# Web-based PowerShell + SST OpenCode terminal # Multi-architecture support: amd64 and arm64 FROM ubuntu:24.04 ARG PWSH_VERSION=7.4.6 ARG NODE_VERSION=20.18.1 ARG TTYD_VERSION=1.7.7 ARG TARGETARCH ARG BUILDPLATFORM ARG TARGETPLATFORM ENV DEBIAN_FRONTEND=noninteractive \ TERM=xterm-256color \ LANG=C.UTF-8 \ LC_ALL=C.UTF-8 # Install minimal system dependencies only (no PowerShell or Node.js from apt) # Includes OpenSMTPD dependencies for email server functionality RUN apt-get update \ && apt-get install -y --no-install-recommends \ ca-certificates \ curl \ wget \ git \ tar \ xz-utils \ gzip \ tini \ libicu-dev \ libssl-dev \ python3-pip \ iproute2 \ php \ php-cli \ php-common \ php-mbstring \ php-xml \ php-zip \ php-gd \ php-curl \ opensmtpd \ opensmtpd-extras \ libevent-dev \ libasr-dev \ ca-certificates \ && rm -rf /var/lib/apt/lists/* # Install PowerShell 7.x from official binary release (architecture-aware) # Prefer Docker build args (TARGETARCH) so cross-arch builds work reliably in Portainer/buildx. RUN ARCH="${TARGETARCH:-}" && \ if [ -z "$ARCH" ]; then ARCH="$(dpkg --print-architecture)"; fi && \ if [ "$ARCH" = "amd64" ]; then \ PWSH_ARCH="x64"; \ elif [ "$ARCH" = "arm64" ]; then \ PWSH_ARCH="arm64"; \ else \ echo "Unsupported architecture: $ARCH (TARGETPLATFORM=${TARGETPLATFORM:-unknown}, BUILDPLATFORM=${BUILDPLATFORM:-unknown})" && exit 1; \ fi && \ curl -fsSL -o /tmp/powershell.tar.gz \ "https://github.com/PowerShell/PowerShell/releases/download/v${PWSH_VERSION}/powershell-${PWSH_VERSION}-linux-${PWSH_ARCH}.tar.gz" \ && mkdir -p /opt/microsoft/powershell/7 \ && tar -xzf /tmp/powershell.tar.gz -C /opt/microsoft/powershell/7 \ && chmod +x /opt/microsoft/powershell/7/pwsh \ && ln -sf /opt/microsoft/powershell/7/pwsh /usr/bin/pwsh \ && rm -f /tmp/powershell.tar.gz # Install Node.js 20.x from official binary release (architecture-aware) RUN ARCH="${TARGETARCH:-}" && \ if [ -z "$ARCH" ]; then ARCH="$(dpkg --print-architecture)"; fi && \ if [ "$ARCH" = "amd64" ]; then \ NODE_ARCH="x64"; \ elif [ "$ARCH" = "arm64" ]; then \ NODE_ARCH="arm64"; \ else \ echo "Unsupported architecture: $ARCH (TARGETPLATFORM=${TARGETPLATFORM:-unknown}, BUILDPLATFORM=${BUILDPLATFORM:-unknown})" && exit 1; \ fi && \ curl -fsSL -o /tmp/node.tar.xz \ "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-${NODE_ARCH}.tar.xz" \ && tar -xJf /tmp/node.tar.xz -C /usr/local --strip-components=1 \ && ln -sf /usr/local/bin/node /usr/bin/node \ && ln -sf /usr/local/bin/npm /usr/bin/npm \ && rm -f /tmp/node.tar.xz # Install ttyd (static binary, architecture-aware) RUN ARCH="${TARGETARCH:-}" && \ if [ -z "$ARCH" ]; then ARCH="$(dpkg --print-architecture)"; fi && \ if [ "$ARCH" = "amd64" ]; then \ TTYD_ARCH="x86_64"; \ elif [ "$ARCH" = "arm64" ]; then \ TTYD_ARCH="aarch64"; \ else \ echo "Unsupported architecture: $ARCH (TARGETPLATFORM=${TARGETPLATFORM:-unknown}, BUILDPLATFORM=${BUILDPLATFORM:-unknown})" && exit 1; \ fi && \ curl -fsSL -o /usr/local/bin/ttyd \ "https://github.com/tsl0922/ttyd/releases/download/${TTYD_VERSION}/ttyd.${TTYD_ARCH}" \ && chmod +x /usr/local/bin/ttyd # Install OpenCode from bundled anomalyco/opencode source COPY opencode /opt/opencode-src RUN bash /opt/opencode-src/install --no-modify-path \ && ln -sf /root/.opencode/bin/opencode /usr/local/bin/opencode # Removed Gemini CLI - not needed for Shopify AI App Builder # Add Windows-like PowerShell profile (aliases and PSReadLine style) RUN mkdir -p /root/.config/powershell COPY profile/Microsoft.PowerShell_profile.ps1 /root/.config/powershell/Microsoft.PowerShell_profile.ps1 RUN chmod 644 /root/.config/powershell/Microsoft.PowerShell_profile.ps1 # Copy entrypoint, health check, and diagnostic logger scripts COPY scripts/entrypoint.sh /usr/local/bin/entrypoint.sh COPY