fixes

Author: GitTimeraider

.env.example

@@ -4,6 +4,10 @@
 SECRET_KEY=your-very-secret-key-change-this-in-production
 DATABASE_URL=sqlite:///data/github_backup.db
 
+# User/Group IDs for file permissions (run 'id' command to get your values)
+PUID=1000
+PGID=1000
+
 # Optional: If using PostgreSQL instead of SQLite
 # DATABASE_URL=postgresql://username:password@localhost:5432/github_backup
 

DEPLOYMENT.md

@@ -7,10 +7,14 @@ This project is automatically built and published to GitHub Container Registry (
 ### 1. Deploy with Docker Run
 
 ```bash
+# Get your user and group IDs
+USER_ID=$(id -u)
+GROUP_ID=$(id -g)
+
 # Create directories for persistent data
 mkdir -p ./data ./backups ./logs
 
-# Run the container
+# Run the container with proper user/group IDs
 docker run -d \
   --name github-backup \
   --restart unless-stopped \
@@ -19,6 +23,8 @@ docker run -d \
   -v $(pwd)/backups:/app/backups \
   -v $(pwd)/logs:/app/logs \
   -e SECRET_KEY="$(openssl rand -base64 32)" \
+  -e PUID=${USER_ID} \
+  -e PGID=${GROUP_ID} \
   ghcr.io/gittimeraider/githubbackup:latest
 ```
 
@@ -52,6 +58,9 @@ services:
 
 Then run:
 ```bash
+# Set your user/group IDs and secret key
+export PUID=$(id -u)
+export PGID=$(id -g)
 export SECRET_KEY=$(openssl rand -base64 32)
 docker-compose up -d
 ```
@@ -138,6 +147,10 @@ Create a `.env` file for environment variables:
 # Required: Change this in production
 SECRET_KEY=your-super-secret-key-here
 
+# User/Group IDs for proper file permissions
+PUID=1000  # Your user ID (run 'id -u' to get this)
+PGID=1000  # Your group ID (run 'id -g' to get this)
+
 # Optional: Database (defaults to SQLite)
 DATABASE_URL=sqlite:///data/github_backup.db
 
