From a369c7e24f4769e68a4e419d6df164b10edefbfe Mon Sep 17 00:00:00 2001 From: Amin Vakil Date: Fri, 1 May 2026 15:23:44 +0330 Subject: [PATCH 1/3] Ensure SENTRY_OPTIONS_DIR exists in final image Fixes https://github.com/getsentry/self-hosted/issues/4306 --- Dockerfile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Dockerfile b/Dockerfile index 21e49d39c5..4f2950550a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -182,6 +182,7 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ SENTRY_OPTIONS_DIR=/etc/sentry-options USER 1000 +RUN mkdir -p "${SENTRY_OPTIONS_DIR}" EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"] CMD ["api"] @@ -206,6 +207,7 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ SENTRY_OPTIONS_DIR=/etc/sentry-options USER 1000 +RUN mkdir -p "${SENTRY_OPTIONS_DIR}" EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"] CMD ["api"] From 0409de69a7c3b7e43ce5aa367e274b16395bc133 Mon Sep 17 00:00:00 2001 From: Amin Vakil Date: Fri, 1 May 2026 15:30:51 +0330 Subject: [PATCH 2/3] Only root can create dir in /etc --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4f2950550a..dcc3d6ebbc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -181,8 +181,8 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ PYTHONDONTWRITEBYTECODE=1 \ SENTRY_OPTIONS_DIR=/etc/sentry-options +RUN install -d -o 1000 -g 1000 "${SENTRY_OPTIONS_DIR}" USER 1000 -RUN mkdir -p "${SENTRY_OPTIONS_DIR}" EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"] CMD ["api"] @@ -206,8 +206,8 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ PYTHONDONTWRITEBYTECODE=1 \ SENTRY_OPTIONS_DIR=/etc/sentry-options +RUN install -d -o 1000 -g 1000 "${SENTRY_OPTIONS_DIR}" USER 1000 -RUN mkdir -p "${SENTRY_OPTIONS_DIR}" EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"] CMD ["api"] From 4dd6528788b5d25c49320b0f88d7202e5047c62e Mon Sep 17 00:00:00 2001 From: Amin Vakil Date: Fri, 1 May 2026 15:53:04 +0330 Subject: [PATCH 3/3] install where it can --- Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index dcc3d6ebbc..ce0d9e05ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -137,6 +137,7 @@ ENV LD_PRELOAD=/usr/src/snuba/libjemalloc.so.2 \ # set default path for sentry options values ENV SENTRY_OPTIONS_DIR=/etc/sentry-options +RUN install -d -o snuba -g snuba "${SENTRY_OPTIONS_DIR}/values" USER snuba EXPOSE 1218 1219 @@ -167,6 +168,7 @@ FROM ghcr.io/getsentry/dhi/python:3.13-debian13 AS application-distroless COPY --from=distroless_prep /.venv /.venv COPY --from=distroless_prep /usr/src/snuba /usr/src/snuba +COPY --from=distroless_prep /etc/sentry-options /etc/sentry-options COPY --from=distroless_prep /usr/lib/*/libjemalloc.so.2 /usr/lib/libjemalloc.so.2 COPY --from=distroless_prep /etc/passwd /etc/passwd COPY --from=distroless_prep /etc/group /etc/group @@ -181,7 +183,6 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ PYTHONDONTWRITEBYTECODE=1 \ SENTRY_OPTIONS_DIR=/etc/sentry-options -RUN install -d -o 1000 -g 1000 "${SENTRY_OPTIONS_DIR}" USER 1000 EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"] @@ -192,6 +193,7 @@ FROM ghcr.io/getsentry/dhi/python:3.13-debian13-dev AS application-distroless-de COPY --from=distroless_prep /.venv /.venv COPY --from=distroless_prep /usr/src/snuba /usr/src/snuba +COPY --from=distroless_prep /etc/sentry-options /etc/sentry-options COPY --from=distroless_prep /usr/lib/*/libjemalloc.so.2 /usr/lib/libjemalloc.so.2 COPY --from=distroless_prep /etc/passwd /etc/passwd COPY --from=distroless_prep /etc/group /etc/group @@ -206,7 +208,6 @@ ENV PATH="/.venv/bin:/opt/python/bin:$PATH" \ PYTHONDONTWRITEBYTECODE=1 \ SENTRY_OPTIONS_DIR=/etc/sentry-options -RUN install -d -o 1000 -g 1000 "${SENTRY_OPTIONS_DIR}" USER 1000 EXPOSE 1218 1219 ENTRYPOINT ["python3", "/usr/src/snuba/docker_entrypoint.py"]