zip jq \
     libssl3 zlib1g libbz2-1.0 libreadline8 libsqlite3-0 \
     libncursesw6 libtinfo6 libxml2 libxmlsec1 libffi8 liblzma5 libtk8.6 && \
     update-ca-certificates
@@ -117,21 +128,18 @@ COPY --from=python-builder /usr/local/python /usr/local/python
 # Create symlinks and update shared library cache
 RUN ln -s /usr/local/python/bin/python3.11 /usr/local/bin/python3.11 && \
     ln -s /usr/local/python/bin/python3 /usr/local/bin/python3 && \
+    ln -s /usr/local/python/bin/pip3 /usr/local/bin/pip3 && \
     echo "/usr/local/python/lib" > /etc/ld.so.conf.d/python.conf && \
     ldconfig
 
-# Set Python 3.11 as default python3, install pip, and clean up
+# Set Python 3.11 as default python3 and clean up
 RUN update-alternatives --install /usr/bin/python3 python3 /usr/local/bin/python3.11 1 && \
-    /usr/local/bin/python3.11 -m ensurepip && \
-    /usr/local/bin/python3.11 -m pip install --no-cache-dir --upgrade pip && \
     # Remove unnecessary Python files to reduce image size
     find /usr/local/python/lib -type d -name "test" -exec rm -rf {} + 2>/dev/null || true && \
     find /usr/local/python/lib -type d -name "tests" -exec rm -rf {} + 2>/dev/null || true && \
     find /usr/local/python/lib -name "*.pyc" -delete && \
     find /usr/local/python/lib -name "*.pyo" -delete && \
-    find /usr/local/python/lib -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true && \
-    # Strip debug symbols from Python binary (already stripped in pre-built)
-    strip /usr/local/python/bin/python3.11 2>/dev/null || true
+    find /usr/local/python/lib -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true
 
 # Install Python packages and clean up
 RUN --mount=type=cache,target=/root/.cache/pip \
@@ -140,17 +148,13 @@ RUN --mount=type=cache,target=/root/.cache/pip \
     find /usr/local/python/lib/python3.11/site-packages -type d -name "test" -exec rm -rf {} + 2>/dev/null || true && \
     find /usr/local/python/lib/python3.11/site-packages -type d -name "tests" -exec rm -rf {} + 2>/dev/null || true && \
     find /usr/local/python/lib/python3.11/site-packages -name "*.pyc" -delete && \
-    find /usr/local/python/lib/python3.11/site-packages -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true && \
-    # Strip debug symbols from .so files
-    find /usr/local/python/lib/python3.11/site-packages -name "*.so" -exec strip {} \; 2>/dev/null || true && \
-    # Remove binutils after stripping
-    apt-get remove -y binutils && apt-get autoremove -y
+    find /usr/local/python/lib/python3.11/site-packages -type d -name "__pycache__" -exec rm -rf {} + 2>/dev/null || true
 
-# Install Node.js 20 LTS using official NodeSource setup script
-RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
-    --mount=type=cache,target=/var/lib/apt,sharing=locked \
-    curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
-    && apt-get install -y nodejs
+# Install Node.js 20 LTS from official Node image
+COPY --from=node:20-slim /usr/local/bin/node /usr/local/bin/node
+COPY --from=node:20-slim /usr/local/lib/node_modules /usr/local/lib/node_modules
+RUN ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && \
+    ln -s /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx
 
 # Install Bun runtime from official image
 COPY --from=oven/bun:1 /usr/local/bin/bun /usr/local/bin/bun
