Do not be root in docker and fix model caching Change-Id: I3ad60ef259b35579902d68a0f949184d87d0067b

commit: c75ae7c402d8e7ee65fb5211660d876ef323b35c [log] [tgz]
author: Marc Kupietz <kupietz@ids-mannheim.de> Sat Nov 29 10:41:26 2025 +0100
committer: Marc Kupietz <kupietz@ids-mannheim.de> Sat Nov 29 10:59:40 2025 +0100
tree: a497853ee75cccf40ef201149c9c1d4c12dab8dd
parent: 8604485f28d54fef4e34fde53f0bd08161901722 [diff] [blame]
diff --git a/Dockerfile.with-models b/Dockerfile.with-models
index 39c7bd4..f6f64c5 100644
--- a/Dockerfile.with-models
+++ b/Dockerfile.with-models

@@ -66,6 +66,7 @@
 COPY systems /app/systems
 COPY my_utils /app/my_utils
 COPY docker-entrypoint.sh /docker-entrypoint.sh
+COPY download_with_progress.py /app/download_with_progress.py
 
 # Set environment variables
 ENV VIRTUAL_ENV=/app/venv
@@ -89,8 +90,18 @@
 ENV TEMP="/app/tmp"
 ENV TMP="/app/tmp"
 
-# Make entrypoint executable
-RUN chmod +x /docker-entrypoint.sh
+# Add non-root user
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
+# Make entrypoint executable and set permissions
+RUN chmod +x /docker-entrypoint.sh && \
+    chmod +x /app/download_with_progress.py
+
+# Change ownership of app directories to appuser
+RUN chown -R appuser:appuser /app /local /docker-entrypoint.sh
+
+# Switch to non-root user
+USER appuser
 
 # Define the entry point
 ENTRYPOINT ["/docker-entrypoint.sh"]
commit	c75ae7c402d8e7ee65fb5211660d876ef323b35c	[log] [tgz]
author	Marc Kupietz <kupietz@ids-mannheim.de>	Sat Nov 29 10:41:26 2025 +0100
committer	Marc Kupietz <kupietz@ids-mannheim.de>	Sat Nov 29 10:59:40 2025 +0100
tree	a497853ee75cccf40ef201149c9c1d4c12dab8dd
parent	8604485f28d54fef4e34fde53f0bd08161901722 [diff] [blame]