From 6e857f3bc366272abeeb2ab8073cb35a1a21b1e5 Mon Sep 17 00:00:00 2001
From: msramalho <19508417+msramalho@users.noreply.github.com>
Date: Mon, 2 Mar 2026 16:37:29 +0000
Subject: [PATCH] fixing docker permissions

---
 docker/worker/Dockerfile | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docker/worker/Dockerfile b/docker/worker/Dockerfile
index ce61fb4..d306c3c 100644
--- a/docker/worker/Dockerfile
+++ b/docker/worker/Dockerfile
@@ -33,6 +33,14 @@ RUN ./poetry-venv/bin/poetry install --without dev --no-root --no-cache
 COPY ../../app ./app/
 COPY ../../user-groups.* ./app/
 
+# Pre-create directories and fix ownership for non-root user (UID 1000)
+# - /crawls: named volume for Browsertrix WACZ crawl data
+# - /aa-api: WORKDIR, auto-archiver creates TemporaryDirectory(dir="./") here
+# - /aa-api/logs, /aa-api/database, /aa-api/secrets: bind-mounted at runtime
+# - /app/.venv: base image venv, seleniumbase downloads chromedriver here at runtime
+RUN mkdir -p /crawls /aa-api/logs /aa-api/database /aa-api/secrets && \
+    chown -R 1000:1000 /crawls /aa-api /app/.venv
+
 # Switch back to non-root user
 USER 1000