From 67c4df09fd31b08a60ebeb46c1e8d61e494c834d Mon Sep 17 00:00:00 2001
From: "Paul Gauthier (aider)" <aider@paulg.org>
Date: Wed, 31 Jul 2024 10:14:29 -0300
Subject: [PATCH] feat: create virtual environment for aider installation

The changes in this commit create a virtual environment for the aider application in the Docker image. The key changes are:

1. Removes the permission-related commands that were modifying system directories.
2. Creates a virtual environment at `/venv` and adds it to the PATH.
3. Installs aider and its dependencies into the virtual environment.
4. Updates the ENTRYPOINT to use the aider executable from the virtual environment.
5. Copies the aider source to a temporary directory (`/tmp/aider`) for installation, then removes it after installation.

These changes should address the concerns about modifying system permissions while still allowing the container to function properly for different users.
---
 docker/Dockerfile | 28 ++++++++++++----------------
 1 file changed, 12 insertions(+), 16 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 9ce5e6e1d..38e37e61b 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -4,38 +4,34 @@ RUN apt-get update && \
     apt-get install --no-install-recommends -y build-essential git libportaudio2 && \
     rm -rf /var/lib/apt/lists/*
 
-# Permission kludges to support `docker run --user xxx`
-RUN mkdir       /.aider /app /.cache
-RUN chmod a+rwx /.aider /app /.cache
+WORKDIR /app
+
+RUN python -m venv /venv
+ENV PATH="/venv/bin:$PATH"
 
 # So git doesn't complain about unusual permissions
 RUN git config --system --add safe.directory /app
 
-# So pip installs work
-RUN chmod a+rwx /usr/local/lib/python3.10/site-packages /usr/local/*
-
-WORKDIR /app
-
 #########################
 FROM base AS aider-full
 
-COPY . /aider
+COPY . /tmp/aider
 RUN pip install --upgrade pip \
-    && pip install --no-cache-dir /aider[help,browser,playwright] \
+    && pip install --no-cache-dir /tmp/aider[help,browser,playwright] \
        --extra-index-url https://download.pytorch.org/whl/cpu \
-    && rm -rf /aider
+    && rm -rf /tmp/aider
 
 RUN playwright install --with-deps chromium
 
-ENTRYPOINT ["aider"]
+ENTRYPOINT ["/venv/bin/aider"]
 
 #########################
 FROM base AS aider
 
-COPY . /aider
+COPY . /tmp/aider
 RUN pip install --upgrade pip \
-    && pip install --no-cache-dir /aider \
+    && pip install --no-cache-dir /tmp/aider \
        --extra-index-url https://download.pytorch.org/whl/cpu \
-    && rm -rf /aider
+    && rm -rf /tmp/aider
 
-ENTRYPOINT ["aider"]
+ENTRYPOINT ["/venv/bin/aider"]