Merge branch 'trunk' into renovate/postgresql-16.x

SeleniumHQ · Dec 17, 2024 · db45e8f · db45e8f
2 parents 6e29d8d + 6e322d1
commit db45e8f
Show file tree

Hide file tree

Showing 24 changed files with 366 additions and 251 deletions.
diff --git a/.ffmpeg/Dockerfile b/.ffmpeg/Dockerfile
@@ -0,0 +1,87 @@
+FROM ubuntu:noble AS builder
+ARG VERSION_FFMPEG="7.1"
+ARG VERSION_RCLONE="v1.68.2"
+ARG VERSION_GO="latest"
+ARG GO_CRYPTO_VERSION="v0.31.0"
+
+USER root
+
+#======================================
+# Install build tools
+#======================================
+ARG TOOLS_DEPS="autoconf automake cmake libfreetype6 gcc build-essential libtool make nasm pkg-config zlib1g-dev numactl \
+libnuma-dev libx11-dev libxcb-shm0 libxcb1-dev yasm git curl jq wget ca-certificates"
+
+RUN apt-get update -qqy \
+    && apt-get upgrade -yq \
+    && apt-get -qqy --no-install-recommends install ${TOOLS_DEPS} \
+    && apt-get -qyy clean \
+    && mkdir -p /usr/local/src
+
+RUN if [ "${VERSION_GO}" = "latest" ]; then \
+        VERSION_GO=$(curl -sk https://go.dev/dl/?mode=json | jq -r '.[0].version'); \
+    fi \
+    && curl -skLO https://go.dev/dl/$VERSION_GO.linux-$(dpkg --print-architecture).tar.gz \
+    && tar -xf $VERSION_GO.linux-$(dpkg --print-architecture).tar.gz -C /usr/local \
+    && rm -rf $VERSION_GO.linux-$(dpkg --print-architecture).tar.gz* \
+    && ln -sf /usr/local/go/bin/go /usr/bin/go \
+    && go version
+
+RUN cd /usr/local/src \
+    && git clone https://github.com/rclone/rclone.git \
+    && cd rclone \
+    && git checkout $VERSION_RCLONE \
+    # Patch deps version in go.mod to fix CVEs
+    && sed -i "s|golang.org/x/crypto v.*|golang.org/x/crypto ${GO_CRYPTO_VERSION}|g" go.mod \
+    && go mod tidy \
+    # Build rclone
+    && make \
+    && mv ~/go/bin/rclone /usr/local/bin/ \
+    && rclone version
+
+#======================================
+# Install x264 from source
+#======================================
+RUN cd /usr/local/src \
+    && git clone https://code.videolan.org/videolan/x264.git \
+    && cd x264 \
+    && ./configure --prefix="/usr/local" --enable-static \
+    && make \
+    && make install
+
+#======================================
+# Install FFmpeg from source
+#======================================
+RUN cd /usr/local/src \
+    && git clone https://github.com/FFmpeg/FFmpeg.git \
+    && cd FFmpeg \
+    && git checkout release/$VERSION_FFMPEG \
+    && PKG_CONFIG_PATH="/usr/local/lib/pkgconfig" ./configure \
+    --prefix="/usr/local" \
+    --extra-cflags="-I/usr/local/include" \
+    --extra-ldflags="-L/usr/local/lib" \
+    --pkg-config-flags="--static" \
+    --enable-gpl \
+    --enable-nonfree \
+    --enable-libx264 \
+    --enable-libxcb \
+    --enable-static \
+    && make \
+    && make install
+
+# Final stage
+FROM ubuntu:noble
+
+USER root
+
+COPY --from=builder /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg
+COPY --from=builder /usr/local/bin/rclone /usr/local/bin/rclone
+
+RUN apt-get -qqy update \
+    && apt-get -qqy --no-install-recommends install \
+    libx11-dev libxcb-shm0 libxcb1-dev \
+    && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
+
+RUN ldd /usr/local/bin/ffmpeg \
+    && ffmpeg -version \
+    && rclone --version
diff --git a/.github/workflows/build-ffmpeg.yml b/.github/workflows/build-ffmpeg.yml
@@ -0,0 +1,68 @@
+name: Build and Deploy FFmpeg
+
+on:
+  push:
+    paths:
+      - '.ffmpeg/Dockerfile'
+  workflow_dispatch:
+    inputs:
+      release:
+        description: 'Deploy a new release'
+        required: false
+        type: boolean
+        default: false
+
+jobs:
+  deploy:
+    name: Build and Deploy FFmpeg
+    runs-on: blacksmith-8vcpu-ubuntu-2204
+    permissions: write-all
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@main
+        with:
+          persist-credentials: false
+          fetch-depth: 0
+      - name: Set up containerd image store feature
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 10
+          max_attempts: 3
+          command: |
+            make setup_dev_env
+      - name: Output Docker info
+        run: docker info
+      - name: Sets build date
+        run: |
+          echo "BUILD_DATE=$(date '+%Y%m%d')" >> $GITHUB_ENV
+          echo "NAME=${NAMESPACE}" >> $GITHUB_ENV
+          make set_build_multiarch
+          cat .env | xargs -I {} echo {} >> $GITHUB_ENV
+        env:
+          NAMESPACE: ${{ vars.DOCKER_NAMESPACE || 'selenium' }}
+          AUTHORS: ${{ vars.AUTHORS || 'SeleniumHQ' }}
+      - name: Build images
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 300
+          max_attempts: 2
+          retry_wait_seconds: 60
+          command: |
+            PLATFORMS="${PLATFORMS}" make ffmpeg
+            make tag_ffmpeg_latest
+      - name: Login Docker Hub
+        if: ${{ github.event.inputs.release == 'true' }}
+        run: docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
+        env:
+          DOCKER_USERNAME: ${{secrets.DOCKER_USERNAME}}
+          DOCKER_PASSWORD: ${{secrets.DOCKER_PASSWORD}}
+      - name: Deploy new images
+        if: ${{ github.event.inputs.release == 'true' }}
+        uses: nick-invision/retry@master
+        with:
+          timeout_minutes: 20
+          max_attempts: 5
+          retry_wait_seconds: 300
+          continue_on_error: true
+          command: |
+            make release_ffmpeg_latest
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -194,7 +194,7 @@ jobs:
       - name: Create Release
         if: env.LATEST_TAG != env.NEXT_TAG
         id: create_release
-        uses: softprops/action-gh-release@master
+        uses: softprops/action-gh-release@v2.1.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           tag_name: "${{ env.GRID_VERSION }}-${{ env.BUILD_DATE }}"

