Dockerfile

# syntax=docker/dockerfile:1.6
ARG ODOO_SOURCE_REPOSITORY=https://github.com/odoo/odoo.git
ARG ODOO_SOURCE_REF=19.0
ARG ODOO_SOURCE_REV
ARG PYTHON_VERSION=3.13

# Keep the official uv image first so Dependabot tracks it for Docker updates.
FROM --platform=$TARGETPLATFORM ghcr.io/astral-sh/uv:0.11.22@sha256:16b63af0e7342dd372da9ca989ea9fa542fc68f4640972d59a8450a5240fe42e AS uv-binary

FROM --platform=$BUILDPLATFORM alpine/git:v2.54.0 AS odoo-source
ARG ODOO_SOURCE_REPOSITORY
ARG ODOO_SOURCE_REF
ARG ODOO_SOURCE_REV
WORKDIR /source
RUN set -eux; \
    git init odoo; \
    cd odoo; \
    git remote add origin "${ODOO_SOURCE_REPOSITORY}"; \
    if [ -n "${ODOO_SOURCE_REV:-}" ]; then \
      git fetch --depth 1 origin "${ODOO_SOURCE_REV}"; \
    else \
      git fetch --depth 1 origin "refs/heads/${ODOO_SOURCE_REF}"; \
    fi; \
    git checkout --detach FETCH_HEAD; \
    rm -rf .git

FROM --platform=$BUILDPLATFORM alpine/curl:8.20.0 AS wkhtmltox
ARG TARGETARCH
ARG WKHTMLTOPDF_VERSION=0.12.6.1-3
ARG WKHTMLTOPDF_TARGET=jammy
ARG WKHTMLTOPDF_AMD64_SHA=967390a759707337b46d1c02452e2bb6b2dc6d59
ARG WKHTMLTOPDF_ARM64_SHA=90f6e69896d51ef77339d3f3a20f8582bdf496cc
ARG WKHTMLTOPDF_PPC64EL_SHA=5312d7d34a25b321282929df82e3574319aed25c
WORKDIR /wkhtmltox
RUN set -eux; \
    arch="${TARGETARCH}"; \
    if [ -z "${arch}" ]; then arch="$(uname -m)"; fi; \
    case "${arch}" in \
      amd64|x86_64) package_arch="amd64"; checksum="${WKHTMLTOPDF_AMD64_SHA}" ;; \
      arm64|aarch64) package_arch="arm64"; checksum="${WKHTMLTOPDF_ARM64_SHA}" ;; \
      ppc64le|ppc64el) package_arch="ppc64el"; checksum="${WKHTMLTOPDF_PPC64EL_SHA}" ;; \
      *) echo "Unsupported architecture: ${arch}" >&2; exit 1 ;; \
    esac; \
    curl -fSL --retry 5 --retry-all-errors --connect-timeout 30 \
      -o wkhtmltox.deb \
      "https://github.com/wkhtmltopdf/packaging/releases/download/${WKHTMLTOPDF_VERSION}/wkhtmltox_${WKHTMLTOPDF_VERSION}.${WKHTMLTOPDF_TARGET}_${package_arch}.deb"; \
    echo "${checksum}  wkhtmltox.deb" | sha1sum -c -

FROM ubuntu:noble AS runtime-system
ARG PYTHON_VERSION
ARG APT_REFRESH_EPOCH=0
ENV DEBIAN_FRONTEND=noninteractive
SHELL ["/bin/bash", "-o", "pipefail", "-c"]

COPY --from=wkhtmltox /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt

RUN set -eux; \
    sed -i \
      -e 's|http://archive.ubuntu.com/ubuntu/|https://archive.ubuntu.com/ubuntu/|g' \
      -e 's|http://security.ubuntu.com/ubuntu/|https://security.ubuntu.com/ubuntu/|g' \
      -e 's|http://ports.ubuntu.com/ubuntu-ports/|https://ports.ubuntu.com/ubuntu-ports/|g' \
      /etc/apt/sources.list.d/ubuntu.sources; \
    printf '%s\n' \
      'Acquire::Retries "5";' \
      'Acquire::http::Timeout "30";' \
      'Acquire::https::Timeout "30";' \
      'APT::Update::Error-Mode "any";' \
      > /etc/apt/apt.conf.d/80odoo-network-hardening

