From 5c2bd83a78f66381025b6e1da75024bc18c019a3 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <tpouplier@tdnde.com>
Date: Wed, 29 Apr 2026 21:16:44 +0000
Subject: [PATCH] feat(ai): add chromium browser automation support (PR 2/5)

Add browser automation packages for Playwright/headless Chrome:
- chromium: Headless browser
- xvfb: Virtual framebuffer for headless operation
- fonts-*: Font support for proper rendering
- lib*-runtime: Chromium runtime dependencies

Depends on PR #7 (curl, poppler-utils, imagemagick)
---
 ai/Dockerfile | 45 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)
 create mode 100644 ai/Dockerfile

diff --git a/ai/Dockerfile b/ai/Dockerfile
new file mode 100644
index 0000000..106ba9a
--- /dev/null
+++ b/ai/Dockerfile
@@ -0,0 +1,45 @@
+FROM ghcr.io/astral-sh/uv:0.11.6-python3.13-trixie@sha256:b3c543b6c4f23a5f2df22866bd7857e5d304b67a564f4feab6ac22044dde719b AS uv_source
+FROM tianon/gosu:1.19-trixie@sha256:3b176695959c71e123eb390d427efc665eeb561b1540e82679c15e992006b8b9 AS gosu_source
+FROM debian:13.4
+
+ENV PYTHONUNBUFFERED=1
+ENV PLAYWRIGHT_BROWSERS_PATH=/opt/hermes/.playwright
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends \
+        build-essential nodejs npm python3 ripgrep ffmpeg gcc python3-dev libffi-dev procps git openssh-client docker-cli tini \
+        curl poppler-utils imagemagick \
+        chromium xvfb fonts-noto-color-emoji fonts-unifont fonts-liberation fonts-ipafont-gothic fonts-wqy-zenhei fonts-tlwg-loma-otf fonts-freefont-ttf \
+        libasound2t64 libatk-bridge2.0-0t64 libatk1.0-0t64 libatspi2.0-0t64 libcairo2 libcups2t64 libdbus-1-3 libdrm2 libgbm1 libglib2.0-0t64 libnspr4 libnss3 libpango-1.0-0 libx11-6 libxcb1 libxcomposite1 libxdamage1 libxext6 libxfixes3 libxkbcommon0 libxrandr2 && \
+    rm -rf /var/lib/apt/lists/*
+
+RUN useradd -u 10000 -m -d /opt/data hermes
+
+COPY --chmod=0755 --from=gosu_source /gosu /usr/local/bin/
+COPY --chmod=0755 --from=uv_source /usr/local/bin/uv /usr/local/bin/uvx /usr/local/bin/
+
+WORKDIR /opt/hermes
+
+COPY package.json package-lock.json ./
+COPY web/package.json web/package-lock.json web/
+
+RUN npm install --prefer-offline --no-audit && \
+    npx playwright install --with-deps chromium --only-shell && \
+    (cd web && npm install --prefer-offline --no-audit) && \
+    npm cache clean --force
+
+COPY --chown=hermes:hermes . .
+
+RUN cd web && npm run build
+
+USER root
+RUN chmod -R a+rX /opt/hermes
+
+RUN uv venv && \
+    uv pip install --no-cache-dir -e ".[all]"
+
+ENV HERMES_WEB_DIST=/opt/hermes/hermes_cli/web_dist
+ENV HERMES_HOME=/opt/data
+ENV PATH="/opt/data/.local/bin:${PATH}"
+VOLUME [ "/opt/data" ]
+ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/opt/hermes/docker/entrypoint.sh" ]