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -143,7 +143,7 @@ jobs:
           command: make chart_release
       - name: Create Nightly Release
         id: create_release
-        uses: softprops/action-gh-release@master
+        uses: softprops/action-gh-release@v2.1.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           tag_name: ${{ env.BASE_RELEASE }}

diff --git a/Base/Dockerfile b/Base/Dockerfile
@@ -35,14 +35,14 @@ ENV DEBIAN_FRONTEND=noninteractive \
     SEL_GID=${GID} \
     HOME=${HOME} \
     TZ=${TZ} \
-    SEL_DOWNLOAD_DIR=${HOME}/Downloads
+    SEL_DOWNLOAD_DIR=${HOME}/Downloads \
+    VIDEO_FOLDER="/videos"
 
 #========================
 # Miscellaneous packages
 # Includes minimal runtime used for executing non GUI Java programs
 #========================
-RUN --mount=type=secret,id=SEL_PASSWD \
-  if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
+RUN if [ "$(dpkg --print-architecture)" = "amd64" ]; then \
       echo "deb http://archive.ubuntu.com/ubuntu noble main universe\n" > /etc/apt/sources.list \
       && echo "deb http://archive.ubuntu.com/ubuntu noble-updates main universe\n" >> /etc/apt/sources.list \
       && echo "deb http://security.ubuntu.com/ubuntu noble-security main universe\n" >> /etc/apt/sources.list ; \
@@ -52,6 +52,7 @@ RUN --mount=type=secret,id=SEL_PASSWD \
   && apt-get -qqy --no-install-recommends install \
     acl \
     bzip2 \
+    xz-utils \
     ca-certificates \
     tzdata \
     sudo \
@@ -62,15 +63,16 @@ RUN --mount=type=secret,id=SEL_PASSWD \
     supervisor \
     gnupg2 \
     libnss3-tools \
-    python3-pip \
     openjdk-${JRE_VERSION}-jre-headless \
-  && if [ "${TARGETARCH}" = "arm" ] && [ "${TARGETVARIANT}" = "v7" ]; then \
+  && rm -rf /var/lib/apt/lists/* /var/cache/apt/*
+
+RUN --mount=type=secret,id=SEL_PASSWD \
+    if [ "${TARGETARCH}" = "arm" ] && [ "${TARGETVARIANT}" = "v7" ]; then \
        export ARCH=armhf ; \
     else \
        export ARCH=$(dpkg --print-architecture) ; \
     fi \
   && sed -i 's/securerandom\.source=file:\/dev\/random/securerandom\.source=file:\/dev\/urandom/' /usr/lib/jvm/java-${JRE_VERSION}-openjdk-${ARCH}/conf/security/java.security \
-  && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
 #===================
 # Timezone settings
 # Possible alternative: https://github.com/docker/docker/issues/3359#issuecomment-32150214
@@ -95,18 +97,18 @@ RUN --mount=type=secret,id=SEL_PASSWD \
 # Selenium & relaxing permissions for OpenShift and other non-sudo environments
 #==========
   && mkdir -p /opt/selenium /opt/selenium/assets /opt/selenium/secrets /var/run/supervisor /var/log/supervisor ${SEL_DOWNLOAD_DIR} \
-    ${HOME}/.mozilla ${HOME}/.vnc ${HOME}/.pki/nssdb \
+    ${HOME}/.mozilla ${HOME}/.vnc ${HOME}/.pki/nssdb ${VIDEO_FOLDER} \
   # NSSDB initialization with an empty password
   && certutil -d sql:${HOME}/.pki/nssdb -N --empty-password \
