From 7c0126f2efeaf834f8ef668ec7498a3b3d353c26 Mon Sep 17 00:00:00 2001
From: Benjamin Admin <benjaminadmin@MacBook-Pro.local>
Date: Fri, 12 Jun 2026 22:52:49 +0200
Subject: [PATCH] feat(consent-tester): Brave + Chrome/Edge-Channels im Image
 (amd64-gated, Phase 1.3)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Dockerfile: Brave-apt-Repo + `playwright install --with-deps chrome msedge`,
  beide hinter TARGETARCH=amd64-Gate und best-effort (|| echo) → arm64-Dev-
  Builds (macmini) brechen NICHT, laufen mit den 4 Default-Engines; Brave/
  Chrome/Edge sind amd64-only opt-in-Extras (EXTRA_PROFILES).
- docker-compose.hetzner.yml: consent-tester auf linux/amd64 (statt arm64-
  Emulation auf Orca) — Voraussetzung dafuer, dass die echten Browser
  ueberhaupt installiert werden.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
---
 consent-tester/Dockerfile  | 27 +++++++++++++++++++++++++++
 docker-compose.hetzner.yml |  6 ++++++
 2 files changed, 33 insertions(+)

diff --git a/consent-tester/Dockerfile b/consent-tester/Dockerfile
index 68d7134a..5eda3767 100644
--- a/consent-tester/Dockerfile
+++ b/consent-tester/Dockerfile
@@ -29,6 +29,33 @@ USER appuser
 RUN playwright install chromium firefox webkit
 USER root
 
+# ── Browser-matrix stage 1.3: echte Third-Party-Browser (amd64-only) ──────
+# Chrome-/Edge-Channel + Brave gibt es nur fuer amd64 (Prod/Orca). Auf arm64
+# (macmini-Dev) best-effort uebersprungen → der Build bricht NICHT; die Matrix
+# laeuft dort mit den 4 Default-Engines (chromium/firefox/webkit/iPhone).
+# Brave/Chrome/Edge sind opt-in-Extras (EXTRA_PROFILES, nur auf Anforderung).
+# TARGETARCH fuellt BuildKit automatisch aus der Zielplattform.
+ARG TARGETARCH=amd64
+RUN set -eux; \
+    if [ "$TARGETARCH" = "amd64" ]; then \
+      ( curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg \
+          https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg && \
+        echo "deb [arch=amd64 signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" \
+          > /etc/apt/sources.list.d/brave-browser-release.list && \
+        apt-get update && \
+        apt-get install -y --no-install-recommends brave-browser && \
+        rm -rf /var/lib/apt/lists/* ) \
+        || echo "WARN: Brave-Install uebersprungen (Arch/Netz)"; \
+    else echo "TARGETARCH=$TARGETARCH != amd64 — Brave uebersprungen"; fi
+
+# Playwright-Channels Chrome + Edge (Google-/Microsoft-Builds, amd64-only).
+# Als root, da system-weit nach /opt installiert; --with-deps zieht OS-Libs.
+RUN set -eux; \
+    if [ "$TARGETARCH" = "amd64" ]; then \
+      ( playwright install --with-deps chrome msedge ) \
+        || echo "WARN: Chrome/Edge-Channel uebersprungen"; \
+    else echo "TARGETARCH=$TARGETARCH != amd64 — Chrome/Edge uebersprungen"; fi
+
 COPY . .
 RUN chown -R appuser:appuser /app
 
diff --git a/docker-compose.hetzner.yml b/docker-compose.hetzner.yml
index 2c0402ec..0efa67ec 100644
--- a/docker-compose.hetzner.yml
+++ b/docker-compose.hetzner.yml
@@ -57,3 +57,9 @@ services:
 
   docs:
     platform: linux/amd64
+
+  # consent-tester native amd64 auf Orca (x86_64) statt arm64-Emulation —
+  # Voraussetzung fuer die echten Brave/Chrome/Edge-Browser der Matrix
+  # (amd64-only, siehe consent-tester/Dockerfile, TARGETARCH-Gate).
+  consent-tester:
+    platform: linux/amd64