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
    echo "apt refresh epoch: ${APT_REFRESH_EPOCH}" \
    && apt-get update \
    && apt-get upgrade -y --no-install-recommends \
    && apt-get install -y --no-install-recommends \
      linux-libc-dev \
      rsync \
    && rm -rf /var/lib/apt/lists/*

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
    apt-get update \
    && apt-get install -y --no-install-recommends \
      build-essential \
      ca-certificates \
      curl \
      dirmngr \
      fontconfig \
      fonts-noto-cjk \
      gettext \
      git \
      gnupg \
      libjpeg-dev \
      libldap2-dev \
      libpq-dev \
      libsasl2-dev \
      libssl-dev \
      libx11-6 \
      libxcb1 \
      libcairo2 \
      libcairo2-dev \
      libxext6 \
      libxml2-dev \
      libxslt1-dev \
      libxrender1 \
      node-less \
      npm \
      openssh-client \
      pkg-config \
      python3 \
      python3-venv \
      ripgrep \
      rsync \
      tini \
      xfonts-75dpi \
      xfonts-base \
      xz-utils \
      zlib1g-dev \
    && rm -rf /var/lib/apt/lists/*

RUN curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc \
    | gpg --dearmor -o /usr/share/keyrings/postgresql.gpg \
    && echo "deb [signed-by=/usr/share/keyrings/postgresql.gpg] https://apt.postgresql.org/pub/repos/apt noble-pgdg main" \
      > /etc/apt/sources.list.d/pgdg.list

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
    apt-get update \
    && apt-get install -y --no-install-recommends postgresql-client-17 \
    && rm -f /etc/apt/sources.list.d/pgdg.list \
    && rm -rf /var/lib/apt/lists/*

COPY --from=wkhtmltox /wkhtmltox/wkhtmltox.deb /tmp/wkhtmltox.deb
RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
    apt-get update \
    && apt-get install -y --no-install-recommends /tmp/wkhtmltox.deb \
    && rm -f /tmp/wkhtmltox.deb \
    && rm -rf /var/lib/apt/lists/*

RUN npm install --global rtlcss@4.3.0

RUN if ! id -u ubuntu >/dev/null 2>&1; then useradd --create-home --shell /bin/bash ubuntu; fi

COPY --from=uv-binary /uv /uvx /usr/local/bin/
RUN install -d -o ubuntu -g ubuntu /odoo
COPY --from=odoo-source --chown=ubuntu:ubuntu /source/odoo/requirements.txt /odoo/requirements.txt
COPY requirements-overrides.txt /odoo/requirements-overrides.txt

ENV PATH="/venv/bin:/usr/local/bin:${PATH}"
ENV VIRTUAL_ENV=/venv
ENV UV_CACHE_DIR=/home/ubuntu/.cache/uv
ENV UV_PROJECT_ENVIRONMENT=/venv
ENV UV_PYTHON_INSTALL_DIR=/opt/uv/python

FROM runtime-system AS runtime-pythondeps

RUN --mount=type=cache,target=/home/ubuntu/.cache/uv,uid=1000,gid=1000,sharing=locked \
    install -d -o ubuntu -g ubuntu /opt/uv/python /venv /home/ubuntu/.cache/uv \
    && chown -R ubuntu:ubuntu /home/ubuntu/.cache/uv \
    && su -s /bin/bash ubuntu -c "uv python install '${PYTHON_VERSION}'" \
    && su -s /bin/bash ubuntu -c "uv venv /venv --python '${PYTHON_VERSION}'" \
    && su -s /bin/bash ubuntu -c "uv pip install --python /venv/bin/python --upgrade pip" \
    && su -s /bin/bash ubuntu -c "uv pip install --python /venv/bin/python -r /odoo/requirements.txt" \
    && su -s /bin/bash ubuntu -c "uv pip install --python /venv/bin/python -r /odoo/requirements-overrides.txt" \
    && su -s /bin/bash ubuntu -c "uv pip install --python /venv/bin/python rlpycairo" \
    && su -s /bin/bash ubuntu -c "uv pip check --python /venv/bin/python"

