fix: updater resolves project_root to / in Docker containers

In Docker, main.py lives at /app/main.py so Path.parent.parent resolves to filesystem root /, causing PermissionError on .github and other dirs. Now detects this case and falls back to cwd. Also grants backenduser write access to /app for auto-update. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Former-commit-id: 12c8bb5816a70161d5ab5d79f9240e7eab6e6e15
2026-05-12 11:51:35 +02:00 · 2026-03-14 14:34:11 -06:00
parent b99a5e5d66
commit 95474c3ac5
2 changed files with 11 additions and 2 deletions
@@ -23,8 +23,10 @@ RUN npm ci --omit=dev
 COPY . .

 # Create a non-root user for security
+# Grant write access to /app so the auto-updater can extract files
 RUN adduser --system --uid 1001 backenduser \
-    && chown -R backenduser /app
+    && chown -R backenduser /app \
+    && chmod -R u+w /app

 # Switch to the non-root user
 USER backenduser
@@ -498,7 +498,14 @@ from services.updater import perform_update, schedule_restart
@limiter.limit("1/minute")
 async def system_update(request: Request):
    """Download latest release, backup current files, extract update, and restart."""
-    project_root = str(Path(__file__).resolve().parent.parent)
+    # In Docker, __file__ is /app/main.py so .parent.parent resolves to /
+    # which causes PermissionError. Use cwd as fallback when parent.parent
+    # doesn't contain frontend/ or backend/ (i.e. we're already at project root).
+    candidate = Path(__file__).resolve().parent.parent
+    if (candidate / "frontend").is_dir() or (candidate / "backend").is_dir():
+        project_root = str(candidate)
+    else:
+        project_root = os.getcwd()
    result = perform_update(project_root)
    if result.get("status") == "error":
        return Response(