@@ -146,6 +159,33 @@ FLASK_ENV=production
 LOG_LEVEL=INFO
 ```
 
+#### Understanding PUID and PGID
+
+The `PUID` (Process User ID) and `PGID` (Process Group ID) environment variables allow you to run the container with the same user and group IDs as your host system user. This ensures that:
+
+- Files created by the container have the correct ownership
+- You can read/write the mounted volumes without permission issues
+- Backups are accessible from the host system
+
+To find your IDs:
+```bash
+# Get your user ID
+id -u
+
+# Get your group ID  
+id -g
+
+# Get both at once
+id
+```
+
+**Example output:**
+```
+uid=1000(username) gid=1000(username) groups=1000(username),4(adm),24(cdrom)...
+```
+
+In this case, set `PUID=1000` and `PGID=1000`.
+
 ### 5. First Time Setup
 
 1. Access the web interface at `http://localhost:8080`

Dockerfile

@@ -1,31 +1,54 @@
-FROM python:3.13-slim
+FROM python:3.11-slim
+
+# Set environment variables to prevent interactive prompts and optimize Python
+ENV DEBIAN_FRONTEND=noninteractive \
+    DEBCONF_NONINTERACTIVE_SEEN=true \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1 \
+    PUID=1000 \
+    PGID=1000
 
 # Install system dependencies
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
     git \
     curl \
     zip \
     unzip \
     cron \
-    && rm -rf /var/lib/apt/lists/*
+    gosu \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /tmp/* \
+    && rm -rf /var/tmp/*
 
 # Create app directory
 WORKDIR /app
 
 # Copy requirements first for better caching
 COPY requirements.txt .
 
-# Install Python dependencies
-RUN pip install --no-cache-dir -r requirements.txt
+# Install Python dependencies with optimizations
+RUN pip install --no-cache-dir --disable-pip-version-check --no-compile \
+    -r requirements.txt \
+    && pip cache purge
 
 # Copy application code
 COPY . .
 
-# Create necessary directories
-RUN mkdir -p /app/backups /app/logs /app/data
+# Create necessary directories and set permissions in one layer
+RUN mkdir -p /app/backups /app/logs /app/data && \
+    chmod +x start.sh && \
+    chmod +x entrypoint.sh
 
-# Set permissions
-RUN chmod +x start.sh
+# Create user with configurable UID/GID
+RUN groupadd -g ${PGID} appuser && \
+    useradd -u ${PUID} -g ${PGID} -m -s /bin/bash appuser && \
+    chown -R appuser:appuser /app
+
+# Switch back to root for entrypoint (needed for user/group modifications)
+USER root
 
 # Expose port
 EXPOSE 8080
@@ -34,5 +57,6 @@ EXPOSE 8080
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
     CMD curl -f http://localhost:8080/health || exit 1
 
-# Start the application
+# Set entrypoint and default command
+ENTRYPOINT ["/app/entrypoint.sh"]
 CMD ["./start.sh"]

Dockerfile.root

@@ -0,0 +1,49 @@
+FROM python:3.11-slim
+
+# Set environment variables to prevent interactive prompts and optimize Python
+ENV DEBIAN_FRONTEND=noninteractive \
+    DEBCONF_NONINTERACTIVE_SEEN=true \
+    PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    git \
+    curl \
+    zip \
+    unzip \
+    cron \
+    && apt-get clean \
+    && rm -rf /var/lib/apt/lists/* \
+    && rm -rf /tmp/* \
+    && rm -rf /var/tmp/*
+
+# Create app directory
+WORKDIR /app
+
+# Copy requirements first for better caching
+COPY requirements.txt .
+
+# Install Python dependencies with optimizations
+RUN pip install --no-cache-dir --disable-pip-version-check --no-compile \
+    -r requirements.txt \
+    && pip cache purge
+
+# Copy application code
+COPY . .
+
+# Create necessary directories and set permissions in one layer
+RUN mkdir -p /app/backups /app/logs /app/data && \
+    chmod +x start.sh
+
+# Expose port
+EXPOSE 8080
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/health || exit 1
+
+# Start the application
+CMD ["./start.sh"]

docker-compose.yml

@@ -13,6 +13,8 @@ services:
     environment:
       - SECRET_KEY=your-secret-key-change-this
       - DATABASE_URL=sqlite:///data/github_backup.db
+      - PUID=1000  # Change to your user ID (run 'id -u' to get yours)
+      - PGID=1000  # Change to your group ID (run 'id -g' to get yours)
     restart: unless-stopped
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/health"]

entrypoint.sh

@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Get PUID and PGID from environment variables, with defaults
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
+
+# Get current user info
+CURRENT_UID=$(id -u appuser)
+CURRENT_GID=$(id -g appuser)
+
+# Only modify user/group if they're different from current
+if [ "$PUID" != "$CURRENT_UID" ] || [ "$PGID" != "$CURRENT_GID" ]; then
+    echo "Updating user appuser to UID:$PUID and GID:$PGID"
+    
+    # Update group ID if needed
+    if [ "$PGID" != "$CURRENT_GID" ]; then
+        groupmod -g "$PGID" appuser
+    fi
+    
+    # Update user ID if needed
+    if [ "$PUID" != "$CURRENT_UID" ]; then
+        usermod -u "$PUID" appuser
+    fi
+    
+    # Fix ownership of app directory
+    chown -R appuser:appuser /app
+    
+    # Fix ownership of mounted volumes if they exist
+    [ -d /app/data ] && chown -R appuser:appuser /app/data
+    [ -d /app/backups ] && chown -R appuser:appuser /app/backups
+    [ -d /app/logs ] && chown -R appuser:appuser /app/logs
+fi
+
+# Switch to appuser and execute the original command
+exec gosu appuser "$@"

start-root.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Start cron daemon (requires root privileges)
+service cron start
+
+# Initialize database if it doesn't exist
+python init_db.py
+
+# Start the Flask application
+exec gunicorn --bind 0.0.0.0:8080 --workers 4 --timeout 120 app:app

start.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
-# Start cron daemon
-service cron start
+# Note: Running as non-root user, so we can't start system cron
+# Instead, we'll rely on APScheduler for job scheduling
 
 # Initialize database if it doesn't exist
 python init_db.py