From 81e48fafd91cec390c35c9aa57af3382b31b0309 Mon Sep 17 00:00:00 2001
From: Marcin Sobczyk <msobczyk@syncad.com>
Date: Thu, 21 Aug 2025 14:41:08 +0000
Subject: [PATCH 1/2] Add access to group `users` for /clive and
 ${PYTHON_VENV_PATH}

---
 docker/Dockerfile | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index 7322f77057..e4304a5f92 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -24,7 +24,11 @@ ENV PATH="${PYTHON_VENV_PATH}/bin:$PATH" VIRTUAL_ENV=${PYTHON_VENV_PATH}
 
 RUN --mount=type=cache,mode=0777,sharing=locked,target=${APT_CACHE_DIR} \
     useradd -o -d /clive -ms /bin/bash -u ${CLIVE_UID} -g users -c "clive application account" "clive" && \
-    mkdir -p /clive && chown -R clive /clive && mkdir -vp "${PYTHON_VENV_PATH}" && chown -R clive "${PYTHON_VENV_PATH}" && \
+    mkdir -p /clive && mkdir -vp "${PYTHON_VENV_PATH}" && \
+    chown -R clive:users /clive && \
+    chmod -R g+ws /clive && \
+    chown -R clive:users "${PYTHON_VENV_PATH}" && \
+    chmod -R g+ws "${PYTHON_VENV_PATH}" && \
     chown -R clive:users /var/cache/ && \
     chmod -R 777 /var/cache/
 
@@ -62,7 +66,11 @@ ENV PATH="${PYTHON_VENV_PATH}/bin:$PATH" VIRTUAL_ENV=${PYTHON_VENV_PATH}
 
 RUN --mount=type=cache,mode=0777,sharing=locked,target=${APT_CACHE_DIR} \
     useradd -o -d /clive -ms /bin/bash -u ${CLIVE_UID} -g users -c "clive application account" "clive" && \
-    mkdir -p /clive && chown -R clive /clive && mkdir -vp "${PYTHON_VENV_PATH}" && chown -R clive "${PYTHON_VENV_PATH}" && \
+    mkdir -p /clive && mkdir -vp "${PYTHON_VENV_PATH}" && \
+    chown -R clive:users /clive && \
+    chmod -R g+ws /clive && \
+    chown -R clive:users "${PYTHON_VENV_PATH}" && \
+    chmod -R g+ws "${PYTHON_VENV_PATH}" && \
     chown -R clive:users /var/cache/ && \
     chmod -R 777 /var/cache/
 
-- 
GitLab


From 4ef046d2912af7aebd6733b305f57c1b6e096aea Mon Sep 17 00:00:00 2001
From: Marcin Sobczyk <msobczyk@syncad.com>
Date: Mon, 25 Aug 2025 11:54:01 +0000
Subject: [PATCH 2/2] Create separate directory for storing python cache

---
 docker/Dockerfile | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docker/Dockerfile b/docker/Dockerfile
index e4304a5f92..e097a30bbc 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -32,6 +32,15 @@ RUN --mount=type=cache,mode=0777,sharing=locked,target=${APT_CACHE_DIR} \
     chown -R clive:users /var/cache/ && \
     chmod -R 777 /var/cache/
 
+# Set up a dedicated cache directory for Python bytecode (applies to both the virtual env and standard Python modules).
+# Normally, Python stores the cache in __pycache__ folders separately within the venv and the Python installation directory.
+# A lack of cache permissions or skipping the cache can cause a noticeable drop in performance.
+ENV PYTHON_CACHE_PATH="/var/cache/python"
+ENV PYTHONPYCACHEPREFIX="${PYTHON_CACHE_PATH}"
+RUN mkdir "${PYTHON_CACHE_PATH}" && \
+    chown -R clive:users "${PYTHON_CACHE_PATH}" && \
+    chmod -R 777 "${PYTHON_CACHE_PATH}"
+
 USER clive
 
 SHELL ["/bin/bash", "-c"]
-- 
GitLab