From 4a7674178585b5038631029dcc7d59665fe42366 Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Tue, 2 Sep 2025 07:40:55 +0000
Subject: [PATCH] feat: Run container as rootless and add automatic updates

The Dockerfile has been modified to:
- Run as a non-root user (`anki`).
- Use a Python virtual environment for dependencies, with a hardcoded path of /app/.venv.
- Improve build caching by reordering instructions.
- Set the update interval to one week.

The start.sh script has been updated to:
- Periodically check for updates to the `anki` package in a background process.
- The update interval is configurable via the `UPDATE_INTERVAL` environment variable.
---
 Dockerfile | 43 +++++++++++++++++++++++--------------------
 start.sh   | 18 +++++++++++++++---
 2 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index a2fc488..c6a23eb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,38 +1,41 @@
 # Use an official Python runtime as a parent image
 FROM python:3.12-slim
 
-# Set the working directory in the container
-WORKDIR /app
-
-# Copy the current directory contents into the container at /app
-COPY . /app
+# Set PUID/PGID build arguments
+ARG PUID=1000
+ARG PGID=1000
 
-# Install the Anki sync server
-RUN pip install anki
+# Create a non-root user and group first
+RUN groupadd -g ${PGID} anki && useradd -u ${PUID} -g anki -m anki
 
-# Set environment variables for the sync server (do not change)
+# Set environment variables
+ENV PATH="/app/.venv/bin:$PATH"
 ENV SYNC_BASE=/data
 ENV SYNC_HOST=0.0.0.0
 ENV SYNC_PORT=8080
+ENV UPDATE_INTERVAL=604800
 
-# Create the data directory
-RUN mkdir -p /data
+# Create app, venv and data directories
+RUN mkdir -p /app /data && \
+    python3 -m venv /app/.venv
 
-# Expose the port the sync server runs on
-EXPOSE 8080
+# Install dependencies
+RUN pip install anki
 
-# Use PUID and PGID if set, otherwise fallback to default user and group
-ARG PUID=1000
-ARG PGID=1000
+# Copy application files
+COPY . /app
 
-# Create group and user based on PUID and PGID
-RUN groupadd -g ${PGID} anki && useradd -u ${PUID} -g anki -m anki
+# Set ownership
+RUN chown -R anki:anki /app /data
+
+# Set the working directory
+WORKDIR /app
 
-# Set ownership of the working directory and data directory to the new user
-RUN chown -R anki:anki /app && chown -R anki:anki /data
+# Expose the port
+EXPOSE 8080
 
 # Switch to the non-root user
 USER anki
 
-# Run the script to update the package and start the server
+# Run the start script
 CMD ["/app/start.sh"]
diff --git a/start.sh b/start.sh
index 978aa7f..dd10727 100755
--- a/start.sh
+++ b/start.sh
@@ -1,8 +1,20 @@
 #!/bin/sh
 
-# Update the Anki sync server package
-echo "Updating Anki sync server package..."
-pip install --upgrade anki
+# Function to update the package
+update_package() {
+    echo "Checking for Anki-sync-server updates..."
+    pip install --upgrade anki
+}
+
+# Background loop for periodic updates
+(
+    # Sleep for a short period before the first check
+    sleep 60
+    while true; do
+        update_package
+        sleep ${UPDATE_INTERVAL:-21600}
+    done
+) &
 
 # Start the Anki sync server
 echo "Starting Anki sync server..."