Dockerfile

FROM node:22-slim

# ========= 1. 安装系统依赖 + Chromium 浏览器 =========
RUN apt-get update && apt-get install -y --no-install-recommends \
    git ca-certificates build-essential python3 python3-pip curl \
    chromium \
    libnss3 libatk-bridge2.0-0 libdrm2 libxkbcommon0 libgbm1 libasound2 \
    && rm -rf /var/lib/apt/lists/*

ENV PUPPETEER_EXECUTABLE_PATH=/usr/bin/chromium

RUN pip3 install --no-cache-dir huggingface_hub --break-system-packages

RUN npm install -g openclaw@latest --unsafe-perm

# 安装微信插件（若不需要可注释）
RUN npx -y @tencent-weixin/openclaw-weixin-cli@latest install

ENV PORT=7860 \
    OPENCLAW_GATEWAY_MODE=local \
    HOME=/root

# 防止自动启用 Telegram
ENV OPENCLAW_DISABLE_TELEGRAM=1

# ========= 2. 改进的 sync.py 备份恢复脚本 =========
RUN cat > /usr/local/bin/sync.py << 'SYNC_EOF'
import os, sys, tarfile, subprocess, time
from huggingface_hub import HfApi, hf_hub_download
from datetime import datetime, timedelta

api = HfApi()
repo_id = os.getenv("HF_DATASET")
token = os.getenv("HF_TOKEN")
DATA_DIR = "/root/.openclaw"

def restore():
    try:
        print(f"--- [SYNC] 启动恢复流程, 目标仓库: {repo_id} ---")
        if not repo_id or not token:
            print("--- [SYNC] 跳过恢复: 未配置 HF_DATASET 或 HF_TOKEN ---")
            return False
        files = api.list_repo_files(repo_id=repo_id, repo_type="dataset", token=token)
        now = datetime.now()
        for i in range(5):
            day = (now - timedelta(days=i)).strftime("%Y-%m-%d")
            name = f"backup_{day}.tar.gz"
            if name in files:
                print(f"--- [SYNC] 发现备份文件: {name}, 正在下载... ---")
                path = hf_hub_download(repo_id=repo_id, filename=name, repo_type="dataset", token=token)
                # 使用 extractall 前确保目标目录存在
                os.makedirs(DATA_DIR, exist_ok=True)
                with tarfile.open(path, "r:gz") as tar:
                    tar.extractall(path=DATA_DIR)
                print(f"--- [SYNC] 恢复成功! 数据已覆盖至 {DATA_DIR} ---")
                return True
        print("--- [SYNC] 未找到最近 5 天的备份包 ---")
    except Exception as e:
        print(f"--- [SYNC] 恢复异常: {e} ---")
    return False

def backup():
    try:
        day = datetime.now().strftime("%Y-%m-%d")
        name = f"backup_{day}.tar.gz"
        print(f"--- [SYNC] 正在执行全量备份: {name} ---")
        with tarfile.open(name, "w:gz") as tar:
            for target in ["sessions", "workspace", "agents", "memory", "openclaw.json", "wechat-data"]:
                full_path = os.path.join(DATA_DIR, target)
                if os.path.exists(full_path):
                    tar.add(full_path, arcname=target)
        api.upload_file(path_or_fileobj=name, path_in_repo=name, repo_id=repo_id, repo_type="dataset", token=token)
        print(f"--- [SYNC] 备份上传成功! ---")
        # 可选：发送微信通知（需确保微信通道可用）
        for _ in range(3):
            try:
                result = subprocess.run(["openclaw", "wechat", "send", "--to=me", f"备份成功: {name}"], capture_output=True, timeout=10)
                if result.returncode == 0:
                    break
            except Exception:
                pass
            time.sleep(5)
    except Exception as e:
        print(f"--- [SYNC] 备份失败: {e} ---")

if __name__ == "__main__":
    if len(sys.argv) > 1 and sys.argv[1] == "backup":
        backup()
    else:
        restore()
SYNC_EOF

RUN chmod +x /usr/local/bin/sync.py

# ========= 3. 启动脚本 start-openclaw =========
RUN cat > /usr/local/bin/start-openclaw << 'EOF'
#!/bin/bash
set -e

echo "Starting OpenClaw gateway..."

# 恢复备份数据（在创建新文件之前执行）
python3 /usr/local/bin/sync.py restore

# 清理 Telegram 残留（若需要）
rm -rf /root/.openclaw/agents/main/agent/channels/telegram*
rm -rf /root/.openclaw/credentials/telegram*
rm -f /root/.openclaw/agents/main/agent/auth-profiles.json
find /root/.openclaw -name "*telegram*" -exec rm -rf {} + 2>/dev/null || true

# 确保必要目录存在（不会覆盖已恢复的数据）
mkdir -p /root/.openclaw/sessions
mkdir -p /root/.openclaw/workspace
mkdir -p /root/.openclaw/workspace/memory
mkdir -p /root/.openclaw/wechat-data
touch /root/.openclaw/workspace/MEMORY.md
DATE=$(date +%Y-%m-%d)
touch /root/.openclaw/workspace/memory/$DATE.md

# 更健壮的 API Base 处理：通过环境变量直接指定，不在脚本中做字符串替换
# 你需要在 openclaw.json 中使用正确的 baseUrl，这里只做兜底
echo "当前配置的环境变量:"
echo "OPENAI_API_BASE=$OPENAI_API_BASE"
echo "GEMINI_API_KEY=$GEMINI_API_KEY"
echo "MODEL=$MODEL"

echo "=== openclaw.json content ==="
cat /root/.openclaw/openclaw.json
echo "=== end ==="

openclaw doctor --fix

# 启动定时备份（后台，每30分钟）
(while true; do sleep 1800; python3 /usr/local/bin/sync.py backup; done) &

# 前台运行 gateway
exec openclaw gateway run --port $PORT
EOF

RUN chmod +x /usr/local/bin/start-openclaw

# ========= 4. 导入配置文件（关键步骤） =========
# ⚠️ 重要安全提醒：
# 请将你本地配置好的 openclaw.json（包含模型和通道设置，但建议使用占位符密钥）
# 放到与 Dockerfile 同一目录下，然后取消下面这行的注释。
# 切勿将包含真实 API Key 的 openclaw.json 提交到公开仓库!
# ------------------------------------------------
# RUN mkdir -p /root/.openclaw
# COPY openclaw.json /root/.openclaw/openclaw.json
# ------------------------------------------------
# 你可以改用环境变量动态生成配置文件，或者在 Hugging Face Spaces 的 Settings 中
# 通过 Repository secrets 注入完整的 openclaw.json 内容（需要额外脚本处理）。

EXPOSE 7860
CMD ["/usr/local/bin/start-openclaw"]