commit 9baa27a69f78d35f55b51fd41f84458147213ae3
author Marc Kupietz <kupietz@ids-mannheim.de> Sat Nov 29 15:32:16 2025 +0100
committer Marc Kupietz <kupietz@ids-mannheim.de> Sat Nov 29 15:32:16 2025 +0100
tree 70769b1dc8fa1e791a9e8b24cd9d466d1d04a93d
parent 68a1813d2c4472d9e9372b16e9e10d5be85f2c60

Shrink docker size by avoiding chown

Change-Id: I778c3993a37deef1d2eaa3d2b401d796ce8662f7

Dockerfile

diff --git a/Dockerfile b/Dockerfile
index 246ef83..0efc8c5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -32,16 +32,19 @@
     && rm -rf /var/lib/apt/lists/* \
     && apt-get clean
 
-# Copy virtual environment from builder
-COPY --from=builder /app/venv /app/venv
+# Add non-root user FIRST (before copying files)
+RUN groupadd -r appuser && useradd -r -g appuser appuser
 
-# Copy application code
-COPY lib /app/lib
-COPY systems /app/systems
-COPY my_utils /app/my_utils
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-COPY download_with_progress.py /app/download_with_progress.py
-COPY list_spacy_models.py /app/list_spacy_models.py
+# Copy virtual environment from builder and set ownership immediately
+COPY --from=builder --chown=appuser:appuser /app/venv /app/venv
+
+# Copy application code with correct ownership
+COPY --chown=appuser:appuser lib /app/lib
+COPY --chown=appuser:appuser systems /app/systems
+COPY --chown=appuser:appuser my_utils /app/my_utils
+COPY --chown=appuser:appuser download_with_progress.py /app/download_with_progress.py
+COPY --chown=appuser:appuser list_spacy_models.py /app/list_spacy_models.py
+COPY --chown=appuser:appuser docker-entrypoint.sh /docker-entrypoint.sh
 
 # Set environment variables
 ENV VIRTUAL_ENV=/app/venv
@@ -58,24 +61,19 @@
 ENV SPACY_CHUNK_SIZE="20000"
 
 WORKDIR /app
-RUN mkdir -p "/app/logs" "/app/tmp" "/local/models"
+
+# Create directories with correct ownership
+RUN mkdir -p "/app/logs" "/app/tmp" "/local/models" && \
+    chown -R appuser:appuser "/app/logs" "/app/tmp" "/local/models" && \
+    chmod +x /docker-entrypoint.sh && \
+    chmod +x /app/download_with_progress.py && \
+    chmod +x /app/list_spacy_models.py
 
 # Set temp directories to use app directory instead of system /tmp
 ENV TMPDIR="/app/tmp"
 ENV TEMP="/app/tmp"
 ENV TMP="/app/tmp"
 
-# Add non-root user
-RUN groupadd -r appuser && useradd -r -g appuser appuser
-
-# Make entrypoint executable and set permissions
-RUN chmod +x /docker-entrypoint.sh && \
-    chmod +x /app/download_with_progress.py && \
-    chmod +x /app/list_spacy_models.py
-
-# Change ownership of app directories to appuser
-RUN chown -R appuser:appuser /app /local /docker-entrypoint.sh
-
 # Switch to non-root user
 USER appuser