scripts/healthcheck.sh /usr/local/bin/healthcheck.sh COPY scripts/diagnostic-logger.sh /usr/local/bin/diagnostic-logger.sh RUN chmod +x /usr/local/bin/entrypoint.sh /usr/local/bin/healthcheck.sh /usr/local/bin/diagnostic-logger.sh # Chat web service assets COPY chat /opt/webchat RUN cd /opt/webchat && npm install --production && chmod -R 755 /opt/webchat COPY chat_v2 /opt/webchat_v2 RUN chmod -R 755 /opt/webchat_v2 # Create OpenSMTPD expected directory structure for application compatibility # The application expects OpenSMTPD at /workspace/src/backend/app/opensmtpd/install/ RUN mkdir -p /workspace/src/backend/app/opensmtpd/install/etc \ && mkdir -p /workspace/src/backend/app/opensmtpd/install/var/spool/smtpd \ && mkdir -p /workspace/src/backend/app/opensmtpd/install/var/spool/queue \ && mkdir -p /workspace/src/backend/app/opensmtpd/install/var/run \ && ln -sf /usr/sbin/smtpd /workspace/src/backend/app/opensmtpd/install/sbin/smtpd \ && ln -sf /usr/sbin/smtpctl /workspace/src/backend/app/opensmtpd/install/sbin/smtpctl \ && ln -sf /usr/bin/sendmail /workspace/src/backend/app/opensmtpd/install/sbin/sendmail \ && ln -sf /etc/ssl/certs /workspace/src/backend/app/opensmtpd/install/etc/certs \ && chmod -R 755 /workspace/src/backend/app/opensmtpd/install # Create OpenSMTPD configuration RUN echo 'pki plugincompass.com cert "/workspace/src/backend/app/opensmtpd/install/etc/certs/fullchain.pem"' > /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'pki plugincompass.com key "/workspace/src/backend/app/opensmtpd/install/etc/certs/privkey.pem"' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo '' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'table domains file:/workspace/src/backend/app/opensmtpd/install/etc/domains' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'table aliases file:/workspace/src/backend/app/opensmtpd/install/etc/aliases' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo '' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'listen on 0.0.0.0 port 25' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'listen on 0.0.0.0 port 587 tls-require pki plugincompass.com' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'listen on 0.0.0.0 port 465 smtps pki plugincompass.com' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo '' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'action "local" mbox alias ' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'action "relay" relay' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo '' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'match from any for domain action "local"' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'match for local action "local"' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'match auth from any for any action "relay"' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && echo 'match from local for any action "relay"' >> /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf \ && touch /workspace/src/backend/app/opensmtpd/install/etc/domains \ && touch /workspace/src/backend/app/opensmtpd/install/etc/aliases \ && chmod 644 /workspace/src/backend/app/opensmtpd/install/etc/smtpd.conf # Create workspace directory and set as workdir so pwsh starts where repo/workspace is mounted RUN mkdir -p /home/web/data \ && mkdir -p /var/log/shopify-ai \ && chown -R root:root /home/web/data /var/log/shopify-ai WORKDIR /home/web/data # Container defaults - Shopify AI App Builder # Port 4500: Web UI (chat/builder interface) # Port 25: SMTP (OpenSMTPD) # Port 587: SMTP submission (OpenSMTPD) # Port 465: SMTPS (OpenSMTPD) EXPOSE 4500 25 587 465 HEALTHCHECK --interval=30s --timeout=15s --start-period=60s --retries=5 \ CMD /usr/local/bin/healthcheck.sh || exit 1 ENTRYPOINT ["/usr/bin/tini", "--", "/usr/local/bin/entrypoint.sh"]