refactor: optimize the Dockerfile to reduce the image size

[hwzhuhao]

1.Add the --no-install-recommends option to the apt-get install command to reduce unnecessary installations.
2.Run the apt-get clean command after apt-get install to reduce cache.
3.Run rm -rf /var/lib/apt/lists/* after apt-get install to ensure cache is removed within the same layer.
4.Use the --no-cache-dir option when installing Python packages to reduce the size.

[Yeuoly]

Hi, sorry for the late review, have you tested it already? is everything works well?

[hwzhuhao]

@Yeuoly yes, i have tested it, everything works well.

[Yeuoly]

What about httpx, requests and jinja2, there are always some weird issues of those packages

[hwzhuhao]

@Yeuoly

[hwzhuhao]

By the way, is it possible to add a Makefile for dify-sandbox to simplify the installation, compilation, image creation, and environment cleanup of the sandbox? Most Go projects have a Makefile.

Also, add scripts directory to store the installation and compilation shell scripts.

[Yeuoly]

By the way, is it possible to add a Makefile for dify-sandbox to simplify the installation, compilation, image creation, and environment cleanup of the sandbox? Most Go projects have a Makefile.

Also, add scripts directory to store the installation and compilation shell scripts.

I agree, but it's not urgent, but also, github workflows need to be refactored as well, maybe you can contribute it : )

[Yeuoly]

LGTM

[Yeuoly]

@hwzhuhao It looks like there is a compilation error during docker build https://github.com/langgenius/dify-sandbox/actions/runs/10935045578/job/30356121638

[hwzhuhao]

#87

[blue-long]

代码执行节点，为什么执行几次后就变成了 bad system call ，error: operation not permitted
很多使用都遇到了这样的问题，应该怎么解决呢

[hwzhuhao]

@blue-long which version are you currently testing?

[blue-long]

@hwzhuhao 0.2.9

[blue-long]

@hwzhuhao
简单地看了一下源码 目前还没有定位到根本原因
执行成功的时候拥有的 syscall 和执行失败的时候是一样的

[hwzhuhao]

@blue-long You can reopen an issue and provide detailed version information and logs.

[blue-long]

使用版本：https://github.com/langgenius/dify-sandbox/releases/tag/0.2.9
advanced_chat work flow 代码执行节点（调用 dify-sandbox），执行很简单的 python代码，执行过程成功几次后就变成了执行失败，运行不稳定。
执行失败的时候：

dify-sandbox 走了这部分逻辑
dify-sandbox/internal/core/runner/output_capture.go
if strings.Contains(exit_string, "bad system call") {
s.WriteError([]byte("error: operation not permitted\n"))
}
拥有的 syscalls 权限是：
dify-sandbox/internal/core/lib/python/add_seccomp.go
log.Info("lib.Seccomp allowed_syscalls: %v, allowed_not_kill_syscalls: %v", allowed_syscalls, allowed_not_kill_syscalls)
err = lib.Seccomp(allowed_syscalls, allowed_not_kill_syscalls)
if err != nil {
log.Error("lib.Seccomp Error: %v", err.Error())
return err
}

[INFO]lib.Seccomp allowed_syscalls: [64 57 56 63 62 61 98 222 214 226 215 139 135 132 216 146 144 174 172 173 178 93 94 131 134 29 124 100 99 293 20 113 169 101 21 115 72 85 86 87 278], allowed_not_kill_syscalls: [220 34]

lib.Seccomp 添加 syscalls 权限，并没有报错

执行成功的时候拥有的 syscalls 权限和执行失败是一样：

[INFO]lib.Seccomp allowed_syscalls: [64 57 56 63 62 61 98 222 214 226 215 139 135 132 216 146 144 174 172 173 178 93 94 131 134 29 124 100 99 293 20 113 169 101 21 115 72 85 86 87 278], allowed_not_kill_syscalls: [220 34]

[hwzhuhao]

@blue-long I didn't reproduce this issue. Maybe you can try removing the allowed_syscalls setting, try it again.

[blue-long]

这个问题做相关的分析，发现 sandbox 0.2.9 的 docker 镜像在 centOS 系统上部署，一切正常，没有出现 operation not permitted 问题，
但是部署在 ubuntu 的系统上，就会出现 operation not permitted 的问题，
可以提供一个基于 ubuntu 构建的 docker sandbox 0.2.9 镜像吗

[18827555809]

这个问题做相关的分析，发现 sandbox 0.2.9 的 docker 镜像在 centOS 系统上部署，一切正常，没有出现 operation not permitted 问题， 但是部署在 ubuntu 的系统上，就会出现 operation not permitted 的问题， 可以提供一个基于 ubuntu 构建的 docker sandbox 0.2.9 镜像吗

或许你可以从#99 (comment)
这里发现一些思路