   && touch /opt/selenium/config.toml \
-  && chown -R ${SEL_USER}:${SEL_GROUP} /opt/selenium /var/run/supervisor /var/log/supervisor /etc/passwd ${HOME} \
-  && chmod -R 775 /opt/selenium /var/run/supervisor /var/log/supervisor /etc/passwd ${HOME} \
+  && chown -R ${SEL_USER}:${SEL_GROUP} /opt/selenium /var/run/supervisor /var/log/supervisor /etc/passwd ${HOME} ${VIDEO_FOLDER} \
+  && chmod -R 775 /opt/selenium /var/run/supervisor /var/log/supervisor /etc/passwd ${HOME} ${VIDEO_FOLDER} \
   && wget --no-verbose https://github.com/${AUTHORS}/selenium/releases/download/${RELEASE}/selenium-server-${VERSION}.jar \
     -O /opt/selenium/selenium-server.jar \
-  && chgrp -R 0 /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
-  && chmod -R g=u /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
-  && setfacl -Rm u:${SEL_USER}:rwx /opt /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
-  && setfacl -Rm g:${SEL_GROUP}:rwx /opt /opt/selenium ${HOME} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
+  && chgrp -R 0 /opt/selenium ${HOME} ${VIDEO_FOLDER} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
+  && chmod -R g=u /opt/selenium ${HOME} ${VIDEO_FOLDER} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
+  && setfacl -Rm u:${SEL_USER}:rwx /opt /opt/selenium ${HOME} ${VIDEO_FOLDER} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
+  && setfacl -Rm g:${SEL_GROUP}:rwx /opt /opt/selenium ${HOME} ${VIDEO_FOLDER} /opt/selenium/assets /var/run/supervisor /var/log/supervisor \
 #=====
 # Download observability related OpenTelemetry jars and make them available in a separate directory
 # so that the container can skip downloading them everytime it comes up

diff --git a/Makefile b/Makefile
@@ -17,10 +17,11 @@ BUILD_ARGS := $(BUILD_ARGS) --progress plain
 MAJOR := $(word 1,$(subst ., ,$(TAG_VERSION)))
 MINOR := $(word 2,$(subst ., ,$(TAG_VERSION)))
 MAJOR_MINOR_PATCH := $(word 1,$(subst -, ,$(TAG_VERSION)))
+FFMPEG_VERSION := $(or $(FFMPEG_VERSION),$(FFMPEG_VERSION),7.1)
 FFMPEG_TAG_PREV_VERSION := $(or $(FFMPEG_TAG_PREV_VERSION),$(FFMPEG_TAG_PREV_VERSION),ffmpeg-7.1)
 FFMPEG_TAG_VERSION := $(or $(FFMPEG_TAG_VERSION),$(FFMPEG_TAG_VERSION),ffmpeg-7.1)
-FFMPEG_BASED_NAME := $(or $(FFMPEG_BASED_NAME),$(FFMPEG_BASED_NAME),linuxserver)
-FFMPEG_BASED_TAG := $(or $(FFMPEG_BASED_TAG),$(FFMPEG_BASED_TAG),version-7.1-cli)
+FFMPEG_BASED_NAME := $(or $(FFMPEG_BASED_NAME),$(FFMPEG_BASED_NAME),selenium)
+FFMPEG_BASED_TAG := $(or $(FFMPEG_BASED_TAG),$(FFMPEG_BASED_TAG),latest)
 CURRENT_PLATFORM := $(shell if [ `arch` = "aarch64" ] || [ `arch` = "arm64" ]; then echo "linux/arm64"; else echo "linux/amd64"; fi)
 PLATFORMS := $(or $(PLATFORMS),$(shell echo $$PLATFORMS),$(CURRENT_PLATFORM))
 SEL_PASSWD := $(or $(SEL_PASSWD),$(SEL_PASSWD),secret)
@@ -143,8 +144,8 @@ sessionqueue: base
 event_bus: base
 	cd ./EventBus && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) -t $(NAME)/event-bus:$(TAG_VERSION) .
 
