From: Kirill Birger <kbirger@gmail.com>
Date: Sun, 29 Sep 2024 22:08:22 +0000 (-0400)
Subject: Drop root during base image build and use venv (#1682)
X-Git-Url: https://git.kitaultman.com/?a=commitdiff_plain;h=fcf07cb2b36656f01272cd1d2ec0ef513e152cbb;p=music-assistant-server.git

Drop root during base image build and use venv (#1682)
---

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index adaeb6e5..46d57bf3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -6,8 +6,8 @@ on:
 
 env:
   PYTHON_VERSION: "3.11"
-  BASE_IMAGE_VERSION_STABLE: "1.0.10"
-  BASE_IMAGE_VERSION_BETA: "1.0.10"
+  BASE_IMAGE_VERSION_STABLE: "1.1.0"
+  BASE_IMAGE_VERSION_BETA: "1.1.0"
 
 jobs:
   build-artifact:
diff --git a/Dockerfile.base b/Dockerfile.base
index 3656e855..09f97d02 100644
--- a/Dockerfile.base
+++ b/Dockerfile.base
@@ -29,18 +29,24 @@ RUN set -x \
 RUN mkdir -p /usr/local/bin/widevine_cdm
 COPY widevine_cdm/* /usr/local/bin/widevine_cdm/
 
-# Upgrade pip + Install uv
-RUN pip install --upgrade pip \
-    && pip install uv==0.2.27
+RUN adduser -D app app \
+    && chmod -R 775 /tmp \
+    && chgrp -R app /tmp
+
+WORKDIR /home/app
+USER app
+
 
 # Configure runtime environmental variables
 ENV LD_PRELOAD="/usr/lib/libjemalloc.so.2"
-ENV VIRTUAL_ENV=/opt/venv
+ENV VIRTUAL_ENV=/home/app/venv
 
 # create venv and set some permissions to allow running the container as non-root
 RUN python3 -m venv $VIRTUAL_ENV && \
-    chmod -R 777 $VIRTUAL_ENV && \
-    chmod -R 777 /tmp
+
+    source $VIRTUAL_ENV/bin/activate && \
+    pip install --upgrade pip \
+    && pip install uv==0.4.17
 
 ENV PATH="$VIRTUAL_ENV/bin:$PATH"
 WORKDIR $VIRTUAL_ENV