From 0085e2b33eac27fa91b47bb16aeab433b6989305 Mon Sep 17 00:00:00 2001
From: justin <justin@liquidator.optimal-reality.com>
Date: Wed, 6 May 2026 22:10:49 -0500
Subject: [PATCH] Add ERPNext Dockerfile + build script for automated security
 rebuilds

- erpnext/Dockerfile: builds from frappe/erpnext:v15 base with custom apps
- erpnext/build.sh: stages custom apps into build context before docker build
- Container update script now runs build.sh pre-build + extracts assets post-build
- ERPNext will auto-rebuild nightly when base image has security patches

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 erpnext/.gitignore |  4 ++++
 erpnext/Dockerfile | 28 ++++++++++++++++++++++++++++
 erpnext/build.sh   | 14 ++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 erpnext/.gitignore
 create mode 100644 erpnext/Dockerfile
 create mode 100755 erpnext/build.sh

diff --git a/erpnext/.gitignore b/erpnext/.gitignore
new file mode 100644
index 0000000..8740869
--- /dev/null
+++ b/erpnext/.gitignore
@@ -0,0 +1,4 @@
+frappe_crypto/
+frappe_adyen/
+frappe_ca_registry/
+performancewest_erpnext/
diff --git a/erpnext/Dockerfile b/erpnext/Dockerfile
new file mode 100644
index 0000000..72e3127
--- /dev/null
+++ b/erpnext/Dockerfile
@@ -0,0 +1,28 @@
+# Performance West ERPNext — custom image with PW apps baked in.
+# Base: official Frappe bench image (includes ERPNext).
+# Custom apps: performancewest_erpnext, frappe_ca_registry, frappe_crypto, frappe_adyen
+#
+# Pre-build step copies apps into erpnext/ dir (see erpnext/build.sh).
+# Rebuilt nightly by pw-container-update to pick up base image security patches.
+
+FROM frappe/erpnext:v15
+
+USER frappe
+WORKDIR /home/frappe/frappe-bench
+
+# Copy custom Frappe apps (staged into build context by build.sh)
+COPY --chown=frappe:frappe frappe_crypto/ apps/frappe_crypto/
+COPY --chown=frappe:frappe frappe_adyen/ apps/frappe_adyen/
+COPY --chown=frappe:frappe frappe_ca_registry/ apps/frappe_ca_registry/
+COPY --chown=frappe:frappe performancewest_erpnext/ apps/performancewest_erpnext/
+
+# Install the payments app (not in base image) + all custom apps
+RUN git clone --depth=1 https://github.com/frappe/payments.git apps/payments \
+    && env/bin/pip install --quiet -e apps/payments \
+    && env/bin/pip install --quiet -e apps/frappe_crypto \
+    && env/bin/pip install --quiet -e apps/frappe_adyen \
+    && env/bin/pip install --quiet -e apps/frappe_ca_registry \
+    && env/bin/pip install --quiet -e apps/performancewest_erpnext
+
+# Build JS/CSS assets
+RUN bench build --app payments 2>/dev/null || true
diff --git a/erpnext/build.sh b/erpnext/build.sh
new file mode 100755
index 0000000..e1c404f
--- /dev/null
+++ b/erpnext/build.sh
@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+# Pre-build step: copy custom Frappe apps into the erpnext/ build context.
+# Called automatically by the container update script before docker compose build.
+set -euo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+REPO_ROOT="$(dirname "$SCRIPT_DIR")"
+
+echo "Staging custom apps into $SCRIPT_DIR..."
+for app in frappe_crypto frappe_adyen frappe_ca_registry performancewest_erpnext; do
+    rm -rf "$SCRIPT_DIR/$app"
+    cp -a "$REPO_ROOT/$app" "$SCRIPT_DIR/$app"
+done
+echo "Done. Ready for docker compose build erpnext."