chore(docker): add entrypoint script and user permissions

Dockerfile

@@ -1,17 +1,21 @@
 # Dockerfile
 FROM python:3.9-slim
 WORKDIR /app
-# Install git (since we're still using slim)
+# Install git and gosu for user switching
-RUN apt-get update && apt-get install -y git && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y git gosu && rm -rf /var/lib/apt/lists/*
 # Copy pre-built files from dist directory
 COPY dist/backend/app ./app
 COPY dist/static ./app/static
 COPY dist/requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
+# Copy and setup entrypoint script
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
 LABEL org.opencontainers.image.authors="Dictionarry dictionarry@pm.me"
 LABEL org.opencontainers.image.description="Profilarr - Profile manager for *arr apps"
 LABEL org.opencontainers.image.source="https://github.com/Dictionarry-Hub/profilarr"
 LABEL org.opencontainers.image.title="Profilarr"
 LABEL org.opencontainers.image.version="beta"
 EXPOSE 6868
+ENTRYPOINT ["/entrypoint.sh"]
 CMD ["gunicorn", "--bind", "0.0.0.0:6868", "--timeout", "600", "app.main:create_app()"]

backend/app/init.py

@@ -124,11 +124,14 @@ def setup_logging():
 
 
 def init_git_user():
-    """Initialize Git user configuration globally and update PAT status."""
+    """Initialize Git user configuration for the repository and update PAT status."""
     logger = logging.getLogger(__name__)
     logger.info("Starting Git user configuration")
 
     try:
+        from .config import config
+        repo_path = config.DB_DIR
+        
         git_name = os.environ.get('GIT_USER_NAME', 'Profilarr')
         git_email = os.environ.get('GIT_USER_EMAIL',
                                    'profilarr@dictionarry.com')
@@ -139,23 +142,31 @@ def init_git_user():
         if git_name == 'Profilarr' or git_email == 'profilarr@dictionarry.com':
             logger.info("Using default Git user configuration")
 
-        # Set global Git configuration
+        # Set repository-level Git configuration if repo exists
-        subprocess.run(['git', 'config', '--global', 'user.name', git_name],
+        if os.path.exists(os.path.join(repo_path, '.git')):
+            logger.info(f"Setting git config for repository at {repo_path}")
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', 'user.name', git_name],
                            check=True)
-        subprocess.run(['git', 'config', '--global', 'user.email', git_email],
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', 'user.email', git_email],
                            check=True)
+            # Add safe.directory to prevent ownership issues
+            subprocess.run(['git', '-C', repo_path, 'config', '--local', '--add', 'safe.directory', repo_path],
+                           check=True)
+        else:
+            logger.warning(f"No git repository found at {repo_path}, skipping git config")
 
         # Update PAT status in database
         update_pat_status()
 
-        # Verify configuration
+        # Verify configuration if repository exists
+        if os.path.exists(os.path.join(repo_path, '.git')):
             configured_name = subprocess.run(
-            ['git', 'config', '--global', 'user.name'],
+                ['git', '-C', repo_path, 'config', '--local', 'user.name'],
                 capture_output=True,
                 text=True,
                 check=True).stdout.strip()
             configured_email = subprocess.run(
-            ['git', 'config', '--global', 'user.email'],
+                ['git', '-C', repo_path, 'config', '--local', 'user.email'],
                 capture_output=True,
                 text=True,
                 check=True).stdout.strip()

docker-compose.prod.yml

@@ -1,19 +1,16 @@
-# docker-compose.yml
-version: '3.8'
 services:
     profilarr:
-        image: santiagosayshey/profilarr:beta
+        build:
+            context: .
+            dockerfile: Dockerfile
         container_name: profilarr
         ports:
-            - 6868:6868
+            - 6870:6868
         volumes:
-            - profilarr_data:/config
+            - ./config-test:/config
         environment:
+            - PUID=1000
+            - PGID=1000
+            - UMASK=002
             - TZ=Australia/Adelaide
-        env_file:
-            - .env
         restart: unless-stopped
-
-volumes:
-    profilarr_data:
-        name: profilarr_data

docker-compose.yml

@@ -17,5 +17,7 @@ services:
             - ./backend:/app
             - ./config:/config
         environment:
+            - PUID=1000
+            - PGID=1000
             - TZ=Australia/Adelaide
         restart: always

entrypoint.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+set -e
+
+# Default to UID/GID 1000 if not provided
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+# Default umask to 022 if not provided
+UMASK=${UMASK:-022}
+
+echo "Starting with UID: $PUID, GID: $PGID, UMASK: $UMASK"
+
+# Set umask
+umask "$UMASK"
+
+# Create group with specified GID
+groupadd -g "$PGID" appgroup 2>/dev/null || true
+
+# Create user with specified UID and GID
+useradd -u "$PUID" -g "$PGID" -d /home/appuser -s /bin/bash appuser 2>/dev/null || true
+
+# Create home directory if it doesn't exist
+mkdir -p /home/appuser
+chown "$PUID:$PGID" /home/appuser
+
+# Fix permissions on /config if it exists
+if [ -d "/config" ]; then
+    echo "Setting up /config directory permissions"
+    # Change ownership of /config and all its contents to PUID:PGID
+    # This ensures files created by different UIDs are accessible
+    chown -R "$PUID:$PGID" /config
+fi
+
+# Execute the main command as the specified user
+echo "Starting application as user $PUID:$PGID"
+exec gosu "$PUID:$PGID" "$@"