-node_base: base
-	cd ./NodeBase && SEL_PASSWD=$(SEL_PASSWD) docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --secret id=SEL_PASSWD -t $(NAME)/node-base:$(TAG_VERSION) .
+node_base: base video
+	cd ./NodeBase && SEL_PASSWD=$(SEL_PASSWD) docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg BASE=video --build-arg VERSION=$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) --secret id=SEL_PASSWD -t $(NAME)/node-base:$(TAG_VERSION) .
 
 chrome: node_base
 	case "$(PLATFORMS)" in \
@@ -187,7 +188,7 @@ firefox: node_base
 	cd ./NodeFirefox && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg FIREFOX_DOWNLOAD_URL=$(FIREFOX_DOWNLOAD_URL) -t $(NAME)/node-firefox:$(TAG_VERSION) .
 
 firefox_dev:
-	cd ./NodeFirefox && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg FIREFOX_VERSION=nightly-latest -t $(NAME)/node-firefox:dev .
+	cd ./NodeFirefox && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg FIREFOX_VERSION=devedition-latest -t $(NAME)/node-firefox:dev .
 
 firefox_beta:
 	cd ./NodeFirefox && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) $(FROM_IMAGE_ARGS) --build-arg FIREFOX_VERSION=beta-latest -t $(NAME)/node-firefox:beta .
@@ -244,8 +245,11 @@ standalone_edge_dev: edge_dev
 standalone_edge_beta: edge_beta
 	cd ./Standalone && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg NAMESPACE=$(NAME) --build-arg VERSION=beta --build-arg BASE=node-edge -t $(NAME)/standalone-edge:beta .
 
-video:
-	cd ./Video && SEL_PASSWD=$(SEL_PASSWD) docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg NAMESPACE=$(FFMPEG_BASED_NAME) --build-arg BASED_TAG=$(FFMPEG_BASED_TAG) --secret id=SEL_PASSWD --sbom=true --attest type=provenance,mode=max -t $(NAME)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) .
+video: base
+	cd ./Video && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg FFMPEG_BASED_NAME=$(FFMPEG_BASED_NAME) --build-arg FFMPEG_BASED_TAG=$(FFMPEG_BASED_TAG) $(FROM_IMAGE_ARGS) -t $(NAME)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) .
+
+ffmpeg:
+	cd ./.ffmpeg && docker buildx build --platform $(PLATFORMS) $(BUILD_ARGS) --build-arg VERSION_FFMPEG=$(FFMPEG_VERSION) $(FROM_IMAGE_ARGS) -t $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE) .
 
 fetch_grid_scaler_resources:
 	mkdir -p ./.keda/scalers \
@@ -332,6 +336,10 @@ tag_and_push_edge_images:
 tag_and_push_firefox_images:
 	./tag_and_push_browser_images.sh $(VERSION) $(BUILD_DATE) $(NAMESPACE) $(PUSH_IMAGE) firefox
 
+tag_ffmpeg_latest:
+	docker tag $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE) $(NAME)/ffmpeg:latest
+	docker tag $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE) $(NAME)/ffmpeg:$(FFMPEG_VERSION)
+
 tag_latest:
 	docker tag $(NAME)/base:$(TAG_VERSION) $(NAME)/base:latest
 	docker tag $(NAME)/hub:$(TAG_VERSION) $(NAME)/hub:latest
@@ -353,6 +361,11 @@ tag_latest:
 	docker tag $(NAME)/standalone-docker:$(TAG_VERSION) $(NAME)/standalone-docker:latest
 	docker tag $(NAME)/video:$(FFMPEG_TAG_VERSION)-$(BUILD_DATE) $(NAME)/video:latest
 
