From 7270bbfedb2289d55c11c92a6887d8977bbfb2f2 Mon Sep 17 00:00:00 2001
From: Sam Chau <chaucted@gmail.com>
Date: Sun, 24 Aug 2025 15:35:42 +0930
Subject: [PATCH] chore(docker): add entrypoint script and user permissions

---
 Dockerfile              |  8 +++++--
 backend/app/init.py     | 51 +++++++++++++++++++++++++----------------
 docker-compose.prod.yml | 19 +++++++--------
 docker-compose.yml      |  2 ++
 entrypoint.sh           | 35 ++++++++++++++++++++++++++++
 5 files changed, 82 insertions(+), 33 deletions(-)
 create mode 100644 entrypoint.sh

diff --git a/Dockerfile b/Dockerfile
index a69c0a6..3edf8c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,21 @@
 # Dockerfile
 FROM python:3.9-slim
 WORKDIR /app
-# Install git (since we're still using slim)
-RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
+# Install git and gosu for user switching
+RUN apt-get update && apt-get install -y git gosu && rm -rf /var/lib/apt/lists/*
 # Copy pre-built files from dist directory
 COPY dist/backend/app ./app
 COPY dist/static ./app/static
 COPY dist/requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
+# Copy and setup entrypoint script
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
 LABEL org.opencontainers.image.authors="Dictionarry dictionarry@pm.me"
 LABEL org.opencontainers.image.description="Profilarr - Profile manager for *arr apps"
 LABEL org.opencontainers.image.source="https://github.com/Dictionarry-Hub/profilarr"
 LABEL org.opencontainers.image.title="Profilarr"
 LABEL org.opencontainers.image.version="beta"
 EXPOSE 6868
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["gunicorn", "--bind", "0.0.0.0:6868", "--timeout", "600", "app.main:create_app()"]
\ No newline at end of file
diff --git a/backend/app/init.py b/backend/app/init.py
index d175ee3..7358922 100644
--- a/backend/app/init.py
+++ b/backend/app/init.py
@@ -124,11 +124,14 @@ def setup_logging():
 
 
 def init_git_user():
-    """Initialize Git user configuration globally and update PAT status."""
+    """Initialize Git user configuration for the repository and update PAT status."""
     logger = logging.getLogger(__name__)
     logger.info("Starting Git user configuration")
 
     try:
+        from .config import config
+        repo_path = config.DB_DIR
+        
         git_name = os.environ.get('GIT_USER_NAME', 'Profilarr')
         git_email = os.environ.get('GIT_USER_EMAIL',
                                    'profilarr@dictionarry.com')
@@ -139,30 +142,38 @@ def init_git_user():
         if git_name == 'Profilarr' or git_email == 'profilarr@dictionarry.com':
             logger.info("Using default Git user configuration")
 
-        # Set global Git configuration
-        subprocess.run(['git', 'config', '--global', 'user.name', git_name],
-                       check=True)
-        subprocess.run(['git', 'config', '--global', 'user.email', git_email],
-                       check=True)
+        # Set repository-level Git configuration if repo exists
+        if os.path.exists(os.path.join(repo_path, '.git')):
+            logger.info(f"Setting git config for repository at {repo_path}")
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', 'user.name', git_name],
+                           check=True)
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', 'user.email', git_email],
+                           check=True)
+            # Add safe.directory to prevent ownership issues
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', '--add', 'safe.directory', repo_path],
+                           check=True)
+        else:
+            logger.warning(f"No git repository found at {repo_path}, skipping git config")
 
         # Update PAT status in database
         update_pat_status()
 
-        # Verify configuration
-        configured_name = subprocess.run(
-            ['git', 'config', '--global', 'user.name'],
-            capture_output=True,
-            text=True,
-            check=True).stdout.strip()
-        configured_email = subprocess.run(
-            ['git', 'config', '--global', 'user.email'],
-            capture_output=True,
-            text=True,
-            check=True).stdout.strip()
+        # Verify configuration if repository exists
+        if os.path.exists(os.path.join(repo_path, '.git')):
+            configured_name = subprocess.run(
+                ['git', '-C', repo_path, 'config', '--local', 'user.name'],
+                capture_output=True,
+                text=True,
+                check=True).stdout.strip()
+            configured_email = subprocess.run(
+                ['git', '-C', repo_path, 'config', '--local', 'user.email'],
+                capture_output=True,
+                text=True,
+                check=True).stdout.strip()
 
-        if configured_name != git_name or configured_email != git_email:
-            logger.error("Git configuration verification failed")
-            return False, "Git configuration verification failed"
+            if configured_name != git_name or configured_email != git_email:
+                logger.error("Git configuration verification failed")
+                return False, "Git configuration verification failed"
 
         logger.info("Git user configuration completed successfully")
         return True, "Git configuration successful"
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 6349b08..c108db2 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -1,19 +1,16 @@
-# docker-compose.yml
-version: '3.8'
 services:
     profilarr:
-        image: santiagosayshey/profilarr:beta
+        build:
+            context: .
+            dockerfile: Dockerfile
         container_name: profilarr
         ports:
-            - 6868:6868
+            - 6870:6868
         volumes:
-            - profilarr_data:/config
+            - ./config-test:/config
         environment:
+            - PUID=1000
+            - PGID=1000
+            - UMASK=002
             - TZ=Australia/Adelaide
-        env_file:
-            - .env
         restart: unless-stopped
-
-volumes:
-    profilarr_data:
-        name: profilarr_data
diff --git a/docker-compose.yml b/docker-compose.yml
index f5f32fd..e3093b7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -17,5 +17,7 @@ services:
             - ./backend:/app
             - ./config:/config
         environment:
+            - PUID=1000
+            - PGID=1000
             - TZ=Australia/Adelaide
         restart: always
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..5e20e33
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+# Default to UID/GID 1000 if not provided
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+# Default umask to 022 if not provided
+UMASK=${UMASK:-022}
+
+echo "Starting with UID: $PUID, GID: $PGID, UMASK: $UMASK"
+
+# Set umask
+umask "$UMASK"
+
+# Create group with specified GID
+groupadd -g "$PGID" appgroup 2>/dev/null || true
+
+# Create user with specified UID and GID
+useradd -u "$PUID" -g "$PGID" -d /home/appuser -s /bin/bash appuser 2>/dev/null || true
+
+# Create home directory if it doesn't exist
+mkdir -p /home/appuser
+chown "$PUID:$PGID" /home/appuser
+
+# Fix permissions on /config if it exists
+if [ -d "/config" ]; then
+    echo "Setting up /config directory permissions"
+    # Change ownership of /config and all its contents to PUID:PGID
+    # This ensures files created by different UIDs are accessible
+    chown -R "$PUID:$PGID" /config
+fi
+
+# Execute the main command as the specified user
+echo "Starting application as user $PUID:$PGID"
+exec gosu "$PUID:$PGID" "$@"
\ No newline at end of file