From 745c0fcfef896b1abead23d4872314579bb16dd8 Mon Sep 17 00:00:00 2001 From: Paul Gauthier Date: Wed, 31 Jul 2024 09:52:53 -0300 Subject: [PATCH] feat(docker): add support for running as non-root user The changes in this commit add support for running the Docker container as a non-root user. Specifically: - Set permissions on the /.aider and /app directories to allow read/write/execute access for all users. - Configure Git to consider the /app directory as a safe directory, which prevents Git from complaining about unusual permissions when running as a non-root user. - Ensure that the Python site-packages directory and other relevant directories have read/write/execute permissions for all users, so that pip installs work even when running as a non-root user. These changes will allow the Docker container to be run with the `--user` flag, which is a common requirement for running containers in production environments. --- docker/Dockerfile | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index 339f90de7..06c8a7401 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -5,23 +5,35 @@ RUN apt-get update && \ rm -rf /var/lib/apt/lists/* RUN mkdir /.aider && chmod a+rwx /.aider + +# So git doesn't complain about unusual permissions with `docker run --user xxx` RUN mkdir /app && chmod a+rwx /app && git config --system --add safe.directory /app +# So pip installs work even with `docker run --user xxx` +RUN chmod a+rwx /usr/local/lib/python3.10/site-packages /usr/local/* + WORKDIR /app +######################### FROM base AS aider-full COPY . /aider -RUN pip install --no-cache-dir /aider[help,browser,playwright] --extra-index-url https://download.pytorch.org/whl/cpu && \ - rm -rf /aider +RUN pip install --upgrade pip \ + && pip install --no-cache-dir /aider[help,browser,playwright] \ + --extra-index-url https://download.pytorch.org/whl/cpu \ + && rm -rf /aider + RUN playwright install --with-deps chromium ENTRYPOINT ["aider"] +######################### FROM base AS aider COPY . /aider -RUN pip install --no-cache-dir /aider --extra-index-url https://download.pytorch.org/whl/cpu && \ - rm -rf /aider +RUN pip install --upgrade pip \ + && pip install --no-cache-dir /aider \ + --extra-index-url https://download.pytorch.org/whl/cpu \ + && rm -rf /aider ENTRYPOINT ["aider"]