dearwolf/aider
1
0
Fork 0
mirror of https://github.com/Aider-AI/aider.git synced 2025-05-20 12:24:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add rootless container support with dedicated appuser

Browse source
This commit is contained in:
Paul Gauthier (aider) 2025-01-09 11:26:06 -08:00
parent cfc7ad5627
commit e1a3b77d67
1 changed files with 32 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

51
docker/Dockerfile
View file

@ -1,23 +1,26 @@
FROM python:3.10-slim AS base FROM python:3.10-slim AS base
# Install system dependencies
RUN apt-get update && \ RUN apt-get update && \
apt-get install --no-install-recommends -y build-essential git libportaudio2 pandoc && \ apt-get install --no-install-recommends -y build-essential git libportaudio2 pandoc && \
rm -rf /var/lib/apt/lists/* rm -rf /var/lib/apt/lists/*
# Create app user with UID 1000
RUN useradd -m -u 1000 -s /bin/bash appuser
WORKDIR /app WORKDIR /app
# Create virtual environment
RUN python -m venv /venv RUN python -m venv /venv
ENV PATH="/venv/bin:$PATH" ENV PATH="/venv/bin:$PATH"
# https://playwright.dev/python/docs/browsers # Playwright browser settings
ENV PLAYWRIGHT_BROWSERS_PATH=/pw-browsers ENV PLAYWRIGHT_BROWSERS_PATH=/home/appuser/pw-browsers
ENV PLAYWRIGHT_SKIP_BROWSER_GC=1 ENV PLAYWRIGHT_SKIP_BROWSER_GC=1
# Permission kludges to support `docker run --user xxx` # Create directories with proper permissions
RUN chmod a+rwx /venv /venv/bin /venv/include /venv/lib /venv/lib/python3.10/site-packages RUN mkdir -p /home/appuser/.aider /home/appuser/.cache /home/appuser/pw-browsers && \
chown -R appuser:appuser /home/appuser /app /venv
RUN mkdir /.aider /.cache /pw-browsers
RUN chmod a+rwx /.aider /.cache /pw-browsers
# So git doesn't complain about unusual permissions # So git doesn't complain about unusual permissions
RUN git config --system --add safe.directory /app RUN git config --system --add safe.directory /app
@ -27,14 +30,19 @@ FROM base AS aider-full
ENV AIDER_DOCKER_IMAGE=paulgauthier/aider-full ENV AIDER_DOCKER_IMAGE=paulgauthier/aider-full
COPY . /tmp/aider COPY --chown=appuser:appuser . /tmp/aider
RUN /venv/bin/python -m pip install --upgrade --no-cache-dir pip \
&& /venv/bin/python -m pip install --no-cache-dir /tmp/aider[help,browser,playwright] \
--extra-index-url https://download.pytorch.org/whl/cpu \
&& rm -rf /tmp/aider
# Install dependencies as root
RUN /venv/bin/python -m pip install --upgrade --no-cache-dir pip && \
/venv/bin/python -m pip install --no-cache-dir /tmp/aider[help,browser,playwright] \
--extra-index-url https://download.pytorch.org/whl/cpu && \
rm -rf /tmp/aider
# Install playwright browsers
RUN /venv/bin/python -m playwright install --with-deps chromium RUN /venv/bin/python -m playwright install --with-deps chromium
RUN find /venv/lib/python3.10/site-packages \( -type d -exec chmod a+rwx {} + \) -o \( -type f -exec chmod a+rw {} + \)
# Switch to appuser
USER appuser
ENTRYPOINT ["/venv/bin/aider"] ENTRYPOINT ["/venv/bin/aider"]
@ -43,13 +51,18 @@ FROM base AS aider
ENV AIDER_DOCKER_IMAGE=paulgauthier/aider ENV AIDER_DOCKER_IMAGE=paulgauthier/aider
COPY . /tmp/aider COPY --chown=appuser:appuser . /tmp/aider
RUN /venv/bin/python -m pip install --upgrade --no-cache-dir pip \
&& /venv/bin/python -m pip install --no-cache-dir /tmp/aider[playwright] \
--extra-index-url https://download.pytorch.org/whl/cpu \
&& rm -rf /tmp/aider
# Install dependencies as root
RUN /venv/bin/python -m pip install --upgrade --no-cache-dir pip && \
/venv/bin/python -m pip install --no-cache-dir /tmp/aider[playwright] \
--extra-index-url https://download.pytorch.org/whl/cpu && \
rm -rf /tmp/aider
# Install playwright browsers
RUN /venv/bin/python -m playwright install --with-deps chromium RUN /venv/bin/python -m playwright install --with-deps chromium
RUN find /venv/lib/python3.10/site-packages \( -type d -exec chmod a+rwx {} + \) -o \( -type f -exec chmod a+rw {} + \)
# Switch to appuser
USER appuser
ENTRYPOINT ["/venv/bin/aider"] ENTRYPOINT ["/venv/bin/aider"]