+release_ffmpeg_latest:
+	docker push $(NAME)/ffmpeg:latest
+	docker push $(NAME)/ffmpeg:$(FFMPEG_VERSION)
+	docker push $(NAME)/ffmpeg:$(FFMPEG_VERSION)-$(BUILD_DATE)
+
 release_latest: release_grid_scaler_latest
 	docker push $(NAME)/base:latest
 	docker push $(NAME)/hub:latest

diff --git a/NodeBase/Dockerfile b/NodeBase/Dockerfile
@@ -1,6 +1,7 @@
 ARG NAMESPACE=selenium
 ARG VERSION=latest
-FROM ${NAMESPACE}/base:${VERSION}
+ARG BASE=base
+FROM ${NAMESPACE}/${BASE}:${VERSION}
 ARG AUTHORS
 LABEL authors=${AUTHORS}
 
@@ -49,6 +50,8 @@ ENV LANG_WHICH=${LANG_WHICH} \
 #============================
 # Some configuration options
 #============================
+    SE_RECORD_VIDEO=false \
+    DISPLAY_CONTAINER_NAME="localhost" \
     SE_SCREEN_WIDTH=1920 \
     SE_SCREEN_HEIGHT=1080 \
     SE_SCREEN_DEPTH=24 \
@@ -66,8 +69,7 @@ ENV LANG_WHICH=${LANG_WHICH} \
     # Following line fixes https://github.com/SeleniumHQ/docker-selenium/issues/87
     DBUS_SESSION_BUS_ADDRESS=/dev/null
 
-RUN --mount=type=secret,id=SEL_PASSWD \
-  apt-get update -qqy \
+RUN apt-get update -qqy \
   && apt-get -qqy --no-install-recommends install \
 #==============
 # Xvfb
@@ -102,13 +104,13 @@ RUN --mount=type=secret,id=SEL_PASSWD \
   && locale-gen ${LANGUAGE} \
   && dpkg-reconfigure --frontend noninteractive locales \
   && apt-get -qyy autoremove \
-  && rm -rf /var/lib/apt/lists/* \
-  && apt-get -qyy clean \
-  && pip install --no-cache-dir --upgrade --break-system-packages setuptools \
+  && rm -rf /var/lib/apt/lists/* /var/cache/apt/* \
+  && apt-get -qyy clean
 ########################################
 # noVNC exposes VNC through a web page #
 ########################################
-  && wget -nv -O noVNC.zip \
+RUN --mount=type=secret,id=SEL_PASSWD \
+  wget -nv -O noVNC.zip \
        "https://github.com/novnc/noVNC/archive/refs/${NOVNC_SOURCE}/${NOVNC_VERSION}.zip" \
   && unzip -x noVNC.zip \
   && mv noVNC-${NOVNC_VERSION#v} /opt/bin/noVNC \
@@ -120,7 +122,7 @@ RUN --mount=type=secret,id=SEL_PASSWD \
   && rm websockify.zip \
   # Setup dependencies
   && cd websockify-${WEBSOCKIFY_VERSION#v} \
-  && python3 setup.py install \
+  && python3 -m pip install --break-system-packages . \
   # Move websockify and run to the noVNC directory
   && mv websockify /opt/bin/noVNC/utils/websockify \
   && mv run /opt/bin/noVNC/utils/websockify \

diff --git a/NodeChrome/Dockerfile b/NodeChrome/Dockerfile
@@ -1,6 +1,7 @@
 ARG NAMESPACE=selenium
 ARG VERSION=latest
-FROM ${NAMESPACE}/node-base:${VERSION}
+ARG BASE=node-base
+FROM ${NAMESPACE}/${BASE}:${VERSION}
 ARG AUTHORS
 LABEL authors=${AUTHORS}
 

diff --git a/NodeChromium/Dockerfile b/NodeChromium/Dockerfile
@@ -1,6 +1,7 @@
 ARG NAMESPACE=selenium
 ARG VERSION=latest
-FROM ${NAMESPACE}/node-base:${VERSION}
+ARG BASE=node-base
+FROM ${NAMESPACE}/${BASE}:${VERSION}
 ARG AUTHORS
 LABEL authors=${AUTHORS}
 

diff --git a/NodeEdge/Dockerfile b/NodeEdge/Dockerfile
@@ -1,6 +1,7 @@
 ARG NAMESPACE=selenium
 ARG VERSION=latest
-FROM ${NAMESPACE}/node-base:${VERSION}
+ARG BASE=node-base
+FROM ${NAMESPACE}/${BASE}:${VERSION}
 ARG AUTHORS
 LABEL authors=${AUTHORS}