Non root dockerfile

[lainedfles]

Thanks for your work!

Here's my proposed non-root Dockerfile and proposal to use a symbolic link to easily switch between them for building, etc.

[matatonic]

Considering this, is there any reason to keep the root only docker?
Also, would rather not use symlinks from git - do they even work on other platforms?

[lainedfles]

Considering this, is there any reason to keep the root only docker?

Perhaps, depending on your intention and target. I don't see that you're publishing containers images anywhere. If you are, or plan to, setting a limited UID/GID could interfere with some restricted hosting environments.

Also, a change like this requires ownership updates to the filesystem if volumes are utilized. 🤷🏻 Personally, I use podman with a systemd service where a similar process is required:

systemctl --user stop openedai-speech.service
podman run --rm -u root -v openedai-speech-config:/app/config -v openedai-speech-voices:/app/voices -v openedai-speech-cache:/home/app/.cache -it localhost/openedai-speech:latest bash -c 'chown -R app:app /app/config /app/voices /home/app/.cache'
systemctl --user start openedai-speech.service

Also, would rather not use symlinks from git - do they even work on other platforms?

Good point, this likely wouldn't work with Windows 🥲. Reverted.

[matatonic]

BTW.
The container images are published on ghcr.io (github), see: https://github.com/matatonic?tab=packages&repo_name=openedai-speech

image: ghcr.io/matatonic/openedai-speech

But good point, maybe an extra nonroot image is the way to go... going to take hours to build all variants now, lol.

[matatonic]

I don't use podman myself, but I know some users do. Would you consider contributing what's need (docs updates or scripts) to help people get running with podman?

[lainedfles]

BTW. The container images are published on ghcr.io (github), see: https://github.com/matatonic?tab=packages&repo_name=openedai-speech

image: ghcr.io/matatonic/openedai-speech

But good point, maybe an extra nonroot image is the way to go... going to take hours to build all variants now, lol.

Thank you. I'd suggest that this should be in the readme. I may send another PR your way!

I don't use podman myself, but I know some users do. Would you consider contributing what's need (docs updates or scripts) to help people get running with podman?

I'm willing to try!

[matatonic]

I converted the last release of openedai-vision to non-root container, and will make the next release of -speech non-root as well (when I get some more time!) Thanks for the PR!