FROM runtime-pythondeps AS runtime

COPY --from=odoo-source --chown=ubuntu:ubuntu /source/odoo /odoo
COPY --chown=ubuntu:ubuntu launchplane/addons /opt/launchplane/addons
COPY scripts/odoo-bin-wrapper.sh /usr/local/bin/odoo-bin-wrapper.sh
COPY scripts/configure-dev-addon-paths.sh /usr/local/bin/configure-dev-addon-paths.sh
COPY scripts/odoo-python-sync.sh /usr/local/bin/odoo-python-sync.sh
COPY scripts/odoo-fetch-addons.sh /usr/local/bin/odoo-fetch-addons.sh

RUN mv /odoo/odoo-bin /odoo/odoo-bin.source \
    && install -m 0755 /usr/local/bin/odoo-bin-wrapper.sh /odoo/odoo-bin \
    && ln -sfn /odoo/odoo-bin.source /usr/local/bin/odoo-source-bin \
    && ln -sfn /odoo/odoo-bin /usr/local/bin/odoo-bin \
    && ln -sfn /odoo/odoo-bin /usr/local/bin/odoo \
    && chmod +x /usr/local/bin/odoo-python-sync.sh /usr/local/bin/odoo-fetch-addons.sh \
    && mkdir -p /usr/lib/python3/dist-packages/addons

# Remove duplicate source/build trees that confuse IDE/module indexing.
RUN rm -rf /odoo/build/lib

RUN install -d -o ubuntu -g ubuntu /opt/project /opt/project/addons /opt/extra_addons /opt/launchplane/addons /volumes/addons /volumes/config /volumes/data /volumes/logs \
    && install -o ubuntu -g ubuntu -m 0644 /dev/null /volumes/config/_generated.conf \
    && su -s /bin/bash ubuntu -c "printf '[options]\n' > /volumes/config/_generated.conf"

RUN ln -sf /etc/ssl/certs/ca-certificates.crt /usr/lib/ssl/cert.pem
ENV SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
ENV ODOO_RC=/volumes/config/_generated.conf
ENV ODOO_ADDONS_PATH=/opt/project/addons,/opt/extra_addons,/opt/launchplane/addons,/odoo/addons,/odoo/odoo/addons
ENV ODOO_SERVER_WIDE_MODULES=base,web,launchplane_runtime_health
ENV ODOO_DATA_DIR=/volumes/data

WORKDIR /volumes
USER ubuntu

FROM runtime AS runtime-devtools
USER root
ARG PLAYWRIGHT_VERSION=1.59.1

RUN chmod +x /usr/local/bin/configure-dev-addon-paths.sh \
    && /usr/local/bin/configure-dev-addon-paths.sh

RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \
    --mount=type=cache,target=/var/lib/apt/lists,sharing=locked \
    --mount=type=cache,target=/root/.npm,sharing=locked \
    apt-get update \
    && apt-get install -y --no-install-recommends \
      ca-certificates \
      fonts-liberation \
      libasound2t64 \
      libatk-bridge2.0-0t64 \
      libatk1.0-0t64 \
      libatspi2.0-0t64 \
      libcups2t64 \
      libdbus-1-3 \
      libgbm1 \
      libglib2.0-0t64 \
      libnspr4 \
      libnss3 \
      libpango-1.0-0 \
      libu2f-udev \
      libx11-6 \
      libxcb1 \
      libxcomposite1 \
      libxdamage1 \
      libxext6 \
      libxfixes3 \
      libxkbcommon0 \
      libxrandr2 \
      npm \
    && PLAYWRIGHT_BROWSERS_PATH=/ms-playwright npx --yes "playwright@${PLAYWRIGHT_VERSION}" install chromium --no-shell \
    && chromium_path="$(find /ms-playwright -path '*/chrome-linux*/chrome' -type f | sort | head -n 1)" \
    && test -x "${chromium_path}" \
    && ln -sfn "${chromium_path}" /usr/local/bin/chromium-playwright \
    && /usr/local/bin/chromium-playwright --version \
    && rm -rf /var/lib/apt/lists/*

ENV CHROME_BIN=/usr/local/bin/chromium-playwright
USER ubuntu